Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
 281K  929M ACCEPT     all  --  lo     any     anywhere             anywhere
 771M  392G ACCEPT     all  --  any    any     anywhere             anywhere             ctstate ESTABLISHED
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere             ctstate RELATED
1015K   98M input_ext  all  --  any    any     anywhere             anywhere
    0     0 LOG        all  --  any    any     anywhere             anywhere             limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-IN-ILL-TARGET "
    0     0 DROP       all  --  any    any     anywhere             anywhere

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all  --  any    any     anywhere             anywhere             limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-FWD-ILL-ROUTING "

Chain OUTPUT (policy ACCEPT 243M packets, 1885G bytes)
 pkts bytes target     prot opt in     out     source               destination
 281K  929M ACCEPT     all  --  any    lo      anywhere             anywhere

Chain forward_ext (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain input_ext (1 references)
 pkts bytes target     prot opt in     out     source               destination
 207K   72M DROP       all  --  any    any     anywhere             anywhere             PKTTYPE = broadcast
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere             icmp source-quench
    2   168 ACCEPT     icmp --  any    any     anywhere             anywhere             icmp echo-request
   30  1800 LOG        tcp  --  any    any     anywhere             anywhere             limit: avg 3/min burst 5 tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix "SFW2-INext-ACC-TCP "
   30  1800 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ssh
 798K   26M DROP       all  --  any    any     anywhere             anywhere             PKTTYPE = multicast
    0     0 DROP       all  --  any    any     anywhere             anywhere             PKTTYPE = broadcast
 9604  576K LOG        tcp  --  any    any     anywhere             anywhere             limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix "SFW2-INext-DROP-DEFLT "
    0     0 LOG        icmp --  any    any     anywhere             anywhere             limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-INext-DROP-DEFLT "
  174 14616 LOG        udp  --  any    any     anywhere             anywhere             limit: avg 3/min burst 5 ctstate NEW LOG level warning tcp-options ip-options prefix "SFW2-INext-DROP-DEFLT "
 9793  591K DROP       all  --  any    any     anywhere             anywhere

Chain reject_func (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 REJECT     tcp  --  any    any     anywhere             anywhere             reject-with tcp-reset
    0     0 REJECT     udp  --  any    any     anywhere             anywhere             reject-with icmp-port-unreachable
    0     0 REJECT     all  --  any    any     anywhere             anywhere             reject-with icmp-proto-unreachable