ufw

Merge ~ekacnetubuntu/ufw:feature_add_logging_backend into ufw:master

Proposed by Matthieu Patou on 2023-01-17

Status:	Merged
Merged at revision:	3405c0f0412ebe38c458818fb68b40908ecddd50
Proposed branch:	~ekacnetubuntu/ufw:feature_add_logging_backend
Merge into:	ufw:master
Diff against target:	2157 lines (+1972/-34) 10 files modified ChangeLog (+2/-0) setup.py (+3/-1) src/backend.py (+33/-0) src/backend_iptables.py (+133/-33) src/kernel_log_backend.py (+27/-0) src/log_backend.py (+42/-0) src/netfilter_log_backend.py (+27/-0) tests/good/logging_backend/orig (+1/-0) tests/good/logging_backend/result (+1649/-0) tests/good/logging_backend/runtest.sh (+55/-0)
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Jamie Strandboge		2023-01-17	Approve on 2024-02-17
Review via email: mp+435890@code.launchpad.net

Commit message

Add support for different logging backends

Description of the change

It allows to have different logging backend for all UFW related logging.
The default one is LOG (kernel_log) which is the one that UFW was using prior to this change. It also support NFLOG (netfilter_log).

The choice of logging backend is made through the `/etc/default/ufw` configuration file and will be effective at the next reload/restart of the UFW service.

The change has been built into packages for both Ubuntu Jammy and Debian bullseye and deployed to a handful of servers and VMs without any issue: after upgrade existing rules were preserved and logging ones were rewrote from LOG backend to NFLOG backend.
Tested also going back and forth a few time without any disruption in the rulesets.

Revision history for this message

Matthieu Patou (ekacnetubuntu) wrote on 2024-01-02:

Hey Jamie

Anything blocking on this diff ?

I'll update it but it should be pretty the same for the latest version. I have been using it for a while and it works great.

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2024-01-15:

Sorry, I missed the initial report, I apologize. I've not time to look at it extensively yet, but should have some time to take a look in the next few weeks. Thanks for merge request!

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2024-02-17:

I've reviewed the diff and will commit it against latest changes. After committing, I'll update the configuration file and man page.

Note, the additional logging part doesn't work because of a too restrictive regex. I'm going to fix it, commit it, then pull out the additional logging parts since I want to think about that more (but since they'll be in git history, can easily pull it back out.

Thanks for the patch!

review: Approve

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2024-02-17 (last edit on 2024-02-17):

I should also mention, I'm going to drop the '_log' from the specifier (eg, LOGGING_BACKEND="netfilter" instead of LOGGING_BACKEND="netfilter_log"). Also renaming ADDITIONAL_LOGGING_OPTIONS as LOGGING_ADDITIONAL.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Jamie Strandboge

Matthieu Patou

 diff --git a/ChangeLog b/ChangeLog
 index 937c40a..07d33b5 100644
 --- a/ChangeLog
 +++ b/ChangeLog
@@ -29,6 +29,8 @@ ufw (0.37) UNRELEASED; urgency=medium
      - unconditionally reload user rules with 'delete' (LP: #1933117)
    * src/ufw-init-functions: set default policy after loading rules. Thanks to
      Mauricio Faria de Oliveira. (LP: #1946804)
++  * allow logging backend to be configured and additional logging options to
++    be specified
   -- Jamie Strandboge <jdstrand@ubuntu.com>  Wed, 13 Oct 2021 11:44:00 -0500
 diff --git a/setup.py b/setup.py
 index 3915b23..afc7104 100644
 --- a/setup.py
 +++ b/setup.py
@@ -295,7 +295,9 @@ setup (name='ufw',
        license='GPL-3',
        cmdclass={'install': Install},
        package_dir={'ufw': 'staging'},
--      py_modules=['ufw.backend', 'ufw.backend_iptables', 'ufw.common', 'ufw.frontend', 'ufw.util', 'ufw.applications', 'ufw.parser']
++      py_modules=['ufw.backend', 'ufw.backend_iptables', 'ufw.common', 'ufw.frontend', 'ufw.util',
++                  'ufw.applications', 'ufw.parser', 'ufw.kernel_log_backend',
++                  'ufw.netfilter_log_backend', 'ufw.log_backend']
+ )
  shutil.rmtree('staging')
 diff --git a/src/backend.py b/src/backend.py
 index 1d2554e..a2285b2 100644
 --- a/src/backend.py
 +++ b/src/backend.py
@@ -22,6 +22,8 @@ import re
  import stat
  import sys
  import ufw.util
++import ufw.kernel_log_backend
++import ufw.netfilter_log_backend
  from ufw.util import error, warn, debug, _findpath
  from ufw.common import UFWError, UFWRule
  import ufw.applications
@@ -61,6 +63,7 @@ class UFWBackend:
          self._do_checks()
          self._get_defaults()
          self._read_rules()
++        self.log_backend = self.get_logging_backend()
          self.profiles = ufw.applications.get_profiles(self.files['apps'])
@@ -124,6 +127,36 @@ class UFWBackend:
                  else:
                      self.caps['limit']['6'] = False
++    def get_logging_backend(self):
++        """Return an instance of the logging backend
++        given how it was configured in the config"""
++        logging_backend = self.defaults.get("logging_backend", "kernel_log")
++        if logging_backend == "kernel_log":
++            return ufw.kernel_log_backend.UFWLogBackendKernel(
++                self.defaults.get("additional_logging_options")
++            )
++        elif logging_backend == "netfilter_log":
++            return ufw.netfilter_log_backend.UFWLogBackendNetfilter(
++                self.defaults.get("additional_logging_options")
++            )
++        else:
++            raise UFWError("Unknown %s logging backend" % logging_backend)
++
++    def get_all_logging_backends(self):
++        """Return an instance of all the logging backends"""
++        ret = []
++        ret.append(
++            ufw.kernel_log_backend.UFWLogBackendKernel(
++                self.defaults.get("additional_logging_options")
++            )
++        )
++        ret.append(
++            ufw.netfilter_log_backend.UFWLogBackendNetfilter(
++                self.defaults.get("additional_logging_options")
++            )
++        )
++        return ret
++
      def is_enabled(self):
          '''Is firewall configured as enabled'''
          if 'enabled' in self.defaults and \
 diff --git a/src/backend_iptables.py b/src/backend_iptables.py
 index 11b61f1..fc73b49 100644
 --- a/src/backend_iptables.py
 +++ b/src/backend_iptables.py
@@ -79,11 +79,31 @@ class UFWBackendIptables(ufw.backend.UFWBackend):
          # The default log rate limiting rule ('ufw[6]-user-limit chain should
          # be prepended before use)
--        self.ufw_user_limit_log = ['-m', 'limit', \
--                                   '--limit', '3/minute', '-j', 'LOG', \
--                                   '--log-prefix']
++        self.ufw_user_limit_log = [
++            "-m",
++            "limit",
++            "--limit",
++            "3/minute",
++            "-j",
++            self.log_backend.get_log_target(),
++        ]
++        self.ufw_user_limit_log.extend(self.log_backend.get_logging_options())
          self.ufw_user_limit_log_text = "[UFW LIMIT BLOCK]"
++        all_log_backends = self.get_all_logging_backends()
++        self.ufw_user_limit_other_log = []
++        for backend in all_log_backends:
++            limit_log = [
++                "-m",
++                "limit",
++                "--limit",
++                "3/minute",
++                "-j",
++                backend.get_log_target(),
++            ]
++            limit_log.extend(backend.get_logging_options())
++            self.ufw_user_limit_other_log.append(limit_log)
++
      def get_default_application_policy(self):
          '''Get current policy'''
          rstr = _("New profiles:")
@@ -639,8 +659,12 @@ class UFWBackendIptables(ufw.backend.UFWBackend):
                  else:
                      policy = "BLOCK"
--                lstr = '%s -j LOG --log-prefix "[UFW %s] "' % (limit_args, \
--                       policy)
++                lstr = '%s -j %s %s "[UFW %s] "' % (
++                    limit_args,
++                    self.log_backend.get_log_target(),
++                    " ".join(self.log_backend.get_logging_options()),
++                    policy,
++                )
                  if not pat_logall.search(s):
                      lstr = '-m conntrack --ctstate NEW ' + lstr
                  snippets[i] = pat_log.sub(r'\1-j \2\4', s)
@@ -678,13 +702,17 @@ class UFWBackendIptables(ufw.backend.UFWBackend):
          str_snippets = self._get_rules_from_formatted(frule, prefix, suffix)
          # split the string such that the log prefix can contain spaces
--        pat = re.compile(r'(.*) --log-prefix (".* ")(.*)')
++        pat = re.compile(
++            r'(.*) {} (".* ")(.*)'.format(
++                " ".join(self.log_backend.get_logging_options())
++            )
++        )
          for i, s in enumerate(str_snippets):
              snippets.append(pat.sub(r'\1', s).split())
              if pat.match(s):
--                snippets[i].append("--log-prefix")
--                snippets[i].append(pat.sub(r'\2', s).replace('"', ''))
--                snippets[i] += pat.sub(r'\3', s).split()
++                snippets[i].extend(self.log_backend.get_logging_options())
++                snippets[i].append(pat.sub(r"\2", s).replace('"', ""))
++                snippets[i] += pat.sub(r"\3", s).split()
          return snippets
@@ -1285,13 +1313,21 @@ class UFWBackendIptables(ufw.backend.UFWBackend):
          # Rate limiting is runtime supported
          # Always delete these and re-add them so that we don't have extras
--        for chain in ['ufw-user-limit', 'ufw6-user-limit']:
--            if (self.caps['limit']['4'] and chain == 'ufw-user-limit') or \
--               (self.caps['limit']['6'] and chain == 'ufw6-user-limit'):
--                self._chain_cmd(chain, ['-D', chain] + \
--                                self.ufw_user_limit_log + \
--                                [self.ufw_user_limit_log_text + " "], \
--                                fail_ok=True)
++        # Try to delete logging rules from all logging backends. If you change
++        # the backend on the first start/reload you will have a lingering
++        # rule from the previous backend otherwise
++        for chain in ["ufw-user-limit", "ufw6-user-limit"]:
++            if (self.caps["limit"]["4"] and chain == "ufw-user-limit") or (
++                self.caps["limit"]["6"] and chain == "ufw6-user-limit"
++            ):
++                for limit_log_rule in self.ufw_user_limit_other_log:
++                    self._chain_cmd(
++                        chain,
++                        ["-D", chain]
++                        + limit_log_rule
++                        + [self.ufw_user_limit_log_text + " "],
++                        fail_ok=True,
++                    )
                  if self.defaults["loglevel"] != "off":
                      self._chain_cmd(chain, ['-I', chain] + \
                                      self.ufw_user_limit_log + \
@@ -1302,6 +1338,7 @@ class UFWBackendIptables(ufw.backend.UFWBackend):
          '''Get rules for specified logging level'''
          rules_t = []
++        log_options = self.log_backend.get_logging_options()
          if level not in list(self.loglevels.keys()):
              err_msg = _("Invalid log level '%s'") % (level)
              raise UFWError(err_msg)
@@ -1333,14 +1370,38 @@ class UFWBackendIptables(ufw.backend.UFWBackend):
                          if self._get_default_policy(t) == "reject" or \
                             self._get_default_policy(t) == "deny":
                              prefix = "[UFW BLOCK] "
--                            rules_t.append([c, ['-A', c, '-j', 'LOG', \
--                                                '--log-prefix', prefix] +
--                                                largs, ''])
++                            rules_t.append(
++                                [
++                                    c,
++                                    [
++                                        "-A",
++                                        c,
++                                        "-j",
++                                        self.log_backend.get_log_target(),
++                                        *log_options,
++                                        prefix,
++                                    ]
++                                    + largs,
++                                    "",
++                                ]
++                            )
                          elif self.loglevels[level] >= self.loglevels["medium"]:
                              prefix = "[UFW ALLOW] "
--                            rules_t.append([c, ['-A', c, '-j', 'LOG', \
--                                                '--log-prefix', prefix] + \
--                                                largs, ''])
++                            rules_t.append(
++                                [
++                                    c,
++                                    [
++                                        "-A",
++                                        c,
++                                        "-j",
++                                        self.log_backend.get_log_target(),
++                                        *log_options,
++                                        prefix,
++                                    ]
++                                    + largs,
++                                    "",
++                                ]
++                            )
              # Setup the miscellaneous logging chains
              largs = []
@@ -1359,14 +1420,40 @@ class UFWBackendIptables(ufw.backend.UFWBackend):
                                              '--ctstate', 'INVALID', \
                                              '-j', 'RETURN'] + largs, ''])
                      else:
--                        rules_t.append([c, ['-A', c, '-m', 'conntrack', \
--                                            '--ctstate', 'INVALID', \
--                                            '-j', 'LOG', \
--                                            '--log-prefix', \
--                                            "[UFW AUDIT INVALID] "] + \
--                                        largs, ''])
--                rules_t.append([c, ['-A', c, '-j', 'LOG', \
--                                    '--log-prefix', prefix] + largs, ''])
++                        rules_t.append(
++                            [
++                                c,
++                                [
++                                    "-A",
++                                    c,
++                                    "-m",
++                                    "conntrack",
++                                    "--ctstate",
++                                    "INVALID",
++                                    "-j",
++                                    self.log_backend.get_log_target(),
++                                    *log_options,
++                                    "[UFW AUDIT INVALID] ",
++                                ]
++                                + largs,
++                                "",
++                            ]
++                        )
++                rules_t.append(
++                    [
++                        c,
++                        [
++                            "-A",
++                            c,
++                            "-j",
++                            self.log_backend.get_log_target(),
++                            *log_options,
++                            prefix,
++                        ]
++                        + largs,
++                        "",
++                    ]
++                )
          # Setup the audit logging chains
          if self.loglevels[level] >= self.loglevels["medium"]:
@@ -1382,9 +1469,22 @@ class UFWBackendIptables(ufw.backend.UFWBackend):
                  largs = ['-m', 'conntrack', '--ctstate', 'NEW'] + limit_args
              prefix = "[UFW AUDIT] "
--            for c in self.chains['before']:
--                rules_t.append([c, ['-I', c, '-j', 'LOG', \
--                                    '--log-prefix', prefix] + largs, ''])
++            for c in self.chains["before"]:
++                rules_t.append(
++                    [
++                        c,
++                        [
++                            "-I",
++                            c,
++                            "-j",
++                            self.log_backend.get_log_target(),
++                            *log_options,
++                            prefix,
++                        ]
++                        + largs,
++                        "",
++                    ]
++                )
          return rules_t
 diff --git a/src/kernel_log_backend.py b/src/kernel_log_backend.py
 new file mode 100644
 index 0000000..4fc9c7a
 --- /dev/null
 +++ b/src/kernel_log_backend.py
@@ -0,0 +1,27 @@
++"""kernel_log_backend.py: backend for kernel (LOG) based logging in ufw"""
++#
++#    This program is free software: you can redistribute it and/or modify
++#    it under the terms of the GNU General Public License version 3,
++#    as published by the Free Software Foundation.
++#
++#    This program is distributed in the hope that it will be useful,
++#    but WITHOUT ANY WARRANTY; without even the implied warranty of
++#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++#    GNU General Public License for more details.
++#
++#    You should have received a copy of the GNU General Public License
++#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
++#
++import ufw.log_backend
++
++
++class UFWLogBackendKernel(ufw.log_backend.UFWLogBackend):
++    """Instance class for UFWLogBackend"""
++
++    own_logging_options = "--log-prefix"
++
++    def __init__(self, additional_logging_options=None):
++        ufw.log_backend.UFWLogBackend.__init__(self, additional_logging_options)
++
++    def get_log_target(self):
++        return "LOG"
 diff --git a/src/log_backend.py b/src/log_backend.py
 new file mode 100644
 index 0000000..f72a7ad
 --- /dev/null
 +++ b/src/log_backend.py
@@ -0,0 +1,42 @@
++"""log_backend.py: interface for ufw logging backend"""
++#
++#    This program is free software: you can redistribute it and/or modify
++#    it under the terms of the GNU General Public License version 3,
++#    as published by the Free Software Foundation.
++#
++#    This program is distributed in the hope that it will be useful,
++#    but WITHOUT ANY WARRANTY; without even the implied warranty of
++#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++#    GNU General Public License for more details.
++#
++#    You should have received a copy of the GNU General Public License
++#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
++#
++
++from ufw.common import UFWError
++
++
++class UFWLogBackend:
++    """Interface for logging backend"""
++
++    own_logging_options = ""
++
++    def __init__(self, additional_logging_options=None):
++        if additional_logging_options is None:
++            self.additional_options = []
++        else:
++            self.additional_options = filter(
++                lambda x: x != self.own_logggin_options,
++                additional_logging_options.split(","),
++            )
++
++    def get_log_target(self):
++        """Return what is the logging target for the backend"""
++        raise UFWError("UFWLogBackend:get_log_target: need to override")
++
++    def get_logging_options(self):
++        """Return the logging options for this logging backend"""
++        ret = []
++        ret.extend(self.additional_options)
++        ret.append(self.own_logging_options)
++        return ret
 diff --git a/src/netfilter_log_backend.py b/src/netfilter_log_backend.py
 new file mode 100644
 index 0000000..d6deb8c
 --- /dev/null
 +++ b/src/netfilter_log_backend.py
@@ -0,0 +1,27 @@
++"""netfilter_log_backend.py: backend for netfilter (NFLOG) based logging in ufw"""
++#
++#    This program is free software: you can redistribute it and/or modify
++#    it under the terms of the GNU General Public License version 3,
++#    as published by the Free Software Foundation.
++#
++#    This program is distributed in the hope that it will be useful,
++#    but WITHOUT ANY WARRANTY; without even the implied warranty of
++#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++#    GNU General Public License for more details.
++#
++#    You should have received a copy of the GNU General Public License
++#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
++#
++import ufw.log_backend
++
++
++class UFWLogBackendNetfilter(ufw.log_backend.UFWLogBackend):
++    """Instance class for UFWLogBackend"""
++
++    own_logging_options = "--nflog-prefix"
++
++    def __init__(self, additional_logging_options=None):
++        ufw.log_backend.UFWLogBackend.__init__(self, additional_logging_options)
++
++    def get_log_target(self):
++        return "NFLOG"
 diff --git a/tests/good/logging_backend/orig b/tests/good/logging_backend/orig
 new file mode 120000
 index 0000000..bdb60f0
 --- /dev/null
 +++ b/tests/good/logging_backend/orig
@@ -0,0 +1 @@
++../../defaults
 \ No newline at end of file
 diff --git a/tests/good/logging_backend/result b/tests/good/logging_backend/result
 new file mode 100644
 index 0000000..154849e
 --- /dev/null
 +++ b/tests/good/logging_backend/result
@@ -0,0 +1,1649 @@
++TESTING NFLOG RULES
++0: allow log 23
++
++
++1: allow log smtp
++
++
++2: allow log tftp
++
++
++3: allow log daytime
++
++
++4: allow log Samba
++
++
++5: allow log Apache
++
++
++6: allow log from 192.168.0.1 port smtp to 10.0.0.1 port smtp
++
++
++7: allow log from 192.168.0.1 app Samba to 10.0.0.1 app Samba
++
++
++contents of user*.rules:
++*filter
++:ufw-user-input - [0:0]
++:ufw-user-output - [0:0]
++:ufw-user-forward - [0:0]
++:ufw-before-logging-input - [0:0]
++:ufw-before-logging-output - [0:0]
++:ufw-before-logging-forward - [0:0]
++:ufw-user-logging-input - [0:0]
++:ufw-user-logging-output - [0:0]
++:ufw-user-logging-forward - [0:0]
++:ufw-after-logging-input - [0:0]
++:ufw-after-logging-output - [0:0]
++:ufw-after-logging-forward - [0:0]
++:ufw-logging-deny - [0:0]
++:ufw-logging-allow - [0:0]
++:ufw-user-limit - [0:0]
++:ufw-user-limit-accept - [0:0]
++### RULES ###
++
++### tuple ### allow_log any 23 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p tcp --dport 23 -j RETURN
++-A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input
++-A ufw-user-input -p tcp --dport 23 -j ACCEPT
++-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p udp --dport 23 -j RETURN
++-A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input
++-A ufw-user-input -p udp --dport 23 -j ACCEPT
++
++### tuple ### allow_log tcp 25 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-logging-input -p tcp --dport 25 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p tcp --dport 25 -j RETURN
++-A ufw-user-input -p tcp --dport 25 -j ufw-user-logging-input
++-A ufw-user-input -p tcp --dport 25 -j ACCEPT
++
++### tuple ### allow_log udp 69 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-logging-input -p udp --dport 69 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p udp --dport 69 -j RETURN
++-A ufw-user-input -p udp --dport 69 -j ufw-user-logging-input
++-A ufw-user-input -p udp --dport 69 -j ACCEPT
++
++### tuple ### allow_log any 13 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-logging-input -p tcp --dport 13 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p tcp --dport 13 -j RETURN
++-A ufw-user-input -p tcp --dport 13 -j ufw-user-logging-input
++-A ufw-user-input -p tcp --dport 13 -j ACCEPT
++-A ufw-user-logging-input -p udp --dport 13 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p udp --dport 13 -j RETURN
++-A ufw-user-input -p udp --dport 13 -j ufw-user-logging-input
++-A ufw-user-input -p udp --dport 13 -j ACCEPT
++
++### tuple ### allow_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
++-A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
++-A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba'
++
++### tuple ### allow_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba'
++
++### tuple ### allow_log tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in
++-A ufw-user-logging-input -p tcp --dport 80 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p tcp --dport 80 -j RETURN
++-A ufw-user-input -p tcp --dport 80 -j ufw-user-logging-input
++-A ufw-user-input -p tcp --dport 80 -j ACCEPT -m comment --comment 'dapp_Apache'
++
++### tuple ### allow_log tcp 25 10.0.0.1 25 192.168.0.1 in
++-A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j RETURN
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-logging-input
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ACCEPT
++
++### tuple ### allow_log udp 137,138 10.0.0.1 137,138 192.168.0.1 Samba Samba in
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j RETURN
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba,sapp_Samba'
++
++### tuple ### allow_log tcp 139,445 10.0.0.1 139,445 192.168.0.1 Samba Samba in
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j RETURN
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba,sapp_Samba'
++
++### END RULES ###
++
++### LOGGING ###
++-A ufw-after-logging-input -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-A ufw-after-logging-forward -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-allow -j NFLOG --nflog-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
++### END LOGGING ###
++
++### RATE LIMITING ###
++-A ufw-user-limit -m limit --limit 3/minute -j NFLOG --nflog-prefix "[UFW LIMIT BLOCK] "
++-A ufw-user-limit -j REJECT
++-A ufw-user-limit-accept -j ACCEPT
++### END RATE LIMITING ###
++COMMIT
++*filter
++:ufw6-user-input - [0:0]
++:ufw6-user-output - [0:0]
++:ufw6-user-forward - [0:0]
++### RULES ###
++COMMIT
++8: delete allow log 23
++
++
++9: delete allow log smtp
++
++
++10: delete allow log tftp
++
++
++11: delete allow log daytime
++
++
++12: delete allow log Samba
++
++
++13: delete allow log Apache
++
++
++14: delete allow log from 192.168.0.1 port smtp to 10.0.0.1 port smtp
++
++
++15: delete allow log from 192.168.0.1 app Samba to 10.0.0.1 app Samba
++
++
++contents of user*.rules:
++*filter
++:ufw-user-input - [0:0]
++:ufw-user-output - [0:0]
++:ufw-user-forward - [0:0]
++:ufw-before-logging-input - [0:0]
++:ufw-before-logging-output - [0:0]
++:ufw-before-logging-forward - [0:0]
++:ufw-user-logging-input - [0:0]
++:ufw-user-logging-output - [0:0]
++:ufw-user-logging-forward - [0:0]
++:ufw-after-logging-input - [0:0]
++:ufw-after-logging-output - [0:0]
++:ufw-after-logging-forward - [0:0]
++:ufw-logging-deny - [0:0]
++:ufw-logging-allow - [0:0]
++:ufw-user-limit - [0:0]
++:ufw-user-limit-accept - [0:0]
++### RULES ###
++
++### END RULES ###
++
++### LOGGING ###
++-A ufw-after-logging-input -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-A ufw-after-logging-forward -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-allow -j NFLOG --nflog-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
++### END LOGGING ###
++
++### RATE LIMITING ###
++-A ufw-user-limit -m limit --limit 3/minute -j NFLOG --nflog-prefix "[UFW LIMIT BLOCK] "
++-A ufw-user-limit -j REJECT
++-A ufw-user-limit-accept -j ACCEPT
++### END RATE LIMITING ###
++COMMIT
++*filter
++:ufw6-user-input - [0:0]
++:ufw6-user-output - [0:0]
++:ufw6-user-forward - [0:0]
++### RULES ###
++COMMIT
++16: allow log-all 23
++
++
++17: allow log-all smtp
++
++
++18: allow log-all tftp
++
++
++19: allow log-all daytime
++
++
++20: allow log-all Samba
++
++
++21: allow log-all Apache
++
++
++22: allow log-all from 192.168.0.1 port smtp to 10.0.0.1 port smtp
++
++
++23: allow log-all from 192.168.0.1 app Samba to 10.0.0.1 app Samba
++
++
++contents of user*.rules:
++*filter
++:ufw-user-input - [0:0]
++:ufw-user-output - [0:0]
++:ufw-user-forward - [0:0]
++:ufw-before-logging-input - [0:0]
++:ufw-before-logging-output - [0:0]
++:ufw-before-logging-forward - [0:0]
++:ufw-user-logging-input - [0:0]
++:ufw-user-logging-output - [0:0]
++:ufw-user-logging-forward - [0:0]
++:ufw-after-logging-input - [0:0]
++:ufw-after-logging-output - [0:0]
++:ufw-after-logging-forward - [0:0]
++:ufw-logging-deny - [0:0]
++:ufw-logging-allow - [0:0]
++:ufw-user-limit - [0:0]
++:ufw-user-limit-accept - [0:0]
++### RULES ###
++
++### tuple ### allow_log-all any 23 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p tcp --dport 23 -j RETURN
++-A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input
++-A ufw-user-input -p tcp --dport 23 -j ACCEPT
++-A ufw-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p udp --dport 23 -j RETURN
++-A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input
++-A ufw-user-input -p udp --dport 23 -j ACCEPT
++
++### tuple ### allow_log-all tcp 25 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-logging-input -p tcp --dport 25 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p tcp --dport 25 -j RETURN
++-A ufw-user-input -p tcp --dport 25 -j ufw-user-logging-input
++-A ufw-user-input -p tcp --dport 25 -j ACCEPT
++
++### tuple ### allow_log-all udp 69 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-logging-input -p udp --dport 69 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p udp --dport 69 -j RETURN
++-A ufw-user-input -p udp --dport 69 -j ufw-user-logging-input
++-A ufw-user-input -p udp --dport 69 -j ACCEPT
++
++### tuple ### allow_log-all any 13 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-logging-input -p tcp --dport 13 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p tcp --dport 13 -j RETURN
++-A ufw-user-input -p tcp --dport 13 -j ufw-user-logging-input
++-A ufw-user-input -p tcp --dport 13 -j ACCEPT
++-A ufw-user-logging-input -p udp --dport 13 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p udp --dport 13 -j RETURN
++-A ufw-user-input -p udp --dport 13 -j ufw-user-logging-input
++-A ufw-user-input -p udp --dport 13 -j ACCEPT
++
++### tuple ### allow_log-all udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
++-A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
++-A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba'
++
++### tuple ### allow_log-all tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba'
++
++### tuple ### allow_log-all tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in
++-A ufw-user-logging-input -p tcp --dport 80 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p tcp --dport 80 -j RETURN
++-A ufw-user-input -p tcp --dport 80 -j ufw-user-logging-input
++-A ufw-user-input -p tcp --dport 80 -j ACCEPT -m comment --comment 'dapp_Apache'
++
++### tuple ### allow_log-all tcp 25 10.0.0.1 25 192.168.0.1 in
++-A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j RETURN
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-logging-input
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ACCEPT
++
++### tuple ### allow_log-all udp 137,138 10.0.0.1 137,138 192.168.0.1 Samba Samba in
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j RETURN
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba,sapp_Samba'
++
++### tuple ### allow_log-all tcp 139,445 10.0.0.1 139,445 192.168.0.1 Samba Samba in
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j RETURN
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba,sapp_Samba'
++
++### END RULES ###
++
++### LOGGING ###
++-A ufw-after-logging-input -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-A ufw-after-logging-forward -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-allow -j NFLOG --nflog-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
++### END LOGGING ###
++
++### RATE LIMITING ###
++-A ufw-user-limit -m limit --limit 3/minute -j NFLOG --nflog-prefix "[UFW LIMIT BLOCK] "
++-A ufw-user-limit -j REJECT
++-A ufw-user-limit-accept -j ACCEPT
++### END RATE LIMITING ###
++COMMIT
++*filter
++:ufw6-user-input - [0:0]
++:ufw6-user-output - [0:0]
++:ufw6-user-forward - [0:0]
++### RULES ###
++COMMIT
++24: delete allow log-all 23
++
++
++25: delete allow log-all smtp
++
++
++26: delete allow log-all tftp
++
++
++27: delete allow log-all daytime
++
++
++28: delete allow log-all Samba
++
++
++29: delete allow log-all Apache
++
++
++30: delete allow log-all from 192.168.0.1 port smtp to 10.0.0.1 port smtp
++
++
++31: delete allow log-all from 192.168.0.1 app Samba to 10.0.0.1 app Samba
++
++
++contents of user*.rules:
++*filter
++:ufw-user-input - [0:0]
++:ufw-user-output - [0:0]
++:ufw-user-forward - [0:0]
++:ufw-before-logging-input - [0:0]
++:ufw-before-logging-output - [0:0]
++:ufw-before-logging-forward - [0:0]
++:ufw-user-logging-input - [0:0]
++:ufw-user-logging-output - [0:0]
++:ufw-user-logging-forward - [0:0]
++:ufw-after-logging-input - [0:0]
++:ufw-after-logging-output - [0:0]
++:ufw-after-logging-forward - [0:0]
++:ufw-logging-deny - [0:0]
++:ufw-logging-allow - [0:0]
++:ufw-user-limit - [0:0]
++:ufw-user-limit-accept - [0:0]
++### RULES ###
++
++### END RULES ###
++
++### LOGGING ###
++-A ufw-after-logging-input -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-A ufw-after-logging-forward -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-allow -j NFLOG --nflog-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
++### END LOGGING ###
++
++### RATE LIMITING ###
++-A ufw-user-limit -m limit --limit 3/minute -j NFLOG --nflog-prefix "[UFW LIMIT BLOCK] "
++-A ufw-user-limit -j REJECT
++-A ufw-user-limit-accept -j ACCEPT
++### END RATE LIMITING ###
++COMMIT
++*filter
++:ufw6-user-input - [0:0]
++:ufw6-user-output - [0:0]
++:ufw6-user-forward - [0:0]
++### RULES ###
++COMMIT
++32: deny log 23
++
++
++33: deny log smtp
++
++
++34: deny log tftp
++
++
++35: deny log daytime
++
++
++36: deny log Samba
++
++
++37: deny log Apache
++
++
++38: deny log from 192.168.0.1 port smtp to 10.0.0.1 port smtp
++
++
++39: deny log from 192.168.0.1 app Samba to 10.0.0.1 app Samba
++
++
++contents of user*.rules:
++*filter
++:ufw-user-input - [0:0]
++:ufw-user-output - [0:0]
++:ufw-user-forward - [0:0]
++:ufw-before-logging-input - [0:0]
++:ufw-before-logging-output - [0:0]
++:ufw-before-logging-forward - [0:0]
++:ufw-user-logging-input - [0:0]
++:ufw-user-logging-output - [0:0]
++:ufw-user-logging-forward - [0:0]
++:ufw-after-logging-input - [0:0]
++:ufw-after-logging-output - [0:0]
++:ufw-after-logging-forward - [0:0]
++:ufw-logging-deny - [0:0]
++:ufw-logging-allow - [0:0]
++:ufw-user-limit - [0:0]
++:ufw-user-limit-accept - [0:0]
++### RULES ###
++
++### tuple ### deny_log any 23 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp --dport 23 -j RETURN
++-A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input
++-A ufw-user-input -p tcp --dport 23 -j DROP
++-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp --dport 23 -j RETURN
++-A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input
++-A ufw-user-input -p udp --dport 23 -j DROP
++
++### tuple ### deny_log tcp 25 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-logging-input -p tcp --dport 25 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp --dport 25 -j RETURN
++-A ufw-user-input -p tcp --dport 25 -j ufw-user-logging-input
++-A ufw-user-input -p tcp --dport 25 -j DROP
++
++### tuple ### deny_log udp 69 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-logging-input -p udp --dport 69 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp --dport 69 -j RETURN
++-A ufw-user-input -p udp --dport 69 -j ufw-user-logging-input
++-A ufw-user-input -p udp --dport 69 -j DROP
++
++### tuple ### deny_log any 13 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-logging-input -p tcp --dport 13 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp --dport 13 -j RETURN
++-A ufw-user-input -p tcp --dport 13 -j ufw-user-logging-input
++-A ufw-user-input -p tcp --dport 13 -j DROP
++-A ufw-user-logging-input -p udp --dport 13 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp --dport 13 -j RETURN
++-A ufw-user-input -p udp --dport 13 -j ufw-user-logging-input
++-A ufw-user-input -p udp --dport 13 -j DROP
++
++### tuple ### deny_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
++-A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
++-A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba'
++
++### tuple ### deny_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba'
++
++### tuple ### deny_log tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in
++-A ufw-user-logging-input -p tcp --dport 80 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp --dport 80 -j RETURN
++-A ufw-user-input -p tcp --dport 80 -j ufw-user-logging-input
++-A ufw-user-input -p tcp --dport 80 -j DROP -m comment --comment 'dapp_Apache'
++
++### tuple ### deny_log tcp 25 10.0.0.1 25 192.168.0.1 in
++-A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j RETURN
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-logging-input
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j DROP
++
++### tuple ### deny_log udp 137,138 10.0.0.1 137,138 192.168.0.1 Samba Samba in
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j RETURN
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j DROP -m comment --comment 'dapp_Samba,sapp_Samba'
++
++### tuple ### deny_log tcp 139,445 10.0.0.1 139,445 192.168.0.1 Samba Samba in
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j RETURN
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j DROP -m comment --comment 'dapp_Samba,sapp_Samba'
++
++### END RULES ###
++
++### LOGGING ###
++-A ufw-after-logging-input -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-A ufw-after-logging-forward -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-allow -j NFLOG --nflog-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
++### END LOGGING ###
++
++### RATE LIMITING ###
++-A ufw-user-limit -m limit --limit 3/minute -j NFLOG --nflog-prefix "[UFW LIMIT BLOCK] "
++-A ufw-user-limit -j REJECT
++-A ufw-user-limit-accept -j ACCEPT
++### END RATE LIMITING ###
++COMMIT
++*filter
++:ufw6-user-input - [0:0]
++:ufw6-user-output - [0:0]
++:ufw6-user-forward - [0:0]
++### RULES ###
++COMMIT
++40: delete deny log 23
++
++
++41: delete deny log smtp
++
++
++42: delete deny log tftp
++
++
++43: delete deny log daytime
++
++
++44: delete deny log Samba
++
++
++45: delete deny log Apache
++
++
++46: delete deny log from 192.168.0.1 port smtp to 10.0.0.1 port smtp
++
++
++47: delete deny log from 192.168.0.1 app Samba to 10.0.0.1 app Samba
++
++
++contents of user*.rules:
++*filter
++:ufw-user-input - [0:0]
++:ufw-user-output - [0:0]
++:ufw-user-forward - [0:0]
++:ufw-before-logging-input - [0:0]
++:ufw-before-logging-output - [0:0]
++:ufw-before-logging-forward - [0:0]
++:ufw-user-logging-input - [0:0]
++:ufw-user-logging-output - [0:0]
++:ufw-user-logging-forward - [0:0]
++:ufw-after-logging-input - [0:0]
++:ufw-after-logging-output - [0:0]
++:ufw-after-logging-forward - [0:0]
++:ufw-logging-deny - [0:0]
++:ufw-logging-allow - [0:0]
++:ufw-user-limit - [0:0]
++:ufw-user-limit-accept - [0:0]
++### RULES ###
++
++### END RULES ###
++
++### LOGGING ###
++-A ufw-after-logging-input -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-A ufw-after-logging-forward -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-allow -j NFLOG --nflog-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
++### END LOGGING ###
++
++### RATE LIMITING ###
++-A ufw-user-limit -m limit --limit 3/minute -j NFLOG --nflog-prefix "[UFW LIMIT BLOCK] "
++-A ufw-user-limit -j REJECT
++-A ufw-user-limit-accept -j ACCEPT
++### END RATE LIMITING ###
++COMMIT
++*filter
++:ufw6-user-input - [0:0]
++:ufw6-user-output - [0:0]
++:ufw6-user-forward - [0:0]
++### RULES ###
++COMMIT
++48: deny log-all 23
++
++
++49: deny log-all smtp
++
++
++50: deny log-all tftp
++
++
++51: deny log-all daytime
++
++
++52: deny log-all Samba
++
++
++53: deny log-all Apache
++
++
++54: deny log-all from 192.168.0.1 port smtp to 10.0.0.1 port smtp
++
++
++55: deny log-all from 192.168.0.1 app Samba to 10.0.0.1 app Samba
++
++
++contents of user*.rules:
++*filter
++:ufw-user-input - [0:0]
++:ufw-user-output - [0:0]
++:ufw-user-forward - [0:0]
++:ufw-before-logging-input - [0:0]
++:ufw-before-logging-output - [0:0]
++:ufw-before-logging-forward - [0:0]
++:ufw-user-logging-input - [0:0]
++:ufw-user-logging-output - [0:0]
++:ufw-user-logging-forward - [0:0]
++:ufw-after-logging-input - [0:0]
++:ufw-after-logging-output - [0:0]
++:ufw-after-logging-forward - [0:0]
++:ufw-logging-deny - [0:0]
++:ufw-logging-allow - [0:0]
++:ufw-user-limit - [0:0]
++:ufw-user-limit-accept - [0:0]
++### RULES ###
++
++### tuple ### deny_log-all any 23 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp --dport 23 -j RETURN
++-A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input
++-A ufw-user-input -p tcp --dport 23 -j DROP
++-A ufw-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp --dport 23 -j RETURN
++-A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input
++-A ufw-user-input -p udp --dport 23 -j DROP
++
++### tuple ### deny_log-all tcp 25 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-logging-input -p tcp --dport 25 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp --dport 25 -j RETURN
++-A ufw-user-input -p tcp --dport 25 -j ufw-user-logging-input
++-A ufw-user-input -p tcp --dport 25 -j DROP
++
++### tuple ### deny_log-all udp 69 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-logging-input -p udp --dport 69 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp --dport 69 -j RETURN
++-A ufw-user-input -p udp --dport 69 -j ufw-user-logging-input
++-A ufw-user-input -p udp --dport 69 -j DROP
++
++### tuple ### deny_log-all any 13 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-logging-input -p tcp --dport 13 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp --dport 13 -j RETURN
++-A ufw-user-input -p tcp --dport 13 -j ufw-user-logging-input
++-A ufw-user-input -p tcp --dport 13 -j DROP
++-A ufw-user-logging-input -p udp --dport 13 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp --dport 13 -j RETURN
++-A ufw-user-input -p udp --dport 13 -j ufw-user-logging-input
++-A ufw-user-input -p udp --dport 13 -j DROP
++
++### tuple ### deny_log-all udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
++-A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
++-A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba'
++
++### tuple ### deny_log-all tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba'
++
++### tuple ### deny_log-all tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in
++-A ufw-user-logging-input -p tcp --dport 80 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp --dport 80 -j RETURN
++-A ufw-user-input -p tcp --dport 80 -j ufw-user-logging-input
++-A ufw-user-input -p tcp --dport 80 -j DROP -m comment --comment 'dapp_Apache'
++
++### tuple ### deny_log-all tcp 25 10.0.0.1 25 192.168.0.1 in
++-A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j RETURN
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-logging-input
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j DROP
++
++### tuple ### deny_log-all udp 137,138 10.0.0.1 137,138 192.168.0.1 Samba Samba in
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j RETURN
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j DROP -m comment --comment 'dapp_Samba,sapp_Samba'
++
++### tuple ### deny_log-all tcp 139,445 10.0.0.1 139,445 192.168.0.1 Samba Samba in
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j RETURN
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j DROP -m comment --comment 'dapp_Samba,sapp_Samba'
++
++### END RULES ###
++
++### LOGGING ###
++-A ufw-after-logging-input -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-A ufw-after-logging-forward -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-allow -j NFLOG --nflog-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
++### END LOGGING ###
++
++### RATE LIMITING ###
++-A ufw-user-limit -m limit --limit 3/minute -j NFLOG --nflog-prefix "[UFW LIMIT BLOCK] "
++-A ufw-user-limit -j REJECT
++-A ufw-user-limit-accept -j ACCEPT
++### END RATE LIMITING ###
++COMMIT
++*filter
++:ufw6-user-input - [0:0]
++:ufw6-user-output - [0:0]
++:ufw6-user-forward - [0:0]
++### RULES ###
++COMMIT
++56: delete deny log-all 23
++
++
++57: delete deny log-all smtp
++
++
++58: delete deny log-all tftp
++
++
++59: delete deny log-all daytime
++
++
++60: delete deny log-all Samba
++
++
++61: delete deny log-all Apache
++
++
++62: delete deny log-all from 192.168.0.1 port smtp to 10.0.0.1 port smtp
++
++
++63: delete deny log-all from 192.168.0.1 app Samba to 10.0.0.1 app Samba
++
++
++contents of user*.rules:
++*filter
++:ufw-user-input - [0:0]
++:ufw-user-output - [0:0]
++:ufw-user-forward - [0:0]
++:ufw-before-logging-input - [0:0]
++:ufw-before-logging-output - [0:0]
++:ufw-before-logging-forward - [0:0]
++:ufw-user-logging-input - [0:0]
++:ufw-user-logging-output - [0:0]
++:ufw-user-logging-forward - [0:0]
++:ufw-after-logging-input - [0:0]
++:ufw-after-logging-output - [0:0]
++:ufw-after-logging-forward - [0:0]
++:ufw-logging-deny - [0:0]
++:ufw-logging-allow - [0:0]
++:ufw-user-limit - [0:0]
++:ufw-user-limit-accept - [0:0]
++### RULES ###
++
++### END RULES ###
++
++### LOGGING ###
++-A ufw-after-logging-input -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-A ufw-after-logging-forward -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-allow -j NFLOG --nflog-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
++### END LOGGING ###
++
++### RATE LIMITING ###
++-A ufw-user-limit -m limit --limit 3/minute -j NFLOG --nflog-prefix "[UFW LIMIT BLOCK] "
++-A ufw-user-limit -j REJECT
++-A ufw-user-limit-accept -j ACCEPT
++### END RATE LIMITING ###
++COMMIT
++*filter
++:ufw6-user-input - [0:0]
++:ufw6-user-output - [0:0]
++:ufw6-user-forward - [0:0]
++### RULES ###
++COMMIT
++64: limit log 23
++
++
++65: limit log smtp
++
++
++66: limit log tftp
++
++
++67: limit log daytime
++
++
++68: limit log Samba
++
++
++69: limit log Apache
++
++
++70: limit log from 192.168.0.1 port smtp to 10.0.0.1 port smtp
++
++
++71: limit log from 192.168.0.1 app Samba to 10.0.0.1 app Samba
++
++
++contents of user*.rules:
++*filter
++:ufw-user-input - [0:0]
++:ufw-user-output - [0:0]
++:ufw-user-forward - [0:0]
++:ufw-before-logging-input - [0:0]
++:ufw-before-logging-output - [0:0]
++:ufw-before-logging-forward - [0:0]
++:ufw-user-logging-input - [0:0]
++:ufw-user-logging-output - [0:0]
++:ufw-user-logging-forward - [0:0]
++:ufw-after-logging-input - [0:0]
++:ufw-after-logging-output - [0:0]
++:ufw-after-logging-forward - [0:0]
++:ufw-logging-deny - [0:0]
++:ufw-logging-allow - [0:0]
++:ufw-user-limit - [0:0]
++:ufw-user-limit-accept - [0:0]
++### RULES ###
++
++### tuple ### limit_log any 23 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p tcp --dport 23 -j RETURN
++-A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input
++-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp --dport 23 -j ufw-user-limit-accept
++-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p udp --dport 23 -j RETURN
++-A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input
++-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp --dport 23 -j ufw-user-limit-accept
++
++### tuple ### limit_log tcp 25 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-logging-input -p tcp --dport 25 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p tcp --dport 25 -j RETURN
++-A ufw-user-input -p tcp --dport 25 -j ufw-user-logging-input
++-A ufw-user-input -p tcp --dport 25 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp --dport 25 -j ufw-user-limit-accept
++
++### tuple ### limit_log udp 69 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-logging-input -p udp --dport 69 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p udp --dport 69 -j RETURN
++-A ufw-user-input -p udp --dport 69 -j ufw-user-logging-input
++-A ufw-user-input -p udp --dport 69 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp --dport 69 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp --dport 69 -j ufw-user-limit-accept
++
++### tuple ### limit_log any 13 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-logging-input -p tcp --dport 13 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p tcp --dport 13 -j RETURN
++-A ufw-user-input -p tcp --dport 13 -j ufw-user-logging-input
++-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp --dport 13 -j ufw-user-limit-accept
++-A ufw-user-logging-input -p udp --dport 13 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p udp --dport 13 -j RETURN
++-A ufw-user-input -p udp --dport 13 -j ufw-user-logging-input
++-A ufw-user-input -p udp --dport 13 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp --dport 13 -j ufw-user-limit-accept
++
++### tuple ### limit_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
++-A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
++
++### tuple ### limit_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
++
++### tuple ### limit_log tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in
++-A ufw-user-logging-input -p tcp --dport 80 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p tcp --dport 80 -j RETURN
++-A ufw-user-input -p tcp --dport 80 -j ufw-user-logging-input
++-A ufw-user-input -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache'
++-A ufw-user-input -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache'
++-A ufw-user-input -p tcp --dport 80 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache'
++
++### tuple ### limit_log tcp 25 10.0.0.1 25 192.168.0.1 in
++-A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j RETURN
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-logging-input
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-limit-accept
++
++### tuple ### limit_log udp 137,138 10.0.0.1 137,138 192.168.0.1 Samba Samba in
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j RETURN
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba'
++
++### tuple ### limit_log tcp 139,445 10.0.0.1 139,445 192.168.0.1 Samba Samba in
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j RETURN
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba'
++
++### END RULES ###
++
++### LOGGING ###
++-A ufw-after-logging-input -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-A ufw-after-logging-forward -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-allow -j NFLOG --nflog-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
++### END LOGGING ###
++
++### RATE LIMITING ###
++-A ufw-user-limit -m limit --limit 3/minute -j NFLOG --nflog-prefix "[UFW LIMIT BLOCK] "
++-A ufw-user-limit -j REJECT
++-A ufw-user-limit-accept -j ACCEPT
++### END RATE LIMITING ###
++COMMIT
++*filter
++:ufw6-user-input - [0:0]
++:ufw6-user-output - [0:0]
++:ufw6-user-forward - [0:0]
++### RULES ###
++COMMIT
++72: delete limit log 23
++
++
++73: delete limit log smtp
++
++
++74: delete limit log tftp
++
++
++75: delete limit log daytime
++
++
++76: delete limit log Samba
++
++
++77: delete limit log Apache
++
++
++78: delete limit log from 192.168.0.1 port smtp to 10.0.0.1 port smtp
++
++
++79: delete limit log from 192.168.0.1 app Samba to 10.0.0.1 app Samba
++
++
++contents of user*.rules:
++*filter
++:ufw-user-input - [0:0]
++:ufw-user-output - [0:0]
++:ufw-user-forward - [0:0]
++:ufw-before-logging-input - [0:0]
++:ufw-before-logging-output - [0:0]
++:ufw-before-logging-forward - [0:0]
++:ufw-user-logging-input - [0:0]
++:ufw-user-logging-output - [0:0]
++:ufw-user-logging-forward - [0:0]
++:ufw-after-logging-input - [0:0]
++:ufw-after-logging-output - [0:0]
++:ufw-after-logging-forward - [0:0]
++:ufw-logging-deny - [0:0]
++:ufw-logging-allow - [0:0]
++:ufw-user-limit - [0:0]
++:ufw-user-limit-accept - [0:0]
++### RULES ###
++
++### END RULES ###
++
++### LOGGING ###
++-A ufw-after-logging-input -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-A ufw-after-logging-forward -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-allow -j NFLOG --nflog-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
++### END LOGGING ###
++
++### RATE LIMITING ###
++-A ufw-user-limit -m limit --limit 3/minute -j NFLOG --nflog-prefix "[UFW LIMIT BLOCK] "
++-A ufw-user-limit -j REJECT
++-A ufw-user-limit-accept -j ACCEPT
++### END RATE LIMITING ###
++COMMIT
++*filter
++:ufw6-user-input - [0:0]
++:ufw6-user-output - [0:0]
++:ufw6-user-forward - [0:0]
++### RULES ###
++COMMIT
++80: limit log-all 23
++
++
++81: limit log-all smtp
++
++
++82: limit log-all tftp
++
++
++83: limit log-all daytime
++
++
++84: limit log-all Samba
++
++
++85: limit log-all Apache
++
++
++86: limit log-all from 192.168.0.1 port smtp to 10.0.0.1 port smtp
++
++
++87: limit log-all from 192.168.0.1 app Samba to 10.0.0.1 app Samba
++
++
++contents of user*.rules:
++*filter
++:ufw-user-input - [0:0]
++:ufw-user-output - [0:0]
++:ufw-user-forward - [0:0]
++:ufw-before-logging-input - [0:0]
++:ufw-before-logging-output - [0:0]
++:ufw-before-logging-forward - [0:0]
++:ufw-user-logging-input - [0:0]
++:ufw-user-logging-output - [0:0]
++:ufw-user-logging-forward - [0:0]
++:ufw-after-logging-input - [0:0]
++:ufw-after-logging-output - [0:0]
++:ufw-after-logging-forward - [0:0]
++:ufw-logging-deny - [0:0]
++:ufw-logging-allow - [0:0]
++:ufw-user-limit - [0:0]
++:ufw-user-limit-accept - [0:0]
++### RULES ###
++
++### tuple ### limit_log-all any 23 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p tcp --dport 23 -j RETURN
++-A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input
++-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp --dport 23 -j ufw-user-limit-accept
++-A ufw-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p udp --dport 23 -j RETURN
++-A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input
++-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp --dport 23 -j ufw-user-limit-accept
++
++### tuple ### limit_log-all tcp 25 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-logging-input -p tcp --dport 25 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p tcp --dport 25 -j RETURN
++-A ufw-user-input -p tcp --dport 25 -j ufw-user-logging-input
++-A ufw-user-input -p tcp --dport 25 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp --dport 25 -j ufw-user-limit-accept
++
++### tuple ### limit_log-all udp 69 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-logging-input -p udp --dport 69 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p udp --dport 69 -j RETURN
++-A ufw-user-input -p udp --dport 69 -j ufw-user-logging-input
++-A ufw-user-input -p udp --dport 69 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp --dport 69 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp --dport 69 -j ufw-user-limit-accept
++
++### tuple ### limit_log-all any 13 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-logging-input -p tcp --dport 13 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p tcp --dport 13 -j RETURN
++-A ufw-user-input -p tcp --dport 13 -j ufw-user-logging-input
++-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp --dport 13 -j ufw-user-limit-accept
++-A ufw-user-logging-input -p udp --dport 13 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p udp --dport 13 -j RETURN
++-A ufw-user-input -p udp --dport 13 -j ufw-user-logging-input
++-A ufw-user-input -p udp --dport 13 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp --dport 13 -j ufw-user-limit-accept
++
++### tuple ### limit_log-all udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
++-A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
++
++### tuple ### limit_log-all tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
++
++### tuple ### limit_log-all tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in
++-A ufw-user-logging-input -p tcp --dport 80 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p tcp --dport 80 -j RETURN
++-A ufw-user-input -p tcp --dport 80 -j ufw-user-logging-input
++-A ufw-user-input -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache'
++-A ufw-user-input -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache'
++-A ufw-user-input -p tcp --dport 80 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache'
++
++### tuple ### limit_log-all tcp 25 10.0.0.1 25 192.168.0.1 in
++-A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j RETURN
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-logging-input
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-limit-accept
++
++### tuple ### limit_log-all udp 137,138 10.0.0.1 137,138 192.168.0.1 Samba Samba in
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j RETURN
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba'
++
++### tuple ### limit_log-all tcp 139,445 10.0.0.1 139,445 192.168.0.1 Samba Samba in
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j RETURN
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba'
++
++### END RULES ###
++
++### LOGGING ###
++-A ufw-after-logging-input -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-A ufw-after-logging-forward -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-allow -j NFLOG --nflog-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
++### END LOGGING ###
++
++### RATE LIMITING ###
++-A ufw-user-limit -m limit --limit 3/minute -j NFLOG --nflog-prefix "[UFW LIMIT BLOCK] "
++-A ufw-user-limit -j REJECT
++-A ufw-user-limit-accept -j ACCEPT
++### END RATE LIMITING ###
++COMMIT
++*filter
++:ufw6-user-input - [0:0]
++:ufw6-user-output - [0:0]
++:ufw6-user-forward - [0:0]
++### RULES ###
++COMMIT
++88: delete limit log-all 23
++
++
++89: delete limit log-all smtp
++
++
++90: delete limit log-all tftp
++
++
++91: delete limit log-all daytime
++
++
++92: delete limit log-all Samba
++
++
++93: delete limit log-all Apache
++
++
++94: delete limit log-all from 192.168.0.1 port smtp to 10.0.0.1 port smtp
++
++
++95: delete limit log-all from 192.168.0.1 app Samba to 10.0.0.1 app Samba
++
++
++contents of user*.rules:
++*filter
++:ufw-user-input - [0:0]
++:ufw-user-output - [0:0]
++:ufw-user-forward - [0:0]
++:ufw-before-logging-input - [0:0]
++:ufw-before-logging-output - [0:0]
++:ufw-before-logging-forward - [0:0]
++:ufw-user-logging-input - [0:0]
++:ufw-user-logging-output - [0:0]
++:ufw-user-logging-forward - [0:0]
++:ufw-after-logging-input - [0:0]
++:ufw-after-logging-output - [0:0]
++:ufw-after-logging-forward - [0:0]
++:ufw-logging-deny - [0:0]
++:ufw-logging-allow - [0:0]
++:ufw-user-limit - [0:0]
++:ufw-user-limit-accept - [0:0]
++### RULES ###
++
++### END RULES ###
++
++### LOGGING ###
++-A ufw-after-logging-input -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-A ufw-after-logging-forward -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-allow -j NFLOG --nflog-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
++### END LOGGING ###
++
++### RATE LIMITING ###
++-A ufw-user-limit -m limit --limit 3/minute -j NFLOG --nflog-prefix "[UFW LIMIT BLOCK] "
++-A ufw-user-limit -j REJECT
++-A ufw-user-limit-accept -j ACCEPT
++### END RATE LIMITING ###
++COMMIT
++*filter
++:ufw6-user-input - [0:0]
++:ufw6-user-output - [0:0]
++:ufw6-user-forward - [0:0]
++### RULES ###
++COMMIT
++96: reject log 23
++
++
++97: reject log smtp
++
++
++98: reject log tftp
++
++
++99: reject log daytime
++
++
++100: reject log Samba
++
++
++101: reject log Apache
++
++
++102: reject log from 192.168.0.1 port smtp to 10.0.0.1 port smtp
++
++
++103: reject log from 192.168.0.1 app Samba to 10.0.0.1 app Samba
++
++
++contents of user*.rules:
++*filter
++:ufw-user-input - [0:0]
++:ufw-user-output - [0:0]
++:ufw-user-forward - [0:0]
++:ufw-before-logging-input - [0:0]
++:ufw-before-logging-output - [0:0]
++:ufw-before-logging-forward - [0:0]
++:ufw-user-logging-input - [0:0]
++:ufw-user-logging-output - [0:0]
++:ufw-user-logging-forward - [0:0]
++:ufw-after-logging-input - [0:0]
++:ufw-after-logging-output - [0:0]
++:ufw-after-logging-forward - [0:0]
++:ufw-logging-deny - [0:0]
++:ufw-logging-allow - [0:0]
++:ufw-user-limit - [0:0]
++:ufw-user-limit-accept - [0:0]
++### RULES ###
++
++### tuple ### reject_log any 23 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp --dport 23 -j RETURN
++-A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input
++-A ufw-user-input -p tcp --dport 23 -j REJECT --reject-with tcp-reset
++-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp --dport 23 -j RETURN
++-A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input
++-A ufw-user-input -p udp --dport 23 -j REJECT
++
++### tuple ### reject_log tcp 25 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-logging-input -p tcp --dport 25 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp --dport 25 -j RETURN
++-A ufw-user-input -p tcp --dport 25 -j ufw-user-logging-input
++-A ufw-user-input -p tcp --dport 25 -j REJECT --reject-with tcp-reset
++
++### tuple ### reject_log udp 69 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-logging-input -p udp --dport 69 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp --dport 69 -j RETURN
++-A ufw-user-input -p udp --dport 69 -j ufw-user-logging-input
++-A ufw-user-input -p udp --dport 69 -j REJECT
++
++### tuple ### reject_log any 13 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-logging-input -p tcp --dport 13 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp --dport 13 -j RETURN
++-A ufw-user-input -p tcp --dport 13 -j ufw-user-logging-input
++-A ufw-user-input -p tcp --dport 13 -j REJECT --reject-with tcp-reset
++-A ufw-user-logging-input -p udp --dport 13 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp --dport 13 -j RETURN
++-A ufw-user-input -p udp --dport 13 -j ufw-user-logging-input
++-A ufw-user-input -p udp --dport 13 -j REJECT
++
++### tuple ### reject_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
++-A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
++-A ufw-user-input -p udp -m multiport --dports 137,138 -j REJECT -m comment --comment 'dapp_Samba'
++
++### tuple ### reject_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba'
++
++### tuple ### reject_log tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in
++-A ufw-user-logging-input -p tcp --dport 80 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp --dport 80 -j RETURN
++-A ufw-user-input -p tcp --dport 80 -j ufw-user-logging-input
++-A ufw-user-input -p tcp --dport 80 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Apache'
++
++### tuple ### reject_log tcp 25 10.0.0.1 25 192.168.0.1 in
++-A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j RETURN
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-logging-input
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j REJECT --reject-with tcp-reset
++
++### tuple ### reject_log udp 137,138 10.0.0.1 137,138 192.168.0.1 Samba Samba in
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j RETURN
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j REJECT -m comment --comment 'dapp_Samba,sapp_Samba'
++
++### tuple ### reject_log tcp 139,445 10.0.0.1 139,445 192.168.0.1 Samba Samba in
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j RETURN
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba,sapp_Samba'
++
++### END RULES ###
++
++### LOGGING ###
++-A ufw-after-logging-input -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-A ufw-after-logging-forward -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-allow -j NFLOG --nflog-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
++### END LOGGING ###
++
++### RATE LIMITING ###
++-A ufw-user-limit -m limit --limit 3/minute -j NFLOG --nflog-prefix "[UFW LIMIT BLOCK] "
++-A ufw-user-limit -j REJECT
++-A ufw-user-limit-accept -j ACCEPT
++### END RATE LIMITING ###
++COMMIT
++*filter
++:ufw6-user-input - [0:0]
++:ufw6-user-output - [0:0]
++:ufw6-user-forward - [0:0]
++### RULES ###
++COMMIT
++104: delete reject log 23
++
++
++105: delete reject log smtp
++
++
++106: delete reject log tftp
++
++
++107: delete reject log daytime
++
++
++108: delete reject log Samba
++
++
++109: delete reject log Apache
++
++
++110: delete reject log from 192.168.0.1 port smtp to 10.0.0.1 port smtp
++
++
++111: delete reject log from 192.168.0.1 app Samba to 10.0.0.1 app Samba
++
++
++contents of user*.rules:
++*filter
++:ufw-user-input - [0:0]
++:ufw-user-output - [0:0]
++:ufw-user-forward - [0:0]
++:ufw-before-logging-input - [0:0]
++:ufw-before-logging-output - [0:0]
++:ufw-before-logging-forward - [0:0]
++:ufw-user-logging-input - [0:0]
++:ufw-user-logging-output - [0:0]
++:ufw-user-logging-forward - [0:0]
++:ufw-after-logging-input - [0:0]
++:ufw-after-logging-output - [0:0]
++:ufw-after-logging-forward - [0:0]
++:ufw-logging-deny - [0:0]
++:ufw-logging-allow - [0:0]
++:ufw-user-limit - [0:0]
++:ufw-user-limit-accept - [0:0]
++### RULES ###
++
++### END RULES ###
++
++### LOGGING ###
++-A ufw-after-logging-input -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-A ufw-after-logging-forward -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-allow -j NFLOG --nflog-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
++### END LOGGING ###
++
++### RATE LIMITING ###
++-A ufw-user-limit -m limit --limit 3/minute -j NFLOG --nflog-prefix "[UFW LIMIT BLOCK] "
++-A ufw-user-limit -j REJECT
++-A ufw-user-limit-accept -j ACCEPT
++### END RATE LIMITING ###
++COMMIT
++*filter
++:ufw6-user-input - [0:0]
++:ufw6-user-output - [0:0]
++:ufw6-user-forward - [0:0]
++### RULES ###
++COMMIT
++112: reject log-all 23
++
++
++113: reject log-all smtp
++
++
++114: reject log-all tftp
++
++
++115: reject log-all daytime
++
++
++116: reject log-all Samba
++
++
++117: reject log-all Apache
++
++
++118: reject log-all from 192.168.0.1 port smtp to 10.0.0.1 port smtp
++
++
++119: reject log-all from 192.168.0.1 app Samba to 10.0.0.1 app Samba
++
++
++contents of user*.rules:
++*filter
++:ufw-user-input - [0:0]
++:ufw-user-output - [0:0]
++:ufw-user-forward - [0:0]
++:ufw-before-logging-input - [0:0]
++:ufw-before-logging-output - [0:0]
++:ufw-before-logging-forward - [0:0]
++:ufw-user-logging-input - [0:0]
++:ufw-user-logging-output - [0:0]
++:ufw-user-logging-forward - [0:0]
++:ufw-after-logging-input - [0:0]
++:ufw-after-logging-output - [0:0]
++:ufw-after-logging-forward - [0:0]
++:ufw-logging-deny - [0:0]
++:ufw-logging-allow - [0:0]
++:ufw-user-limit - [0:0]
++:ufw-user-limit-accept - [0:0]
++### RULES ###
++
++### tuple ### reject_log-all any 23 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp --dport 23 -j RETURN
++-A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input
++-A ufw-user-input -p tcp --dport 23 -j REJECT --reject-with tcp-reset
++-A ufw-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp --dport 23 -j RETURN
++-A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input
++-A ufw-user-input -p udp --dport 23 -j REJECT
++
++### tuple ### reject_log-all tcp 25 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-logging-input -p tcp --dport 25 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp --dport 25 -j RETURN
++-A ufw-user-input -p tcp --dport 25 -j ufw-user-logging-input
++-A ufw-user-input -p tcp --dport 25 -j REJECT --reject-with tcp-reset
++
++### tuple ### reject_log-all udp 69 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-logging-input -p udp --dport 69 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp --dport 69 -j RETURN
++-A ufw-user-input -p udp --dport 69 -j ufw-user-logging-input
++-A ufw-user-input -p udp --dport 69 -j REJECT
++
++### tuple ### reject_log-all any 13 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-logging-input -p tcp --dport 13 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp --dport 13 -j RETURN
++-A ufw-user-input -p tcp --dport 13 -j ufw-user-logging-input
++-A ufw-user-input -p tcp --dport 13 -j REJECT --reject-with tcp-reset
++-A ufw-user-logging-input -p udp --dport 13 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp --dport 13 -j RETURN
++-A ufw-user-input -p udp --dport 13 -j ufw-user-logging-input
++-A ufw-user-input -p udp --dport 13 -j REJECT
++
++### tuple ### reject_log-all udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
++-A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
++-A ufw-user-input -p udp -m multiport --dports 137,138 -j REJECT -m comment --comment 'dapp_Samba'
++
++### tuple ### reject_log-all tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba'
++
++### tuple ### reject_log-all tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in
++-A ufw-user-logging-input -p tcp --dport 80 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp --dport 80 -j RETURN
++-A ufw-user-input -p tcp --dport 80 -j ufw-user-logging-input
++-A ufw-user-input -p tcp --dport 80 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Apache'
++
++### tuple ### reject_log-all tcp 25 10.0.0.1 25 192.168.0.1 in
++-A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j RETURN
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-logging-input
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j REJECT --reject-with tcp-reset
++
++### tuple ### reject_log-all udp 137,138 10.0.0.1 137,138 192.168.0.1 Samba Samba in
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j RETURN
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j REJECT -m comment --comment 'dapp_Samba,sapp_Samba'
++
++### tuple ### reject_log-all tcp 139,445 10.0.0.1 139,445 192.168.0.1 Samba Samba in
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j NFLOG --nflog-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j RETURN
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba,sapp_Samba'
++
++### END RULES ###
++
++### LOGGING ###
++-A ufw-after-logging-input -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-A ufw-after-logging-forward -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-allow -j NFLOG --nflog-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
++### END LOGGING ###
++
++### RATE LIMITING ###
++-A ufw-user-limit -m limit --limit 3/minute -j NFLOG --nflog-prefix "[UFW LIMIT BLOCK] "
++-A ufw-user-limit -j REJECT
++-A ufw-user-limit-accept -j ACCEPT
++### END RATE LIMITING ###
++COMMIT
++*filter
++:ufw6-user-input - [0:0]
++:ufw6-user-output - [0:0]
++:ufw6-user-forward - [0:0]
++### RULES ###
++COMMIT
++120: delete reject log-all 23
++
++
++121: delete reject log-all smtp
++
++
++122: delete reject log-all tftp
++
++
++123: delete reject log-all daytime
++
++
++124: delete reject log-all Samba
++
++
++125: delete reject log-all Apache
++
++
++126: delete reject log-all from 192.168.0.1 port smtp to 10.0.0.1 port smtp
++
++
++127: delete reject log-all from 192.168.0.1 app Samba to 10.0.0.1 app Samba
++
++
++contents of user*.rules:
++*filter
++:ufw-user-input - [0:0]
++:ufw-user-output - [0:0]
++:ufw-user-forward - [0:0]
++:ufw-before-logging-input - [0:0]
++:ufw-before-logging-output - [0:0]
++:ufw-before-logging-forward - [0:0]
++:ufw-user-logging-input - [0:0]
++:ufw-user-logging-output - [0:0]
++:ufw-user-logging-forward - [0:0]
++:ufw-after-logging-input - [0:0]
++:ufw-after-logging-output - [0:0]
++:ufw-after-logging-forward - [0:0]
++:ufw-logging-deny - [0:0]
++:ufw-logging-allow - [0:0]
++:ufw-user-limit - [0:0]
++:ufw-user-limit-accept - [0:0]
++### RULES ###
++
++### END RULES ###
++
++### LOGGING ###
++-A ufw-after-logging-input -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-A ufw-after-logging-forward -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -j NFLOG --nflog-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-allow -j NFLOG --nflog-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
++### END LOGGING ###
++
++### RATE LIMITING ###
++-A ufw-user-limit -m limit --limit 3/minute -j NFLOG --nflog-prefix "[UFW LIMIT BLOCK] "
++-A ufw-user-limit -j REJECT
++-A ufw-user-limit-accept -j ACCEPT
++### END RATE LIMITING ###
++COMMIT
++*filter
++:ufw6-user-input - [0:0]
++:ufw6-user-output - [0:0]
++:ufw6-user-forward - [0:0]
++### RULES ###
++COMMIT
 diff --git a/tests/good/logging_backend/runtest.sh b/tests/good/logging_backend/runtest.sh
 new file mode 100755
 index 0000000..b409bc6
 --- /dev/null
 +++ b/tests/good/logging_backend/runtest.sh
@@ -0,0 +1,55 @@
++#!/bin/bash
++
++#    Copyright 2009 Canonical Ltd.
++#
++#    This program is free software: you can redistribute it and/or modify
++#    it under the terms of the GNU General Public License version 3,
++#    as published by the Free Software Foundation.
++#
++#    This program is distributed in the hope that it will be useful,
++#    but WITHOUT ANY WARRANTY; without even the implied warranty of
++#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++#    GNU General Public License for more details.
++#
++#    You should have received a copy of the GNU General Public License
++#    along with this program.  If not, see <http://www.gnu.org/licenses/>.
++
++#set -x
++
++source "$TESTPATH/../testlib.sh"
++sed -i '/LOGGING_BACKEND/d' $TESTPATH/etc/default/ufw
++echo "LOGGING_BACKEND=netfilter_log" >>$TESTPATH/etc/default/ufw
++
++echo "TESTING NFLOG RULES" >> $TESTTMP/result
++for i in allow deny limit reject ; do
++    for j in log log-all ; do
++        do_cmd "0" null $i $j 23
++        do_cmd "0" null $i $j smtp
++        do_cmd "0" null $i $j tftp
++        do_cmd "0" null $i $j daytime
++        do_cmd "0" null $i $j Samba
++        do_cmd "0" null $i $j Apache
++        do_cmd "0" null $i $j from 192.168.0.1 port smtp to 10.0.0.1 port smtp
++        do_cmd "0" null $i $j from 192.168.0.1 app Samba to 10.0.0.1 app Samba
++
++        echo "contents of user*.rules:" >> $TESTTMP/result
++        cat $TESTCONFIG/user.rules >> $TESTTMP/result
++        cat $TESTCONFIG/user6.rules >> $TESTTMP/result
++
++        # now delete the rules
++        do_cmd "0" null delete $i $j 23
++        do_cmd "0" null delete $i $j smtp
++        do_cmd "0" null delete $i $j tftp
++        do_cmd "0" null delete $i $j daytime
++        do_cmd "0" null delete $i $j Samba
++        do_cmd "0" null delete $i $j Apache
++        do_cmd "0" null delete $i $j from 192.168.0.1 port smtp to 10.0.0.1 port smtp
++        do_cmd "0" null delete $i $j from 192.168.0.1 app Samba to 10.0.0.1 app Samba
++
++        echo "contents of user*.rules:" >> $TESTTMP/result
++        cat $TESTCONFIG/user.rules >> $TESTTMP/result
++        cat $TESTCONFIG/user6.rules >> $TESTTMP/result
++    done
++done
++
++exit 0