Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 4 608 ACCEPT esp -- eth0 * 0.0.0.0/0 0.0.0.0/0 4 608 ACCEPT esp -- eth1 * 0.0.0.0/0 0.0.0.0/0 2 1296 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp spt:500 dpt:500 2 1296 ACCEPT udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 udp spt:500 dpt:500 2 3608 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp spt:4500 dpt:4500 2 3592 ACCEPT udp -- eth1 * 0.0.0.0/0 0.0.0.0/0 udp spt:4500 dpt:4500 4 1040 ACCEPT tcp -- eth0 * 192.168.0.150 0.0.0.0/0 tcp spt:80 1602 127K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1 84 ACCEPT all -- eth1 * 10.4.0.2 10.4.0.0/16 policy match dir in pol ipsec reqid 4 proto 50 1 84 ACCEPT all -- * eth1 10.4.0.0/16 10.4.0.2 policy match dir out pol ipsec reqid 4 proto 50 1 84 ACCEPT all -- eth1 * 10.4.0.2 10.3.0.0/16 policy match dir in pol ipsec reqid 4 proto 50 1 84 ACCEPT all -- * eth1 10.3.0.0/16 10.4.0.2 policy match dir out pol ipsec reqid 4 proto 50 0 0 ACCEPT all -- eth1 * 10.4.0.1 10.4.0.0/16 policy match dir in pol ipsec reqid 3 proto 50 0 0 ACCEPT all -- * eth1 10.4.0.0/16 10.4.0.1 policy match dir out pol ipsec reqid 3 proto 50 1 84 ACCEPT all -- eth1 * 10.4.0.1 10.3.0.0/16 policy match dir in pol ipsec reqid 3 proto 50 1 84 ACCEPT all -- * eth1 10.3.0.0/16 10.4.0.1 policy match dir out pol ipsec reqid 3 proto 50 0 0 ACCEPT all -- eth0 * 10.3.0.2 10.4.0.0/16 policy match dir in pol ipsec reqid 2 proto 50 0 0 ACCEPT all -- * eth0 10.4.0.0/16 10.3.0.2 policy match dir out pol ipsec reqid 2 proto 50 1 84 ACCEPT all -- eth0 * 10.3.0.2 10.3.0.0/16 policy match dir in pol ipsec reqid 2 proto 50 1 84 ACCEPT all -- * eth0 10.3.0.0/16 10.3.0.2 policy match dir out pol ipsec reqid 2 proto 50 0 0 ACCEPT all -- eth0 * 10.3.0.1 10.4.0.0/16 policy match dir in pol ipsec reqid 1 proto 50 0 0 ACCEPT all -- * eth0 10.4.0.0/16 10.3.0.1 policy match dir out pol ipsec reqid 1 proto 50 0 0 ACCEPT all -- eth0 * 10.3.0.1 10.3.0.0/16 policy match dir in pol ipsec reqid 1 proto 50 0 0 ACCEPT all -- * eth0 10.3.0.0/16 10.3.0.1 policy match dir out pol ipsec reqid 1 proto 50 8 2080 ACCEPT tcp -- eth0 eth1 192.168.0.150 0.0.0.0/0 tcp spt:80 12 782 ACCEPT tcp -- eth1 eth0 0.0.0.0/0 192.168.0.150 tcp dpt:80 Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 4 608 ACCEPT esp -- * eth0 0.0.0.0/0 0.0.0.0/0 4 608 ACCEPT esp -- * eth1 0.0.0.0/0 0.0.0.0/0 2 970 ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp spt:500 dpt:500 2 970 ACCEPT udp -- * eth1 0.0.0.0/0 0.0.0.0/0 udp spt:500 dpt:500 2 3288 ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp spt:4500 dpt:4500 2 3288 ACCEPT udp -- * eth1 0.0.0.0/0 0.0.0.0/0 udp spt:4500 dpt:4500 6 391 ACCEPT tcp -- * eth0 0.0.0.0/0 192.168.0.150 tcp dpt:80 1677 244K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:22