Журнал лабораторных работ

Usage: patch [OPTION]... [ORIGFILE [PATCHFILE]]
Input options:
  -p NUM  --strip=NUM  Strip NUM leading components from file names.
  -F LINES  --fuzz LINES  Set the fuzz factor to LINES for inexact matching.
  -l  --ignore-whitespace  Ignore white space changes between patch and input.
  -c  --context  Interpret the patch as a context difference.
  -e  --ed  Interpret the patch as an ed script.
  -n  --normal  Interpret the patch as a normal difference.
  -u  --unified  Interpret the patch as a unified difference.
  -N  --forward  Ignore patches that appear to be reversed or already applied.
...
  --verbose  Output extra information about the work being done.
  --dry-run  Do not actually change any files; just print what would happen.
  --posix  Conform to the POSIX standard.
  -U  --unified-reject-files  Create unified reject files.
  --global-reject-file=file  Put all rejects into one file.
  -d DIR  --directory=DIR  Change the working directory to DIR first.
  --binary  Read and write data in binary mode (no effect on this platform).
  -v  --version  Output version info.
  --help  Output this help.
Report bugs to <bug-patch@gnu.org>.

100-netfilter_layer7_2.21.patch      101-netfilter_layer7_pktmatch.patch

100-netfilter_layer7_2.21.patch      150-netfilter_imq.patch
101-netfilter_layer7_pktmatch.patch  180-netfilter_depends.patch
110-netfilter_match_speedup.patch    190-netfilter_rtsp.patch

patching file drivers/char/random.c
Hunk #1 succeeded at 1554 (offset -34 lines).
patching file net/netfilter/Kconfig
Hunk #1 succeeded at 512 with fuzz 1 (offset 60 lines).
patching file net/netfilter/Makefile
Hunk #1 succeeded at 55 (offset 4 lines).
patching file net/netfilter/xt_TARPIT.c

  HOSTCC  scripts/basic/fixdep
  HOSTCC  scripts/basic/docproc
  HOSTCC  scripts/basic/hash
  HOSTCC  scripts/kconfig/conf.o
  HOSTCC  scripts/kconfig/kxgettext.o
  SHIPPED scripts/kconfig/zconf.tab.c
  SHIPPED scripts/kconfig/lex.zconf.c
  SHIPPED scripts/kconfig/zconf.hash.c
  HOSTCC  scripts/kconfig/zconf.tab.o
  HOSTLD  scripts/kconfig/conf
...
  Deflate compression algorithm (CRYPTO_DEFLATE) [N/m/y/?] n
  Zlib compression algorithm (CRYPTO_ZLIB) [N/m/y/?] n
  LZO compression algorithm (CRYPTO_LZO) [N/m/y/?] n
  *
  * Random Number Generation
  *
  Pseudo Random Number Generation for Cryptographic modules (CRYPTO_ANSI_CPRNG) [N/m/y/?] n
#
# configuration written to .config
#

scripts/kconfig/conf -s arch/x86/Kconfig
  CHK     include/linux/version.h
  UPD     include/linux/version.h
  CHK     include/generated/utsrelease.h
  UPD     include/generated/utsrelease.h
  CC      kernel/bounds.s
  GEN     include/generated/bounds.h
  CC      arch/x86/kernel/asm-offsets.s
  GEN     include/generated/asm-offsets.h
  CALL    scripts/checksyscalls.sh
...
  CC      net/sched/sch_prio.mod.o
  LD [M]  net/sched/sch_prio.ko
  CC      net/sched/sch_red.mod.o
  LD [M]  net/sched/sch_red.ko
  CC      net/sched/sch_sfq.mod.o
  LD [M]  net/sched/sch_sfq.ko
  CC      net/sched/sch_tbf.mod.o
  LD [M]  net/sched/sch_tbf.ko
  CC      net/sched/sch_teql.mod.o
  LD [M]  net/sched/sch_teql.ko

#make modules

modules          modules_install  modules.order    modules_prepare

  CHK     include/linux/version.h
  CHK     include/generated/utsrelease.h
  CALL    scripts/checksyscalls.sh
  Building modules, stage 2.
  MODPOST 105 modules

  INSTALL arch/x86/kernel/test_nx.ko
  INSTALL arch/x86/kvm/kvm-amd.ko
  INSTALL arch/x86/kvm/kvm-intel.ko
  INSTALL arch/x86/kvm/kvm.ko
  INSTALL drivers/char/hw_random/amd-rng.ko
  INSTALL drivers/net/dummy.ko
  INSTALL drivers/net/ppp_generic.ko
  INSTALL drivers/net/pppoe.ko
  INSTALL drivers/net/pppox.ko
  INSTALL drivers/net/slhc.ko
...
  INSTALL net/sched/sch_hfsc.ko
  INSTALL net/sched/sch_htb.ko
  INSTALL net/sched/sch_ingress.ko
  INSTALL net/sched/sch_netem.ko
  INSTALL net/sched/sch_prio.ko
  INSTALL net/sched/sch_red.ko
  INSTALL net/sched/sch_sfq.ko
  INSTALL net/sched/sch_tbf.ko
  INSTALL net/sched/sch_teql.ko
  DEPMOD  2.6.33

#cp ../.config

.config-100304    .config.2.6.32.3

scripts/kconfig/conf -o arch/x86/Kconfig
*
* Restart config...
*
*
* General setup
*
Prompt for development and/or incomplete code/drivers (EXPERIMENTAL) [Y/n/?] y
Local version - append to kernel release (LOCALVERSION) []
Automatically append version information to the version string (LOCALVERSION_AUTO) [N/y/?] n
...
  Deflate compression algorithm (CRYPTO_DEFLATE) [N/m/y/?] n
  Zlib compression algorithm (CRYPTO_ZLIB) [N/m/y/?] n
  LZO compression algorithm (CRYPTO_LZO) [N/m/y/?] n
  *
  * Random Number Generation
  *
  Pseudo Random Number Generation for Cryptographic modules (CRYPTO_ANSI_CPRNG) [N/m/y/?] n
#
# configuration written to .config
#

*** End of Linux kernel configuration.
*** Execute 'make' to build the kernel or try 'make help'.

scripts/kconfig/conf -s arch/x86/Kconfig
  CHK     include/linux/version.h
  CHK     include/generated/utsrelease.h
  CALL    scripts/checksyscalls.sh
  CHK     include/generated/compile.h
  LD      kernel/trace/built-in.o
  LD      kernel/built-in.o
  CC      drivers/net/imq.o
  LD      drivers/net/built-in.o
  LD      drivers/built-in.o
...
  CC      net/ipv4/netfilter/nf_nat_h323.mod.o
  LD [M]  net/ipv4/netfilter/nf_nat_h323.ko
  CC      net/ipv4/netfilter/nf_nat_proto_udplite.mod.o
  LD [M]  net/ipv4/netfilter/nf_nat_proto_udplite.ko
  LD [M]  net/netfilter/nf_conntrack_h323.ko
  LD [M]  net/netfilter/nf_conntrack_proto_udplite.ko
  LD [M]  net/netfilter/xt_CONNMARK.ko
  LD [M]  net/netfilter/xt_connlimit.ko
  LD [M]  net/sched/cls_flow.ko
  LD [M]  net/sched/sch_esfq.ko

  CHK     include/linux/version.h
  CHK     include/generated/utsrelease.h
  CALL    scripts/checksyscalls.sh
  Building modules, stage 2.
  MODPOST 77 modules

  INSTALL arch/x86/kernel/test_nx.ko
  INSTALL arch/x86/kvm/kvm-amd.ko
  INSTALL arch/x86/kvm/kvm-intel.ko
  INSTALL arch/x86/kvm/kvm.ko
  INSTALL drivers/char/hw_random/amd-rng.ko
  INSTALL drivers/net/dummy.ko
  INSTALL drivers/net/ppp_generic.ko
  INSTALL drivers/net/pppoe.ko
  INSTALL drivers/net/pppox.ko
  INSTALL drivers/net/slhc.ko
...
  INSTALL net/sched/sch_hfsc.ko
  INSTALL net/sched/sch_htb.ko
  INSTALL net/sched/sch_ingress.ko
  INSTALL net/sched/sch_netem.ko
  INSTALL net/sched/sch_prio.ko
  INSTALL net/sched/sch_red.ko
  INSTALL net/sched/sch_sfq.ko
  INSTALL net/sched/sch_tbf.ko
  INSTALL net/sched/sch_teql.ko
  DEPMOD  2.6.33

root@192.168.8.140's password:
initrd-2.6.33-esfq-imq                        100% 7052KB   6.9MB/s   00:00

100-netfilter_layer7_2.21.patch      linux-2.6.32.3
101-netfilter_layer7_pktmatch.patch  linux-2.6.32.3.tar.bz2
150-netfilter_imq.patch              linux-2.6.32-imq-test2.diff
200-sched_esfq                       linux-2.6.32-imq-test2.diff.1
2.6.32-patches                       linux-2.6.32-imq-test2.diff.bz2
2.6.33-patches                       linux-2.6.33
esfq-maybe.patch                     linux-2.6.33.tar.bz2
esfq-mypatch                         linux-source-2.6.26
esfq.patch                           linux-source-2.6.26-copy.tar.bz2
esfq-patch-2.6.26                    linux-source-2.6.26.tar.bz2
esfq-patch-2.6.26.was                sched_esfq-2.6.29.patch
iptables-1.4.3.2-imq.patch           tarpit-2.6.29.patch
iptables-1.4.3.2-imq_xt.patch        tarpit-2.6.29.patch.orig
linux-2.6.32.1.tar.bz2

#rm -R linux-2.6.33

linux-2.6.33/         linux-2.6.33.tar.bz2

100-netfilter_layer7_2.21.patch      linux-2.6.32.1.tar.bz2
101-netfilter_layer7_pktmatch.patch  linux-2.6.32.3
150-netfilter_imq.patch              linux-2.6.32.3.tar.bz2
200-sched_esfq                       linux-2.6.32-imq-test2.diff
2.6.32-patches                       linux-2.6.32-imq-test2.diff.1
2.6.33-patches                       linux-2.6.32-imq-test2.diff.bz2
esfq-maybe.patch                     linux-2.6.33.tar.bz2
esfq-mypatch                         linux-source-2.6.26
esfq.patch                           linux-source-2.6.26-copy.tar.bz2
esfq-patch-2.6.26                    linux-source-2.6.26.tar.bz2
esfq-patch-2.6.26.was                sched_esfq-2.6.29.patch
iptables-1.4.3.2-imq.patch           tarpit-2.6.29.patch
iptables-1.4.3.2-imq_xt.patch        tarpit-2.6.29.patch.orig

#rm -R linux-2.6.32.3

linux-2.6.32.3/         linux-2.6.32.3.tar.bz2

2.6.26-2-xen-amd64  2.6.32.3  2.6.33

linux-2.6.32.3/
linux-2.6.32.3/.gitignore
linux-2.6.32.3/.mailmap
linux-2.6.32.3/COPYING
linux-2.6.32.3/CREDITS
linux-2.6.32.3/Documentation/
linux-2.6.32.3/Documentation/00-INDEX
linux-2.6.32.3/Documentation/ABI/
linux-2.6.32.3/Documentation/ABI/README
linux-2.6.32.3/Documentation/ABI/obsolete/
...
linux-2.6.32.3/virt/kvm/Kconfig
linux-2.6.32.3/virt/kvm/coalesced_mmio.c
linux-2.6.32.3/virt/kvm/coalesced_mmio.h
linux-2.6.32.3/virt/kvm/eventfd.c
linux-2.6.32.3/virt/kvm/ioapic.c
linux-2.6.32.3/virt/kvm/ioapic.h
linux-2.6.32.3/virt/kvm/iodev.h
linux-2.6.32.3/virt/kvm/iommu.c
linux-2.6.32.3/virt/kvm/irq_comm.c
linux-2.6.32.3/virt/kvm/kvm_main.c

  HOSTCC  scripts/basic/fixdep
  HOSTCC  scripts/basic/docproc
  HOSTCC  scripts/basic/hash
  HOSTCC  scripts/kconfig/conf.o
  HOSTCC  scripts/kconfig/kxgettext.o
  SHIPPED scripts/kconfig/zconf.tab.c
  SHIPPED scripts/kconfig/lex.zconf.c
  SHIPPED scripts/kconfig/zconf.hash.c
  HOSTCC  scripts/kconfig/zconf.tab.o
  HOSTLD  scripts/kconfig/conf
...
  "state" match support (NETFILTER_XT_MATCH_STATE) [Y/n/m/?] y
  "statistic" match support (NETFILTER_XT_MATCH_STATISTIC) [M/n/y/?] m
  "string" match support (NETFILTER_XT_MATCH_STRING) [N/m/y/?] n
  "tcpmss" match support (NETFILTER_XT_MATCH_TCPMSS) [M/n/y/?] m
  "time" match support (NETFILTER_XT_MATCH_TIME) [M/n/y/?] m
  "u32" match support (NETFILTER_XT_MATCH_U32) [M/n/y/?] m
  "osf" Passive OS fingerprint match (NETFILTER_XT_MATCH_OSF) [N/m/y/?] n
#
# configuration written to .config
#

  CHK     include/linux/version.h
  CHK     include/linux/utsrelease.h
  SYMLINK include/asm -> include/asm-x86
  CALL    scripts/checksyscalls.sh
  Building modules, stage 2.
  MODPOST 105 modules
  INSTALL arch/x86/kernel/test_nx.ko
  INSTALL arch/x86/kvm/kvm-amd.ko
  INSTALL arch/x86/kvm/kvm-intel.ko
  INSTALL arch/x86/kvm/kvm.ko
...
  INSTALL net/sched/sch_hfsc.ko
  INSTALL net/sched/sch_htb.ko
  INSTALL net/sched/sch_ingress.ko
  INSTALL net/sched/sch_netem.ko
  INSTALL net/sched/sch_prio.ko
  INSTALL net/sched/sch_red.ko
  INSTALL net/sched/sch_sfq.ko
  INSTALL net/sched/sch_tbf.ko
  INSTALL net/sched/sch_teql.ko
  DEPMOD  2.6.32.3

*** End of Linux kernel configuration.
*** Execute 'make' to build the kernel or try 'make help'.

scripts/kconfig/conf -s arch/x86/Kconfig
  CHK     include/linux/version.h
  UPD     include/linux/version.h
  CHK     include/linux/utsrelease.h
  UPD     include/linux/utsrelease.h
  SYMLINK include/asm -> include/asm-x86
  CC      kernel/bounds.s
  GEN     include/linux/bounds.h
  CC      arch/x86/kernel/asm-offsets.s
  GEN     include/asm/asm-offsets.h
...
  CC      net/sched/sch_prio.mod.o
  LD [M]  net/sched/sch_prio.ko
  CC      net/sched/sch_red.mod.o
  LD [M]  net/sched/sch_red.ko
  CC      net/sched/sch_sfq.mod.o
  LD [M]  net/sched/sch_sfq.ko
  CC      net/sched/sch_tbf.mod.o
  LD [M]  net/sched/sch_tbf.ko
  CC      net/sched/sch_teql.mod.o
  LD [M]  net/sched/sch_teql.ko

/lib/modules/2.6.32.3/kernel/net/ipv4/netfilter/ipt_ULOG.ko
/lib/modules/2.6.32.3/kernel/net/ipv4/netfilter/ipt_REJECT.ko
/lib/modules/2.6.32.3/kernel/net/ipv4/netfilter/ipt_REDIRECT.ko
/lib/modules/2.6.32.3/kernel/net/ipv4/netfilter/ipt_MASQUERADE.ko
/lib/modules/2.6.32.3/kernel/net/ipv4/netfilter/ipt_LOG.ko

iptable_filter.ko    ipt_REDIRECT.ko       nf_nat_h323.ko
iptable_mangle.ko    ipt_REJECT.ko         nf_nat_irc.ko
iptable_nat.ko       ipt_ULOG.ko           nf_nat.ko
iptable_security.ko  nf_conntrack_ipv4.ko  nf_nat_proto_udplite.ko
ipt_LOG.ko           nf_defrag_ipv4.ko     nf_nat_sip.ko
ipt_MASQUERADE.ko    nf_nat_ftp.ko

xtables-addons-1.23/
xtables-addons-1.23/.gitignore
xtables-addons-1.23/INSTALL
xtables-addons-1.23/LICENSE
xtables-addons-1.23/Makefile.am
xtables-addons-1.23/Makefile.extra
xtables-addons-1.23/Makefile.iptrules.in
xtables-addons-1.23/Makefile.mans.in
xtables-addons-1.23/README
xtables-addons-1.23/autogen.sh
...
xtables-addons-1.23/aclocal.m4
xtables-addons-1.23/configure
xtables-addons-1.23/config.h.in
xtables-addons-1.23/compile
xtables-addons-1.23/config.guess
xtables-addons-1.23/config.sub
xtables-addons-1.23/install-sh
xtables-addons-1.23/missing
xtables-addons-1.23/depcomp
xtables-addons-1.23/Makefile.in

aclocal.m4    configure.ac  LICENSE               Makefile.mans.in
autogen.sh    depcomp       ltmain.sh             mconfig
compile       doc           m4                    missing
config.guess  extensions    Makefile.am           README
config.h.in   include       Makefile.extra        sources
config.sub    INSTALL       Makefile.in           xa-download-more
configure     install-sh    Makefile.iptrules.in  xtables-addons.8.in

libcairo-java-dev - Java bindings for Cairo (development files)
libgift-dev - helper library for various giFT components [development files]
libglib-java-dev - Java bindings for GLib (development files)
libextutils-pkgconfig-perl - simplistic perl interface to pkg-config
libgconf-java-dev - Java bindings for GConf (development files)
libglade-java-dev - Java bindings for Glade (development files)
libgnome-java-dev - Java bindings for GNOME (development files)
libgtk-java-dev - Java bindings for GTK+ (development files)
libpthread-stubs0-dev - pthread stubs not provided by native libc, development files
libvte-java-dev - Java bindings for VTE (development files)
osso-af-settings - pkg-config based registry for maemo directories
pkg-config - manage compile and link flags for libraries
xserver-xorg-dev - Xorg X server - development files

Чтение списков пакетов... Готово
Построение дерева зависимостей
Чтение информации о состоянии... Готово
НОВЫЕ пакеты, которые будут установлены:
  pkg-config
обновлено 0, установлено 1 новых пакетов, для удаления отмечено 0 пакетов, и 0 пакетов не обновлено.
Необходимо скачать 55,0kБ архивов.
После данной операции, объём занятого дискового пространства возрастёт на 164kB.
Получено:1 http://ftp.debian.org lenny/main pkg-config 0.22-1 [55,0kB]
Получено 55,0kБ за 2s (20,1kБ/c)
Выбор ранее не выбранного пакета pkg-config.
(Чтение базы данных... на данный момент установлено 18029 файлов и каталогов.)
Распаковывается пакет pkg-config (из файла .../pkg-config_0.22-1_amd64.deb)...
Обрабатываются триггеры для man-db ...
Настраивается пакет pkg-config (0.22-1) ...

checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... no
checking for mawk... mawk
checking whether make sets $(MAKE)... yes
checking for gcc... gcc
checking for C compiler default output file name... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
...
config.status: creating Makefile
config.status: creating Makefile.iptrules
config.status: creating Makefile.mans
config.status: creating extensions/Makefile
config.status: creating extensions/ACCOUNT/Makefile
config.status: creating extensions/ipset/Makefile
config.status: creating extensions/pknock/Makefile
config.status: creating config.h
config.status: executing depfiles commands
config.status: executing libtool commands

make  all-recursive
make[1]: Entering directory `/var/downloads/xtables-addons-1.23'
Making all in extensions
make[2]: Entering directory `/var/downloads/xtables-addons-1.23/extensions'
if [ -n "/lib/modules/2.6.32.3/build" ]; then make -C /lib/modules/2.6.32.3/build M=/var/downloads/xtables-addons-1.23/extensions modules; fi;
make[3]: Entering directory `/usr/src/linux-2.6.32.3'
  CC [M]  /var/downloads/xtables-addons-1.23/extensions/compat_xtables.o
  CC [M]  /var/downloads/xtables-addons-1.23/extensions/xt_CHAOS.o
  CC [M]  /var/downloads/xtables-addons-1.23/extensions/xt_DELUDE.o
  CC [M]  /var/downloads/xtables-addons-1.23/extensions/xt_DHCPMAC.o
...
make[2]: Leaving directory `/var/downloads/xtables-addons-1.23/extensions'
make[2]: Entering directory `/var/downloads/xtables-addons-1.23'
make -f Makefile.mans all;
make[3]: Entering directory `/var/downloads/xtables-addons-1.23'
for ext in ./extensions/libxt_condition.man ./extensions/libxt_dhcpmac.man ./extensions/libxt_fuzzy.man ./extensions/libxt_geoip.man ./extensions/libxt_iface.man ./extensions/libxt_ipp2p.man ./extensions/libxt_ipv4options.man ./extensions/libxt_length.man ./extensions/libxt_lscan.man ./extensions/libxt_psd.man ./extensions/libxt_quota2.man ./extensions/pknock/libxt_pknock.man; do name="${ext%.man}
for ext in ./extensions/ACCOUNT/libxt_ACCOUNT.man ./extensions/libxt_CHAOS.man ./extensions/libxt_DELUDE.man ./extensions/libxt_DHCPMAC.man ./extensions/libxt_ECHO.man ./extensions/libxt_IPMARK.man ./extensions/libxt_LOGMARK.man ./extensions/libxt_RAWDNAT.man ./extensions/libxt_RAWSNAT.man ./extensions/libxt_STEAL.man ./extensions/libxt_SYSRQ.man ./extensions/libxt_TARPIT.man ./extensions/libxt_TE
sed -e '/@MATCHES@/ r matches.man' -e '/@TARGET@/ r targets.man' xtables-addons.8.in >xtables-addons.8;
make[3]: Leaving directory `/var/downloads/xtables-addons-1.23'
make[2]: Leaving directory `/var/downloads/xtables-addons-1.23'
make[1]: Leaving directory `/var/downloads/xtables-addons-1.23'

Making install in extensions
make[1]: Entering directory `/var/downloads/xtables-addons-1.23/extensions'
if [ -n "/lib/modules/2.6.32.3/build" ]; then make -C /lib/modules/2.6.32.3/build M=/var/downloads/xtables-addons-1.23/extensions modules; fi;
make[2]: Entering directory `/usr/src/linux-2.6.32.3'
  Building modules, stage 2.
  MODPOST 36 modules
make[2]: Leaving directory `/usr/src/linux-2.6.32.3'
make -f ../Makefile.iptrules all;
make[2]: Entering directory `/var/downloads/xtables-addons-1.23/extensions'
make[3]: Entering directory `/var/downloads/xtables-addons-1.23/extensions/ACCOUNT'
...
make[3]: Entering directory `/var/downloads/xtables-addons-1.23'
depmod -a || :;
make[3]: Leaving directory `/var/downloads/xtables-addons-1.23'
make -f Makefile.mans all;
make[3]: Entering directory `/var/downloads/xtables-addons-1.23'
make[3]: Leaving directory `/var/downloads/xtables-addons-1.23'
test -z "/usr/local/share/man/man8" || /bin/mkdir -p "/usr/local/share/man/man8"
 /usr/bin/install -c -m 644 xtables-addons.8 '/usr/local/share/man/man8'
make[2]: Leaving directory `/var/downloads/xtables-addons-1.23'
make[1]: Leaving directory `/var/downloads/xtables-addons-1.23'

  CHK     include/linux/version.h
  CHK     include/linux/utsrelease.h
  SYMLINK include/asm -> include/asm-x86
  CALL    scripts/checksyscalls.sh
  CHK     include/linux/compile.h
Kernel: arch/x86/boot/bzImage is ready  (#1)
  Building modules, stage 2.
  MODPOST 105 modules

  CHK     include/linux/version.h
  CHK     include/linux/utsrelease.h
  SYMLINK include/asm -> include/asm-x86
  CALL    scripts/checksyscalls.sh
  Building modules, stage 2.
  MODPOST 105 modules

  INSTALL arch/x86/kernel/test_nx.ko
  INSTALL arch/x86/kvm/kvm-amd.ko
  INSTALL arch/x86/kvm/kvm-intel.ko
  INSTALL arch/x86/kvm/kvm.ko
  INSTALL drivers/char/hw_random/amd-rng.ko
  INSTALL drivers/net/dummy.ko
  INSTALL drivers/net/ppp_generic.ko
  INSTALL drivers/net/pppoe.ko
  INSTALL drivers/net/pppox.ko
  INSTALL drivers/net/slhc.ko
...
  INSTALL net/sched/sch_hfsc.ko
  INSTALL net/sched/sch_htb.ko
  INSTALL net/sched/sch_ingress.ko
  INSTALL net/sched/sch_netem.ko
  INSTALL net/sched/sch_prio.ko
  INSTALL net/sched/sch_red.ko
  INSTALL net/sched/sch_sfq.ko
  INSTALL net/sched/sch_tbf.ko
  INSTALL net/sched/sch_teql.ko
  DEPMOD  2.6.32.3

--- /tmp/l3-saved-4111.5914.16323	2010-03-04 17:31:10.000000000 +0000
+++ myfirewall.sh	2010-03-04 17:32:47.000000000 +0000
@@ -115,8 +115,7 @@
 # Define a LOG and TARPIT custom chain:
 iptables -N LnT
 iptables -A LnT -p tcp -j LOG --log-prefix "LnT "
-# iptables -A LnT -p tcp -j TARPIT
-iptables -A LnT -p tcp -j REJECT
+iptables -A LnT -p tcp -j TARPIT
 
 # Define a DDenial of Service custom chain:
 iptables -N DDoS
@@ -180,8 +179,7 @@
 iptables -A FTPl -j FTP
 # Don't need to match new or syn because that's handled by the above rule:
 # This may be too restrictive, so I reduced TARPIT from 2 to 3:
-# iptables -A FTPl -p tcp -m statistic --mode nth --every 3 -j TARPIT
-iptables -A FTPl -p tcp -m statistic --mode nth --every 3 -j REJECT
+iptables -A FTPl -p tcp -m statistic --mode nth --every 3 -j TARPIT
 iptables -A FTPl -j RETURN
 
 # * * * * * * * Here is where the filtering begins * * * * * * *
@@ -349,8 +347,7 @@
 
 # Low Ports:
 # (Can't TARPIT udp)
-# iptables -A INPUT -p tcp -m mport --dports 79,135,137:139,389,445,446,901,1002 -j TARPIT
-iptables -A INPUT -p tcp -m mport --dports 79,135,137:139,389,445,446,901,1002 -j RdL
+iptables -A INPUT -p tcp -m mport --dports 79,135,137:139,389,445,446,901,1002 -j TARPIT
 iptables -A INPUT -p udp -m mport --dports 79,135,137:139,389,445,446,901,1002 -j RdL
 # This is "too many ports specified" because the max is 15 ports;
 # IPT_MULTI_PORTS is set to 15 in ~linux/include/linux/netfilter_ipv4 for both
@@ -362,8 +359,7 @@
 iptables -A INPUT -p udp --dport $LOWPORTS -j RdL
 
 # Annoyance high ports:
-# iptables -A INPUT -p tcp --sport $HI_PORTS -m mport --dports 1080,1433,3127:3128,4444,4899,6129,17300,20168 -j TARPIT
-iptables -A INPUT -p tcp --sport $HI_PORTS -m mport --dports 1080,1433,3127:3128,4444,4899,6129,17300,20168 -j RnL
+iptables -A INPUT -p tcp --sport $HI_PORTS -m mport --dports 1080,1433,3127:3128,4444,4899,6129,17300,20168 -j TARPIT
 
 # Take advantage of the stateful nature of iptables on the INPUT chain:
 iptables -A INPUT -p tcp --dport ! 20:21 -m state --state $E_R -j ACCEPT
@@ -371,8 +367,7 @@
 
 # * * Here is where the INPUT filtering ends and the policy takes effect * *
 # INPUT chain:  Just Say NO to everything not specifically allowed:
-# iptables -A INPUT -p tcp -j TARPIT	# Log so annoyance high ports can be
-iptables -A INPUT -p tcp -j RnL		# Log so annoyance high ports can be
+iptables -A INPUT -p tcp -j TARPIT	# Log so annoyance high ports can be
 # added to the TARPIT list.  Naah, fuck em now not later.  Was LnRi 19Feb04
 iptables -A INPUT -j RdL		# Can't TARPIT other than tcp which are
 # dealt with in the prior rule.  This REJECTs rather than DROPs, overriding the

++ cat /etc/firewall/IAM
+ IAM=192.168.8.250
+ echo 'Duron / Cable IP 192.168.8.250'
Duron / Cable IP 192.168.8.250
+ IFI=eth0
+ IPI=192.168.8.250
+ NWI=192.168.8.0
+ NMI=24
+ IFE1=eth1
+ IPE1=192.168.10.1
...
+ iptables -P OUTPUT ACCEPT
+ iptables -P FORWARD DROP
+ iptables -D INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: Bad rule (does a matching rule exist in that chain?).
+ iptables -D FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: Bad rule (does a matching rule exist in that chain?).
+ iptables -D OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: Bad rule (does a matching rule exist in that chain?).
+ echo 'Firewall loaded.'
Firewall loaded.

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Chain KeepState (0 references)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
RETURN     all  --  0.0.0.0/0            0.0.0.0/0

Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  192.168.8.0/24       0.0.0.0/0
ScanD      all  --  0.0.0.0/0            0.0.0.0/0           psd weight-threshold: 21 delay-threshold: 300 lo-ports-weight: 3 hi-ports-weight: 1
ScanD      all  --  0.0.0.0/0            0.0.0.0/0           state INVALID
RdL        tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:!0x17/0x02 state NEW
ScanD      tcp  --  0.0.0.0/0            0.0.0.0/0           tcp flags:0x11/0x01
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp spts:67:68
...
target     prot opt source               destination
REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0           reject-with tcp-reset
REJECT     udp  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-port-unreachable
REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-unreachable
Chain ScanD (6 references)
target     prot opt source               destination
LOG        udp  --  0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 4 prefix `ScanD udp '
LOG        icmp --  0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 4 prefix `ScanD icmp '
LOG        all  -f  0.0.0.0/0            0.0.0.0/0           LOG flags 0 level 4 prefix `ScanD frag '
DROP       all  --  0.0.0.0/0            0.0.0.0/0

--- /tmp/l3-saved-4111.16124.19857	2010-03-04 17:34:41.000000000 +0000
+++ myfirewall.sh	2010-03-04 17:34:46.000000000 +0000
@@ -11,7 +11,7 @@
 # Don't LOG the common crap on ports 135, 137-139 & 445, 1080, 1433.
 # LOG everything else.  (Later on I may reduce the volume.)
 
-# set -x
+set -x
 
 IAM=`cat /etc/firewall/IAM`
 echo "Cable IP $IAM"

--- /tmp/l3-saved-4360.11967.31309	2010-03-04 17:38:56.000000000 +0000
+++ myfirewall.sh	2010-03-04 17:40:07.000000000 +0000
@@ -25,8 +25,8 @@
 NME1="24"
 IFE2="eth2"
 IPE2="192.168.20.1"
-NWE3="192.168.20.0"
-NME3="24"
+NWE2="192.168.20.0"
+NME2="24"
 
 # Definitions:
 E_R="ESTABLISHED,RELATED"
@@ -191,7 +191,7 @@
 iptables -A OUTPUT -o $IFI -d $NWI/$NMI -j ACCEPT
 
 # MASQ (SNAT) internal traffic:
-iptables -t nat -A POSTROUTING -o $IFE1 -s $NWI/$NMI -j SNAT --to $IPE
+iptables -t nat -A POSTROUTING -o $IFE1 -s $NWI/$NMI -j SNAT --to $IPE1
 
 #iptables -t nat -A PREROUTING -j KeepState
 #iptables -t nat -A POSTROUTING -j KeepState
@@ -330,7 +330,7 @@
 iptables -A INPUT -m helper --helper ftp -j FTP
 # Incoming FTP is unfettered:
 # (This passes a lot more than just FTP!)
-#iptables -A INPUT -i $IFE1 -p tcp -d $IPE -m mport --dports 20,$HI_PORTS -j ACCEPT
+#iptables -A INPUT -i $IFE1 -p tcp -d $IPE1 -m mport --dports 20,$HI_PORTS -j ACCEPT
 # 3 simultaneous FTP connections per IP max (Stopped logging 31Jan04):
 # (Don't match NEW:)
 iptables -A INPUT -p tcp --dport 20:21 -m connlimit --connlimit-above 3 -j DROP
@@ -405,7 +405,7 @@
 
 # TEST BEGIN
 # If dnews didn't originate it, drop it:
-iptables -A OUTPUT -o $IFE1 -s $NWE/$NME -j ACCEPT
+iptables -A OUTPUT -o $IFE1 -s $NWE1/$NME1 -j ACCEPT
 iptables -A OUTPUT -o $IFE1 -j LnDf
 # TEST END
 

--- /tmp/l3-saved-4360.9562.9469	2010-03-04 17:43:28.000000000 +0000
+++ /etc/firewall/local_services	2010-03-04 17:43:45.000000000 +0000
@@ -1,4 +1,4 @@
-# source	dport
-192.168.8.140	22
-192.168.8.19	80
+# source	dport	protocol
+192.168.8.140	22	tcp
+192.168.8.19	80	tcp
 

++ cat /etc/firewall/IAM
+ IAM=192.168.8.250
+ echo 'Cable IP 192.168.8.250'
Cable IP 192.168.8.250
+ IFI=eth0
+ IPI=192.168.8.250
+ NWI=192.168.8.0
+ NMI=24
+ IFE1=eth1
+ IPE1=192.168.10.1
...
+ iptables -P OUTPUT ACCEPT
+ iptables -P FORWARD DROP
+ iptables -D INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: Bad rule (does a matching rule exist in that chain?).
+ iptables -D FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: Bad rule (does a matching rule exist in that chain?).
+ iptables -D OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: Bad rule (does a matching rule exist in that chain?).
+ echo 'Firewall loaded.'
Firewall loaded.

--- /tmp/l3-saved-4360.9540.477	2010-03-04 17:44:22.000000000 +0000
+++ /etc/firewall/local_services	2010-03-04 17:44:25.000000000 +0000
@@ -1,4 +1,3 @@
-# source	dport	protocol
 192.168.8.140	22	tcp
 192.168.8.19	80	tcp
 

++ cat /etc/firewall/IAM
+ IAM=192.168.8.250
+ echo 'Cable IP 192.168.8.250'
Cable IP 192.168.8.250
+ IFI=eth0
+ IPI=192.168.8.250
+ NWI=192.168.8.0
+ NMI=24
+ IFE1=eth1
+ IPE1=192.168.10.1
...
+ iptables -P OUTPUT ACCEPT
+ iptables -P FORWARD DROP
+ iptables -D INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: Bad rule (does a matching rule exist in that chain?).
+ iptables -D FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: Bad rule (does a matching rule exist in that chain?).
+ iptables -D OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: Bad rule (does a matching rule exist in that chain?).
+ echo 'Firewall loaded.'
Firewall loaded.

++ cat /etc/firewall/IAM
+ IAM=192.168.8.250
+ echo 'Cable IP 192.168.8.250'
Cable IP 192.168.8.250
+ IFI=eth0
+ IPI=192.168.8.250
+ NWI=192.168.8.0
+ NMI=24
+ IFE1=eth1
+ IPE1=192.168.10.1
...
+ iptables -P OUTPUT ACCEPT
+ iptables -P FORWARD DROP
+ iptables -D INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: Bad rule (does a matching rule exist in that chain?).
+ iptables -D FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: Bad rule (does a matching rule exist in that chain?).
+ iptables -D OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: Bad rule (does a matching rule exist in that chain?).
+ echo 'Firewall loaded.'
Firewall loaded.

--- /tmp/l3-saved-4360.32170.5497	2010-03-04 17:47:17.000000000 +0000
+++ myfirewall.sh	2010-03-04 17:47:33.000000000 +0000
@@ -253,8 +253,8 @@
     SRC=`echo "$STRNG" | cut -f 1`
     DPORT=`echo "$STRNG" | cut -f 2`
     PROT=`echo "$STRNG" | cut -f 3`
-    iptables -A INPUT -p $PROT --dport $DPORT -s $SRC --sport $HI_PORTS -d IPI -j ACCEPT
-    iptables -A OUTPUT -p $PROT --sport $DPORT -d $SRC --dport $HI_PORTS -s IPI -j ACCEPT
+    iptables -A INPUT -p $PROT --dport $DPORT -s $SRC --sport $HI_PORTS -d $IPI -j ACCEPT
+    iptables -A OUTPUT -p $PROT --sport $DPORT -d $SRC --dport $HI_PORTS -s $IPI -j ACCEPT
   done </etc/firewall/local_services
 fi
 

++ cat /etc/firewall/IAM
+ IAM=192.168.8.250
+ echo 'Cable IP 192.168.8.250'
Cable IP 192.168.8.250
+ IFI=eth0
+ IPI=192.168.8.250
+ NWI=192.168.8.0
+ NMI=24
+ IFE1=eth1
+ IPE1=192.168.10.1
...
+ iptables -P OUTPUT ACCEPT
+ iptables -P FORWARD DROP
+ iptables -D INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: Bad rule (does a matching rule exist in that chain?).
+ iptables -D FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: Bad rule (does a matching rule exist in that chain?).
+ iptables -D OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: Bad rule (does a matching rule exist in that chain?).
+ echo 'Firewall loaded.'
Firewall loaded.

--- /tmp/l3-saved-4360.32720.13950	2010-03-04 17:47:56.000000000 +0000
+++ myfirewall.sh	2010-03-04 17:51:00.000000000 +0000
@@ -251,10 +251,12 @@
 if [ -f /etc/firewall/local_services ]; then
   while read STRNG; do
     SRC=`echo "$STRNG" | cut -f 1`
-    DPORT=`echo "$STRNG" | cut -f 2`
-    PROT=`echo "$STRNG" | cut -f 3`
-    iptables -A INPUT -p $PROT --dport $DPORT -s $SRC --sport $HI_PORTS -d $IPI -j ACCEPT
-    iptables -A OUTPUT -p $PROT --sport $DPORT -d $SRC --dport $HI_PORTS -s $IPI -j ACCEPT
+	if [ -z $SRC ]; then
+	    DPORT=`echo "$STRNG" | cut -f 2`
+	    PROT=`echo "$STRNG" | cut -f 3`
+	    iptables -A INPUT -p $PROT --dport $DPORT -s $SRC --sport $HI_PORTS -d $IPI -j ACCEPT
+	    iptables -A OUTPUT -p $PROT --sport $DPORT -d $SRC --dport $HI_PORTS -s $IPI -j ACCEPT
+	fi
   done </etc/firewall/local_services
 fi
 

++ cat /etc/firewall/IAM
+ IAM=192.168.8.250
+ echo 'Cable IP 192.168.8.250'
Cable IP 192.168.8.250
+ IFI=eth0
+ IPI=192.168.8.250
+ NWI=192.168.8.0
+ NMI=24
+ IFE1=eth1
+ IPE1=192.168.10.1
...
+ iptables -P OUTPUT ACCEPT
+ iptables -P FORWARD DROP
+ iptables -D INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: Bad rule (does a matching rule exist in that chain?).
+ iptables -D FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: Bad rule (does a matching rule exist in that chain?).
+ iptables -D OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: Bad rule (does a matching rule exist in that chain?).
+ echo 'Firewall loaded.'
Firewall loaded.

--- /tmp/l3-saved-4360.23286.6753	2010-03-04 17:53:57.000000000 +0000
+++ myfirewall.sh	2010-03-04 17:54:17.000000000 +0000
@@ -251,7 +251,7 @@
 if [ -f /etc/firewall/local_services ]; then
   while read STRNG; do
     SRC=`echo "$STRNG" | cut -f 1`
-	if [ -z $SRC ]; then
+	if [ -z "$SRC" ]; then
 	    DPORT=`echo "$STRNG" | cut -f 2`
 	    PROT=`echo "$STRNG" | cut -f 3`
 	    iptables -A INPUT -p $PROT --dport $DPORT -s $SRC --sport $HI_PORTS -d $IPI -j ACCEPT

++ cat /etc/firewall/IAM
+ IAM=192.168.8.250
+ echo 'Cable IP 192.168.8.250'
Cable IP 192.168.8.250
+ IFI=eth0
+ IPI=192.168.8.250
+ NWI=192.168.8.0
+ NMI=24
+ IFE1=eth1
+ IPE1=192.168.10.1
...
+ iptables -P OUTPUT ACCEPT
+ iptables -P FORWARD DROP
+ iptables -D INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: Bad rule (does a matching rule exist in that chain?).
+ iptables -D FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: Bad rule (does a matching rule exist in that chain?).
+ iptables -D OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: Bad rule (does a matching rule exist in that chain?).
+ echo 'Firewall loaded.'
Firewall loaded.

++ cat /etc/firewall/IAM
+ IAM=192.168.8.250
+ echo 'Cable IP 192.168.8.250'
Cable IP 192.168.8.250
+ IFI=eth0
+ IPI=192.168.8.250
+ NWI=192.168.8.0
+ NMI=24
+ IFE1=eth1
+ IPE1=192.168.10.1
...
+ iptables -P OUTPUT ACCEPT
+ iptables -P FORWARD DROP
+ iptables -D INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: Bad rule (does a matching rule exist in that chain?).
+ iptables -D FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: Bad rule (does a matching rule exist in that chain?).
+ iptables -D OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables: Bad rule (does a matching rule exist in that chain?).
+ echo 'Firewall loaded.'
Firewall loaded.

--- /tmp/l3-saved-4111.17524.9201	2010-03-04 17:59:31.000000000 +0000
+++ myfirewall.sh	2010-03-04 18:01:17.000000000 +0000
@@ -8,7 +8,7 @@
 # Everything on the FORWARD chain that is not specifically allowed is denied.
 # Allow running services (SSH and telnet to authorized users only).
 # ICMP on the OUTPUT chain is limited to the same things valid for INPUT
-# Don't LOG the common crap on ports 135, 137-139 & 445, 1080, 1433.
+# Don't LOG the common crap on port 135, 137-139 & 445, 1080, 1433.
 # LOG everything else.  (Later on I may reduce the volume.)
 
 set -x
@@ -170,7 +170,7 @@
 #iptables -A FTP -m quota --quota 671088640 -j ACCEPT
 #iptables -A FTP -j LOG --log-prefix "QUOTA "
 iptables -A FTP -p tcp -m connlimit --connlimit-above 3 -j DROP
-# All related packets have me as dest, use high ports and syn is set:
+# All related packets have me as dest, use high port and syn is set:
 iptables -A FTP -m state --state $E_R -j ACCEPT
 iptables -A FTP -j RETURN
 
@@ -332,7 +332,7 @@
 iptables -A INPUT -m helper --helper ftp -j FTP
 # Incoming FTP is unfettered:
 # (This passes a lot more than just FTP!)
-#iptables -A INPUT -i $IFE1 -p tcp -d $IPE1 --dports 20,$HI_PORTS -j ACCEPT
+#iptables -A INPUT -i $IFE1 -p tcp -d $IPE1 --dport 20,$HI_PORTS -j ACCEPT
 # 3 simultaneous FTP connections per IP max (Stopped logging 31Jan04):
 # (Don't match NEW:)
 iptables -A INPUT -p tcp --dport 20:21 -m connlimit --connlimit-above 3 -j DROP
@@ -349,19 +349,19 @@
 
 # Low Ports:
 # (Can't TARPIT udp)
-iptables -A INPUT -p tcp --dports 79,135,137:139,389,445,446,901,1002 -j TARPIT
-iptables -A INPUT -p udp --dports 79,135,137:139,389,445,446,901,1002 -j RdL
-# This is "too many ports specified" because the max is 15 ports;
+iptables -A INPUT -p tcp --dport 79,135,137:139,389,445,446,901,1002 -j TARPIT
+iptables -A INPUT -p udp --dport 79,135,137:139,389,445,446,901,1002 -j RdL
+# This is "too many port specified" because the max is 15 port;
 # IPT_MULTI_PORTS is set to 15 in ~linux/include/linux/netfilter_ipv4 for both
 # mport and multiport:
-# iptables -A INPUT -p udp --dports 0:19,22:24,26:52,54:79,81:112,114:118,120:872,874:1023 -j LnRi
+# iptables -A INPUT -p udp --dport 0:19,22:24,26:52,54:79,81:112,114:118,120:872,874:1023 -j LnRi
 
-# "Low ports" - reject everything not specifically allowed:
+# "Low port" - reject everything not specifically allowed:
 iptables -A INPUT -p tcp --dport $LOWPORTS -j RdL
 iptables -A INPUT -p udp --dport $LOWPORTS -j RdL
 
-# Annoyance high ports:
-iptables -A INPUT -p tcp --sport $HI_PORTS --dports 1080,1433,3127:3128,4444,4899,6129,17300,20168 -j TARPIT
+# Annoyance high port:
+iptables -A INPUT -p tcp --sport $HI_PORTS --dport 1080,1433,3127:3128,4444,4899,6129,17300,20168 -j TARPIT
 
 # Take advantage of the stateful nature of iptables on the INPUT chain:
 iptables -A INPUT -p tcp --dport ! 20:21 -m state --state $E_R -j ACCEPT
@@ -369,15 +369,15 @@
 
 # * * Here is where the INPUT filtering ends and the policy takes effect * *
 # INPUT chain:  Just Say NO to everything not specifically allowed:
-iptables -A INPUT -p tcp -j TARPIT	# Log so annoyance high ports can be
+iptables -A INPUT -p tcp -j TARPIT	# Log so annoyance high port can be
 # added to the TARPIT list.  Naah, fuck em now not later.  Was LnRi 19Feb04
 iptables -A INPUT -j RdL		# Can't TARPIT other than tcp which are
 # dealt with in the prior rule.  This REJECTs rather than DROPs, overriding the
 # default DROP policy (because default policy cannot be REJECT).
 
 # OUTPUT chain (default ACCEPT):
-iptables -A OUTPUT -o $IFE1 -p tcp --dports 79,135,137:139,389,445,446,901,1002 -j LnRo
-iptables -A OUTPUT -o $IFE1 -p udp --dports 79,135,137:139,389,445,446,901,1002 -j LnRo
+iptables -A OUTPUT -o $IFE1 -p tcp --dport 79,135,137:139,389,445,446,901,1002 -j LnRo
+iptables -A OUTPUT -o $IFE1 -p udp --dport 79,135,137:139,389,445,446,901,1002 -j LnRo
 
 # Just Go Away:
 if [ -f /etc/firewall/banned ]; then
@@ -415,14 +415,14 @@
 # These packets do NOT traverse either INPUT or OUTPUT chains.
 # For packets being routed through the box.
 # ICMP rules are separate, above.
-iptables -A FORWARD -i $IFE1 -p tcp --sports 135,137:139,445 -j LnDf
-iptables -A FORWARD -i $IFE1 -p udp --sports 135,137:139,445 -j LnDf
-iptables -A FORWARD -o $IFE1 -p tcp --sports 135,137:139,445 -j DROP
-iptables -A FORWARD -o $IFE1 -p udp --sports 135,137:139,445 -j LnDf
-iptables -A FORWARD -i $IFE1 -p tcp --dports 135,137:139,445 -j LnDf
-iptables -A FORWARD -i $IFE1 -p udp --dports 135,137:139,445 -j LnDf
-iptables -A FORWARD -o $IFE1 -p tcp --dports 135,137:139,445 -j LnDf
-iptables -A FORWARD -o $IFE1 -p udp --dports 135,137:139,445 -j LnDf
+iptables -A FORWARD -i $IFE1 -p tcp --sport 135,137:139,445 -j LnDf
+iptables -A FORWARD -i $IFE1 -p udp --sport 135,137:139,445 -j LnDf
+iptables -A FORWARD -o $IFE1 -p tcp --sport 135,137:139,445 -j DROP
+iptables -A FORWARD -o $IFE1 -p udp --sport 135,137:139,445 -j LnDf
+iptables -A FORWARD -i $IFE1 -p tcp --dport 135,137:139,445 -j LnDf
+iptables -A FORWARD -i $IFE1 -p udp --dport 135,137:139,445 -j LnDf
+iptables -A FORWARD -o $IFE1 -p tcp --dport 135,137:139,445 -j LnDf
+iptables -A FORWARD -o $IFE1 -p udp --dport 135,137:139,445 -j LnDf
 ## Refuse connections from IANA reserved blocks:
 # JK 5 Dec 04 remarked because not needed
 #if [ -f /etc/firewall/IANA ]; then