Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
 457K 1334M ACCEPT     all  --  lo     any     anywhere             anywhere
1108M  662G ACCEPT     all  --  any    any     anywhere             anywhere             ctstate ESTABLISHED
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere             ctstate RELATED
1320K  116M input_ext  all  --  any    any     anywhere             anywhere
    0     0 LOG        all  --  any    any     anywhere             anywhere             limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-IN-ILL-TARGET "
    0     0 DROP       all  --  any    any     anywhere             anywhere

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 LOG        all  --  any    any     anywhere             anywhere             limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-FWD-ILL-ROUTING "

Chain OUTPUT (policy ACCEPT 424M packets, 2600G bytes)
 pkts bytes target     prot opt in     out     source               destination
 457K 1334M ACCEPT     all  --  any    lo      anywhere             anywhere

Chain forward_ext (0 references)
 pkts bytes target     prot opt in     out     source               destination

Chain input_ext (1 references)
 pkts bytes target     prot opt in     out     source               destination
 207K   72M DROP       all  --  any    any     anywhere             anywhere             PKTTYPE = broadcast
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere             icmp source-quench
    3   252 ACCEPT     icmp --  any    any     anywhere             anywhere             icmp echo-request
  117  7020 LOG        tcp  --  any    any     anywhere             anywhere             limit: avg 3/min burst 5 tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix "SFW2-INext-ACC-TCP "
  131  7860 ACCEPT     tcp  --  any    any     anywhere             anywhere             tcp dpt:ssh
 798K   26M DROP       all  --  any    any     anywhere             anywhere             PKTTYPE = multicast
    0     0 DROP       all  --  any    any     anywhere             anywhere             PKTTYPE = broadcast
23953 1437K LOG        tcp  --  any    any     anywhere             anywhere             limit: avg 3/min burst 5 tcp flags:FIN,SYN,RST,ACK/SYN LOG level warning tcp-options ip-options prefix "SFW2-INext-DROP-DEFLT "
    0     0 LOG        icmp --  any    any     anywhere             anywhere             limit: avg 3/min burst 5 LOG level warning tcp-options ip-options prefix "SFW2-INext-DROP-DEFLT "
  174 14616 LOG        udp  --  any    any     anywhere             anywhere             limit: avg 3/min burst 5 ctstate NEW LOG level warning tcp-options ip-options prefix "SFW2-INext-DROP-DEFLT "
 314K   19M DROP       all  --  any    any     anywhere             anywhere

Chain reject_func (0 references)
 pkts bytes target     prot opt in     out     source               destination
    0     0 REJECT     tcp  --  any    any     anywhere             anywhere             reject-with tcp-reset
    0     0 REJECT     udp  --  any    any     anywhere             anywhere             reject-with icmp-port-unreachable
    0     0 REJECT     all  --  any    any     anywhere             anywhere             reject-with icmp-proto-unreachable