[Problem] 7320 iptables

sharbich

Neuer User
Mitglied seit
30 Aug 2012
Beiträge
180
Punkte für Reaktionen
2
Punkte
18
Hallo Ihr Lieben,

ich habe im aktuellen Trunk die iptables Module nf_conntrack und nf_nat mit Replace Kernel geladen. Allerdings tauchen im syslog immer folgende Meldung auf
Code:
fritz kern.warn kernel: CT not confirmed ct=...
Könnt Ihr mir weiterhelfen wie ich diese Meldung weg bekomme? Macht es ggf. Sinn den PA wie folgt zu deaktivieren?
Code:
"echo disable>/proc/net/avm_pa/control"

Lieben Gruß von Stefan Harbich
 
Die erste Meldung kann ich von einer anderen Box bestätigen.
Benötigst Du nf_nat zwingend ?
Falls nicht, würde ich dieses Modul erst mal weg lassen, die Regeln neu laden und gucken, ob dieser Fehler wieder auftritt.
Da bei mir diese Syslog-Meldungen erst eine Weile nach dem Start der Box (und geladenem nf_nat) auftraten, tippe ich auf eine voll gelaufene connection table, die dann aus irgendeinem Grund in Verbindung mit geladenem nf_nat eine Instabilität im Kernel produziert. Aber das ist nur Spekulation.
Grüße,

JD.
 
Hallo JohnDoe42,

ich habe das Image neu gebaut und nun ist die Meldung auf einmal weg. Allerdings bekomme ich xt_state nicht zum laufen. Auch
Code:
# conntrack für eingehende Antwortpakete:
iptables -A TRANS -m state --state RELATED,ESTABLISHED -j ACCEPT
kann ich nicht laden. Gleiches gilt für ipt_MASQUERADE. Gibt es hierzu einen Patch?

Lieben Gruß von Stefan Harbich
 
Zuletzt bearbeitet:
Es wäre hilfreich, wenn Du mal die Configs hier anhängen könntest.
Hast Du den Kernel ersetzt ?
Wenn Du xt_state nicht laden bzw. zum Laufen bringen kannst, kannst Du natürlich auch keine stateful-Regeln laden.
Grüße,

JD.
 
Hallo JohnDoe42,

gerne füge ich Dir meine Konfigurationen bei. So wie es aussieht habe ich die kritischen iptables Module am laufen, ohne reboot der Box.

../make/iptables/Config.in
Code:
config FREETZ_PACKAGE_IPTABLES
	bool "Iptables 1.4.11.1 (binary only)"
	depends on FREETZ_PACKAGE_IPTABLES_IS_SELECTABLE
	default n
	help
		Netfilter/iptables

		Netfilter is the set of hooks within the Linux kernel for intercepting
		and manipulating network packets. The best-known component on top of
		netfilter is the firewall which filters packets, but the hooks are also
		used by a component which performs network address translation, and by
		another which provides ipchains backwards compatibility. These
		components are usually Loadable Kernel Modules.

		iptables is the name of the user space tool by which administrators
		create rules for the packet filtering and NAT modules. While technically
		iptables is merely the tool which controls the packet filtering and NAT
		components within the kernel, the name iptables is often used to refer
		to the entire infrastructure, including netfilter, connection tracking
		and NAT, as well as the tool itself. iptables is a standard part of all
		modern Linux distributions.

config FREETZ_PACKAGE_IPTABLES_IS_SELECTABLE
	bool "Is Iptables selectable for your custom configuration?"	if FREETZ_TYPE_CUSTOM
	default y if \
		!FREETZ_TYPE_W501V && \
		!FREETZ_TYPE_5140
	default n
	help
		Select this if you are sure that Iptables should work on your box

config FREETZ_PACKAGE_IPTABLES_SAVE_RESTORE
	bool "Iptables-save / iptables-restore"
	depends on FREETZ_PACKAGE_IPTABLES
	default n
	help
		iptables-save & iptables-restore

config FREETZ_PACKAGE_IPTABLES_XML
	bool "Iptables-xml"
	depends on FREETZ_PACKAGE_IPTABLES_SAVE_RESTORE
	default n
	help
		Include iptables-xml to convert saved rules to xml.

config FREETZ_PACKAGE_IPTABLES_STATIC
	bool "Build static binary"
	depends on FREETZ_PACKAGE_IPTABLES
	default n
	help
		Build a statically linked binary with all libraries compiled in

# Include here for a cleaner menu structure (list packages before modules/libs)
source make/iptables-cgi/Config.in
source make/nhipt/Config.in

source make/iptables/standard-modules.in

comment "CAUTION: Use of module ip_conntrack can lead to spontaneous reboots"
	depends on FREETZ_PACKAGE_IPTABLES && \
		FREETZ_MODULE_ip_conntrack && \
		FREETZ_KERNEL_VERSION_2_6_13

config FREETZ_PACKAGE_IPTABLES_KERNEL_MODULES
	bool "Iptables kernel modules"
	depends on FREETZ_PACKAGE_IPTABLES
	default n
	help
		Linux kernel modules for iptables

		Please note that some kernel modules have corresponding shared libraries
		and vice versa, so please make sure to select both of them, if they are
		needed for your purpose.

menu "Select kernel modules (IPv4)"
	depends on FREETZ_PACKAGE_IPTABLES_KERNEL_MODULES

config FREETZ_MODULE_ip_conntrack
	bool "ip_conntrack.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_19_MAX
	default n
	help
		Connection tracking keeps a record of what packets have passed
		through your machine, in order to figure out how they are related
		into connections.

		This is required to do Masquerading or other kinds of Network
		Address Translation (except for Fast NAT). It can also be used to
		enhance packet filtering (see `Connection state match support'
		below).

config FREETZ_MODULE_nf_conntrack
	bool "nf_conntrack.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_28_MIN
	default n
	help
		Connection tracking keeps a record of what packets have passed
		through your machine, in order to figure out how they are related
		into connections.

		This is required to do Masquerading or other kinds of Network
		Address Translation (except for Fast NAT). It can also be used to
		enhance packet filtering (see `Connection state match support'
		below).

config FREETZ_MODULE_ip_conntrack_ftp
	bool "ip_conntrack_ftp.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_19_MAX
	select FREETZ_MODULE_ip_conntrack
	default n
	help
		Tracking FTP connections is problematic: special helpers are
		required for tracking them, and doing masquerading and other forms
		of Network Address Translation on them.

config FREETZ_MODULE_nf_conntrack_ftp
	bool "nf_conntrack_ftp.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_28_MIN
	select FREETZ_MODULE_nf_conntrack
	default n
	help
		Tracking FTP connections is problematic: special helpers are
		required for tracking them, and doing masquerading and other forms
		of Network Address Translation on them.

config FREETZ_MODULE_ip_conntrack_h323
	bool "ip_conntrack_h323.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_19
	select FREETZ_MODULE_ip_conntrack
	default n
	help
		H.323 is a VoIP signalling protocol from ITU-T. As one of the most
		important VoIP protocols, it is widely used by voice hardware and
		software including voice gateways, IP phones, Netmeeting, OpenPhone,
		Gnomemeeting, etc.

		With this module you can support H.323 on a connection tracking/NAT
		firewall.

		This module supports RAS, Fast Start, H.245 Tunnelling, Call
		Forwarding, RTP/RTCP and T.120 based audio, video, fax, chat,
		whiteboard, file transfer, etc. For more information, please
		visit http://nath323.sourceforge.net/.

config FREETZ_MODULE_nf_conntrack_h323
	bool "nf_conntrack_h323.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_28_MIN
	select FREETZ_MODULE_nf_conntrack
	default n
	help
		H.323 is a VoIP signalling protocol from ITU-T. As one of the most
		important VoIP protocols, it is widely used by voice hardware and
		software including voice gateways, IP phones, Netmeeting, OpenPhone,
		Gnomemeeting, etc.

		With this module you can support H.323 on a connection tracking/NAT
		firewall.

		This module supports RAS, Fast Start, H.245 Tunnelling, Call
		Forwarding, RTP/RTCP and T.120 based audio, video, fax, chat,
		whiteboard, file transfer, etc. For more information, please
		visit http://nath323.sourceforge.net/.

config FREETZ_MODULE_ip_conntrack_irc
	bool "ip_conntrack_irc.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_19_MAX
	select FREETZ_MODULE_ip_conntrack
	default n
	help
		There is a commonly-used extension to IRC called
		Direct Client-to-Client Protocol (DCC). This enables users to send
		files to each other, and also chat to each other without the need
		of a server. DCC Sending is used anywhere you send files over IRC,
		and DCC Chat is most commonly used by Eggdrop bots. If you are using
		NAT, this extension will enable you to send files and initiate chats.
		Note that you do NOT need this extension to get files or have others
		initiate chats, or everything else in IRC.

config FREETZ_MODULE_nf_conntrack_irc
	bool "nf_conntrack_irc.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_28_MIN
	select FREETZ_MODULE_nf_conntrack
	default n
	help
		There is a commonly-used extension to IRC called
		Direct Client-to-Client Protocol (DCC). This enables users to send
		files to each other, and also chat to each other without the need
		of a server. DCC Sending is used anywhere you send files over IRC,
		and DCC Chat is most commonly used by Eggdrop bots. If you are using
		NAT, this extension will enable you to send files and initiate chats.
		Note that you do NOT need this extension to get files or have others
		initiate chats, or everything else in IRC.

config FREETZ_MODULE_nf_conntrack_ipv4
	bool "nf_conntrack_ipv4.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_28_MIN
	default n


config FREETZ_MODULE_ip_conntrack_pptp
	bool "ip_conntrack_pptp.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_19
	select FREETZ_MODULE_ip_conntrack
	default n
	help
		This module adds support for PPTP (Point to Point Tunnelling
		Protocol, RFC2637) connection tracking and NAT.

		If you are running PPTP sessions over a stateful firewall or NAT
		box, you may want to enable this feature.

		Please note that not all PPTP modes of operation are supported yet.
		For more info, read top of the file
		net/ipv4/netfilter/ip_conntrack_pptp.c

config FREETZ_MODULE_nf_conntrack_pptp
	bool "nf_conntrack_pptp.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_28_MIN
	select FREETZ_MODULE_nf_conntrack
	select FREETZ_MODULE_nf_conntrack_proto_gre
	default n
	help
		This module adds support for PPTP (Point to Point Tunnelling
		Protocol, RFC2637) connection tracking and NAT.

		If you are running PPTP sessions over a stateful firewall or NAT
		box, you may want to enable this feature.

config FREETZ_MODULE_nf_conntrack_proto_gre
	bool "nf_conntrack_proto_gre.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_28_MIN
	default n
	help


config FREETZ_MODULE_ip_conntrack_rtsp
	bool "ip_conntrack_rtsp.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_19_MAX
	select FREETZ_MODULE_ip_conntrack
	default n
	help
		Tracking RTSP Connections

config FREETZ_MODULE_ip_conntrack_tftp
	bool "ip_conntrack_tftp.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_19_MAX
	select FREETZ_MODULE_ip_conntrack
	default n
	help
		TFTP connection tracking helper, this is required depending
		on how restrictive your ruleset is.
		If you are using a tftp client behind -j SNAT or -j MASQUERADING
		you will need this.

config FREETZ_MODULE_nf_conntrack_tftp
	bool "nf_conntrack_tftp.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_28 || FREETZ_KERNEL_VERSION_2_6_32
	select FREETZ_MODULE_nf_conntrack
	default n
	help
		TFTP connection tracking helper, this is required depending
		on how restrictive your ruleset is.
		If you are using a tftp client behind -j SNAT or -j MASQUERADING
		you will need this.

config FREETZ_MODULE_ip_conntrack_proto_sctp
	bool "ip_conntrack_proto_sctp.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_13
	select FREETZ_MODULE_ip_conntrack
	default n
	help
		With this option enabled, the connection tracking code will
		be able to do state tracking on SCTP connections.

config FREETZ_MODULE_nf_defrag_ipv4
	bool "nf_defrag_ipv4.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_28 || FREETZ_KERNEL_VERSION_2_6_32
	default n

config FREETZ_MODULE_ip_nat
	bool "ip_nat.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_19 && FREETZ_REPLACE_KERNEL
	select FREETZ_MODULE_ip_conntrack
	default n
	help
		The Full NAT option allows masquerading, port forwarding and other
		forms of full Network Address Port Translation. It is controlled by
		the `nat' table in iptables: see the man page for iptables(8).

config FREETZ_MODULE_nf_nat
	bool
	#bool "nf_nat.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_28_MIN
	select FREETZ_MODULE_nf_conntrack
	select FREETZ_MODULE_nf_conntrack_ipv4
	select FREETZ_MODULE_nf_defrag_ipv4
	default n
	help
		The Full NAT option allows masquerading, port forwarding and other
		forms of full Network Address Port Translation. It is controlled by
		the `nat' table in iptables: see the man page for iptables(8).

config FREETZ_MODULE_ip_nat_ftp
	bool "ip_nat_ftp.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_19_MAX && \
		(!FREETZ_KERNEL_VERSION_2_6_19 || FREETZ_REPLACE_KERNEL)
	select FREETZ_MODULE_iptable_nat if FREETZ_KERNEL_VERSION_2_6_13
	select FREETZ_MODULE_ip_nat if FREETZ_KERNEL_VERSION_2_6_19
	select FREETZ_MODULE_ip_conntrack_ftp
	default n

config FREETZ_MODULE_nf_nat_ftp
	bool "nf_nat_ftp.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_28_MIN
	select FREETZ_MODULE_nf_nat
	select FREETZ_MODULE_nf_conntrack_ftp
	default n

config FREETZ_MODULE_ip_nat_h323
	bool "ip_nat_h323.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_19 && FREETZ_REPLACE_KERNEL
	select FREETZ_MODULE_ip_nat if FREETZ_KERNEL_VERSION_2_6_19
	select FREETZ_MODULE_ip_conntrack_h323
	default n

config FREETZ_MODULE_nf_nat_h323
	bool
	#bool "nf_nat_h323.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_28_MIN
	select FREETZ_MODULE_nf_nat
	select FREETZ_MODULE_nf_conntrack_h323
	default n

config FREETZ_MODULE_ip_nat_irc
	bool "ip_nat_irc.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_19_MAX && \
		(!FREETZ_KERNEL_VERSION_2_6_19 || FREETZ_REPLACE_KERNEL)
	select FREETZ_MODULE_iptable_nat if FREETZ_KERNEL_VERSION_2_6_13
	select FREETZ_MODULE_ip_nat if FREETZ_KERNEL_VERSION_2_6_19
	select FREETZ_MODULE_ip_conntrack_irc if FREETZ_KERNEL_VERSION_2_6_19
	default n

config FREETZ_MODULE_nf_nat_irc
	bool
	#bool "nf_nat_irc.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_28_MIN
	select FREETZ_MODULE_nf_nat
	select FREETZ_MODULE_nf_conntrack_irc
	default n

config FREETZ_MODULE_ip_nat_pptp
	bool "ip_nat_pptp.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_19 && FREETZ_REPLACE_KERNEL
	select FREETZ_MODULE_ip_nat
	select FREETZ_MODULE_ip_conntrack_pptp
	default n

config FREETZ_MODULE_nf_nat_pptp
	bool
	#bool "nf_nat_pptp.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_28_MIN
	select FREETZ_MODULE_nf_nat
	select FREETZ_MODULE_nf_conntrack_pptp
	default n

config FREETZ_MODULE_ip_nat_rtsp
	bool "ip_nat_rtsp.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_19_MAX && \
		(!FREETZ_KERNEL_VERSION_2_6_19 || FREETZ_REPLACE_KERNEL)
	select FREETZ_MODULE_iptable_nat if FREETZ_KERNEL_VERSION_2_6_13
	select FREETZ_MODULE_ip_nat if FREETZ_KERNEL_VERSION_2_6_19
	select FREETZ_MODULE_ip_conntrack_rtsp
	default n

config FREETZ_MODULE_ip_nat_tftp
	bool "ip_nat_tftp.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_19_MAX && \
		(!FREETZ_KERNEL_VERSION_2_6_19 || FREETZ_REPLACE_KERNEL)
	select FREETZ_MODULE_iptable_nat if FREETZ_KERNEL_VERSION_2_6_13
	select FREETZ_MODULE_ip_nat if FREETZ_KERNEL_VERSION_2_6_19
	select FREETZ_MODULE_ip_conntrack_tftp if FREETZ_KERNEL_VERSION_2_6_19
	default n

config FREETZ_MODULE_nf_nat_tftp
	bool "nf_nat_tftp.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_28_MIN
	select FREETZ_MODULE_nf_nat
	select FREETZ_MODULE_nf_conntrack_tftp
	default n

config FREETZ_MODULE_iptable_filter
	bool "iptable_filter.ko"
	select FREETZ_MODULE_ip_tables
	default n
	help
		Packet filtering defines a table `filter', which has a series of
		rules for simple packet filtering at local input, forwarding and
		local output. See the man page for iptables(8).

config FREETZ_MODULE_iptable_mangle
	bool "iptable_mangle.ko"
	select FREETZ_MODULE_ip_tables
	default n
	help
		This option adds a `mangle' table to iptables: see the man page for
		iptables(8). This table is used for various packet alterations
		which can effect how the packet is routed.

comment "iptable_nat.ko (not available, needs replace kernel)"
	depends on FREETZ_KERNEL_VERSION_2_6_19 && !FREETZ_REPLACE_KERNEL

config FREETZ_MODULE_iptable_nat
	bool "iptable_nat.ko"
	depends on !FREETZ_KERNEL_VERSION_2_6_19 || FREETZ_REPLACE_KERNEL
	select FREETZ_MODULE_ip_conntrack if FREETZ_KERNEL_VERSION_2_6_19_MAX
	select FREETZ_MODULE_ip_tables
	select FREETZ_MODULE_ip_nat if FREETZ_KERNEL_VERSION_2_6_19
	select FREETZ_MODULE_nf_nat if FREETZ_KERNEL_VERSION_2_6_28
	default n
	help
		Cannot be loaded when using AVM-kernel 2.6.19, see http://freetz.org/ticket/1929

config FREETZ_MODULE_iptable_raw
	bool "iptable_raw.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_19_MIN
	select FREETZ_MODULE_ip_tables
	default n

config FREETZ_MODULE_ip_tables
	bool "ip_tables.ko"
	select FREETZ_MODULE_x_tables if FREETZ_KERNEL_VERSION_2_6_19_MIN
	default n
	help
		iptables is a general, extensible packet identification framework.
		The packet filtering and full NAT (masquerading, port forwarding,
		etc) subsystems now use this.

config FREETZ_MODULE_ipt_connmark
	bool "ipt_connmark.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_13
	select FREETZ_MODULE_ip_conntrack
	select FREETZ_MODULE_ip_tables
	default n
	help
		This option enables support for connection marks, used by the
		`CONNMARK' target and `connmark' match. Similar to the mark value
		of packets, but this mark value is kept in the conntrack session
		instead of the individual packets.

config FREETZ_MODULE_ipt_CONNMARK
	bool "ipt_CONNMARK.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_13
	select FREETZ_MODULE_ip_conntrack
	select FREETZ_MODULE_ip_tables
	default n
	help
		This option adds a `CONNMARK' target, which allows one to manipulate
		the connection mark value.  Similar to the MARK target, but
		affects the connection mark value rather than the packet mark value.

config FREETZ_MODULE_ipt_conntrack
	bool "ipt_conntrack.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_13
	select FREETZ_MODULE_ip_conntrack
	select FREETZ_MODULE_ip_tables
	default n

config FREETZ_MODULE_ipt_helper
	bool "ipt_helper.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_13
	select FREETZ_MODULE_ip_conntrack
	select FREETZ_MODULE_ip_tables
	default n
	help
		Helper matching allows you to match packets in dynamic connections
		tracked by a conntrack-helper, ie. ip_conntrack_ftp

config FREETZ_MODULE_ipt_iprange
	bool "ipt_iprange.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_19_MAX
	select FREETZ_MODULE_ip_tables if FREETZ_KERNEL_VERSION_2_6_13
	select FREETZ_MODULE_x_tables if FREETZ_KERNEL_VERSION_2_6_19
	default n
	help
		This option makes possible to match IP addresses against IP address
		ranges.

config FREETZ_MODULE_ipt_layer7
	bool "ipt_layer7.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_19_MAX
	select FREETZ_MODULE_ip_tables if FREETZ_KERNEL_VERSION_2_6_13
	select FREETZ_MODULE_x_tables if FREETZ_KERNEL_VERSION_2_6_19
	default n
	help
		Say Y if you want to be able to classify connections (and their
		packets) based on regular expression matching of their application
		layer data. This is one way to classify applications such as
		peer-to-peer filesharing systems that do not always use the same
		port.

config FREETZ_MODULE_ipt_ipp2p
	bool "ipt_ipp2p.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_19
	select FREETZ_MODULE_ip_tables if FREETZ_KERNEL_VERSION_2_6_13
	select FREETZ_MODULE_x_tables if FREETZ_KERNEL_VERSION_2_6_19
	default n
	help
		This option makes possible to match some P2P packets
		therefore helps controlling such traffic.

config FREETZ_MODULE_ipt_length
	bool "ipt_length.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_13
	select FREETZ_MODULE_ip_tables
	default n
	help
		This option allows you to match the length of a packet against a
		specific value or range of values.

config FREETZ_MODULE_ipt_limit
	bool "ipt_limit.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_13
	select FREETZ_MODULE_ip_tables
	default n
	help
		limit matching allows you to control the rate at which a rule can be
		matched: mainly useful in combination with the LOG target ("LOG
		target support", below) and to avoid some Denial of Service attacks.

config FREETZ_MODULE_ipt_LOG
	bool "ipt_LOG.ko"
	select FREETZ_MODULE_ip_tables if FREETZ_KERNEL_VERSION_2_6_19_MAX
	select FREETZ_MODULE_x_tables if FREETZ_KERNEL_VERSION_2_6_28_MIN
	default n
	help
		This option adds a `LOG' target, which allows you to create rules in
		any iptables table which records the packet header to the syslog.

config FREETZ_MODULE_ipt_comment
	bool "ipt_comment.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_19_MAX
	select FREETZ_MODULE_ip_tables
	default n
	help
		This option adds a module, which allows you to add comments to your rules.

config FREETZ_MODULE_ipt_mac
	bool "ipt_mac.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_13
	select FREETZ_MODULE_ip_tables
	default n
	help
		MAC matching allows you to match packets based on the source
		Ethernet address of the packet.

config FREETZ_MODULE_ipt_mark
	bool "ipt_mark.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_13
	select FREETZ_MODULE_ip_tables
	default n
	help
		Netfilter mark matching allows you to match packets based on the
		`nfmark' value in the packet. This can be set by the MARK target
		(see below).

config FREETZ_MODULE_ipt_MARK
	bool "ipt_MARK.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_13
	select FREETZ_MODULE_ip_tables
	default n
	help
		This option adds a `MARK' target, which allows you to create rules
		in the `mangle' table which alter the netfilter mark (nfmark) field
		associated with the packet prior to routing. This can change
		the routing method (see `Use netfilter MARK value as routing
		key') and can also be used by other subsystems to change their
		behavior.

config FREETZ_MODULE_ipt_MASQUERADE
	bool "ipt_MASQUERADE.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_19_MAX && \
		(!FREETZ_KERNEL_VERSION_2_6_19 || FREETZ_REPLACE_KERNEL)
	select FREETZ_MODULE_iptable_nat if FREETZ_KERNEL_VERSION_2_6_13
	select FREETZ_MODULE_ip_nat if FREETZ_KERNEL_VERSION_2_6_19
	select FREETZ_MODULE_x_tables if FREETZ_KERNEL_VERSION_2_6_19
	default n
	help
		Masquerading is a special case of NAT: all outgoing connections are
		changed to seem to come from a particular interface's address, and
		if the interface goes down, those connections are lost. This is
		only useful for dialup accounts with dynamic IP address (ie. your IP
		address will be different on next dialup).

config FREETZ_MODULE_ipt_multiport
	bool "ipt_multiport.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_13
	select FREETZ_MODULE_ip_tables
	default n
	help
		Multiport matching allows you to match TCP or UDP packets based on
		a series of source or destination ports: normally a rule can only
		match a single range of ports.

config FREETZ_MODULE_ipt_owner
	bool "ipt_owner.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_19_MAX
	select FREETZ_MODULE_ip_tables if FREETZ_KERNEL_VERSION_2_6_13
	select FREETZ_MODULE_x_tables if FREETZ_KERNEL_VERSION_2_6_19
	default n
	help
		Packet owner matching allows you to match locally-generated packets
		based on who created them: the user, group, process or session.

config FREETZ_MODULE_ipt_REDIRECT
	bool "ipt_REDIRECT.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_28_MAX && \
		(!FREETZ_KERNEL_VERSION_2_6_19 || FREETZ_REPLACE_KERNEL)
	select FREETZ_MODULE_iptable_nat
	select FREETZ_MODULE_ip_nat if FREETZ_KERNEL_VERSION_2_6_19
	select FREETZ_MODULE_x_tables if FREETZ_KERNEL_VERSION_2_6_19 || FREETZ_KERNEL_VERSION_2_6_28
	default n
	help
		REDIRECT is a special case of NAT: all incoming connections are
		mapped onto the incoming interface's address, causing the packets to
		come to the local machine instead of passing through. This is
		useful for transparent proxies.

config FREETZ_MODULE_ipt_REJECT
	bool "ipt_REJECT.ko"
	select FREETZ_MODULE_ip_tables if FREETZ_KERNEL_VERSION_2_6_13
	select FREETZ_MODULE_x_tables if FREETZ_KERNEL_VERSION_2_6_19_MIN
	default n
	help
		The REJECT target allows a filtering rule to specify that an ICMP
		error should be issued in response to an incoming packet, rather
		than silently being dropped.

config FREETZ_MODULE_ipt_state
	bool "ipt_state.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_13
	select FREETZ_MODULE_ip_conntrack
	select FREETZ_MODULE_ip_tables
	default n
	help
		Connection state matching allows you to match packets based on their
		relationship to a tracked connection (ie. previous packets). This
		is a powerful tool for packet classification.

config FREETZ_MODULE_ipt_tcpmss
	bool "ipt_tcpmss.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_13
	select FREETZ_MODULE_ip_tables
	default n
	help
		This option adds a `tcpmss' match, which allows you to examine the
		MSS value of TCP SYN packets, which control the maximum packet size
		for that connection.

config FREETZ_MODULE_ipt_TCPMSS
	bool "ipt_TCPMSS.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_19_MAX
	select FREETZ_MODULE_ip_tables if FREETZ_KERNEL_VERSION_2_6_13
	select FREETZ_MODULE_x_tables if FREETZ_KERNEL_VERSION_2_6_19
	default n
	help
		This option adds a `TCPMSS' target, which allows you to alter the
		MSS value of TCP SYN packets, to control the maximum size for that
		connection (usually limiting it to your outgoing interface's MTU
		minus 40).

		This is used to overcome criminally braindead ISPs or servers which
		block ICMP Fragmentation Needed packets. The symptoms of this
		problem are that everything works fine from your Linux
		firewall/router, but machines behind it can never exchange large
		packets:
			1) Web browsers connect, then hang with no data received.
			2) Small mail works fine, but large emails hang.
			3) ssh works fine, but scp hangs after initial handshaking.

		Workaround: activate this option and add a rule to your firewall
		configuration like:

			iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \
				 -j TCPMSS --clamp-mss-to-pmtu

config FREETZ_MODULE_ipt_tos
	bool "ipt_tos.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_19_MAX
	select FREETZ_MODULE_ip_tables if FREETZ_KERNEL_VERSION_2_6_13
	select FREETZ_MODULE_x_tables if FREETZ_KERNEL_VERSION_2_6_19
	default n
	help
		TOS matching allows you to match packets based on the Type Of
		Service fields of the IP packet.

config FREETZ_MODULE_ipt_TOS
	bool "ipt_TOS.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_19_MAX
	select FREETZ_MODULE_ip_tables if FREETZ_KERNEL_VERSION_2_6_13
	select FREETZ_MODULE_x_tables if FREETZ_KERNEL_VERSION_2_6_19
	default n
	help
		This option adds a `TOS' target, which allows you to create rules in
		the `mangle' table which alter the Type Of Service field of an IP
		packet prior to routing.

config FREETZ_MODULE_ipt_ttl
	bool "ipt_ttl.ko"
	select FREETZ_MODULE_ip_tables if FREETZ_KERNEL_VERSION_2_6_13
	select FREETZ_MODULE_x_tables if FREETZ_KERNEL_VERSION_2_6_19_MIN
	default n
	help
		This adds CONFIG_IP_NF_MATCH_TTL option, which enabled the user
		to match packets by their TTL value.
config FREETZ_MODULE_ipt_TTL
	bool "ipt_TTL.ko"
	default n
	help
		This option adds a `TTL' target, which allows you to create rules in
		the `mangle' table which alter the TTL (time to live) field of an IP
		packet.

endmenu

menu "x_tables (both IPv4 and IPv6)"
	depends on FREETZ_PACKAGE_IPTABLES_KERNEL_MODULES
	depends on FREETZ_KERNEL_VERSION_2_6_19_MIN

config FREETZ_MODULE_x_tables
	bool "x_tables.ko"
	default n

config FREETZ_MODULE_xt_helper
	bool "xt_helper.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_19
	select FREETZ_MODULE_x_tables
	select FREETZ_MODULE_ip_conntrack
	default n
	help
		Helper matching allows you to match packets in dynamic connections
		tracked by a conntrack-helper, ie. ip_conntrack_ftp

config FREETZ_MODULE_xt_CLASSIFY
	bool "xt_CLASSIFY.ko"
	select FREETZ_MODULE_x_tables
	default n
	help
		This option adds a `CLASSIFY' target, which enables the user to set
		the priority of a packet. Some qdiscs can use this value for
		classification, among these are:

		atm, cbq, dsmark, pfifo_fast, htb, prio

config FREETZ_MODULE_xt_comment
	bool "xt_comment.ko"
	select FREETZ_MODULE_x_tables
	default n
	help
		This option adds a `comment' dummy-match, which allows you to put
		comments in your iptables ruleset.

config FREETZ_MODULE_xt_conntrack
	bool "xt_conntrack.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_19_MIN
	select FREETZ_MODULE_x_tables
	select FREETZ_MODULE_ip_conntrack if FREETZ_KERNEL_VERSION_2_6_19
        select FREETZ_MODULE_nf_conntrack if FREETZ_KERNEL_VERSION_2_6_28_MIN
	default n
	help
		Connection tracking keeps a record of what packets have passed
		through your machine, in order to figure out how they are related
		into connections.

		Layer 3 independent connection tracking is experimental scheme
		which generalize ip_conntrack to support other layer 3 protocols.

config FREETZ_MODULE_xt_esp
	bool "xt_esp.ko"
	select FREETZ_MODULE_x_tables
	default n
	help
		This match extension allows you to match a range of SPIs
		inside ESP header of IPSec packets.

config FREETZ_MODULE_xt_length
	bool "xt_length.ko"
	select FREETZ_MODULE_x_tables
	default n
	help
		This option allows you to match the length of a packet against a
		specific value or range of values.

config FREETZ_MODULE_xt_limit
	bool "xt_limit.ko"
	select FREETZ_MODULE_x_tables
	default n
	help
		limit matching allows you to control the rate at which a rule can be
		matched: mainly useful in combination with the LOG target ("LOG
		target support", below) and to avoid some Denial of Service attacks.

config FREETZ_MODULE_xt_mac
	bool "xt_mac.ko"
	select FREETZ_MODULE_x_tables
	default n
	help
		MAC matching allows you to match packets based on the source
		Ethernet address of the packet.

config FREETZ_MODULE_xt_multiport
	bool "xt_multiport.ko"
	select FREETZ_MODULE_x_tables
	default n
	help
		Multiport matching allows you to match TCP or UDP packets based on
		a series of source or destination ports: normally a rule can only
		match a single range of ports.

config FREETZ_MODULE_xt_mark
	bool "xt_mark.ko"
	select FREETZ_MODULE_x_tables
	default n
	help
		Netfilter mark matching allows you to match packets based on the
		`nfmark' value in the packet. This can be set by the MARK target
		(see below).

config FREETZ_MODULE_xt_MARK
	bool "xt_MARK.ko"
	select FREETZ_MODULE_x_tables
	default n
	help
		This option adds a `MARK' target, which allows you to create rules
		in the `mangle' table which alter the netfilter mark (nfmark) field
		associated with the packet prior to routing. This can change
		the routing method (see `Use netfilter MARK value as routing
		key') and can also be used by other subsystems to change their
		behavior.

config FREETZ_MODULE_xt_NFQUEUE
	bool "xt_NFQUEUE.ko"
	select FREETZ_MODULE_x_tables
	default n
	help
		This target replaced the old obsolete QUEUE target.

		As opposed to QUEUE, it supports 65535 different queues,
		not just one.

config FREETZ_MODULE_xt_NOTRACK
	bool "xt_NOTRACK.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_19
	select FREETZ_MODULE_x_tables
	select FREETZ_MODULE_ip_conntrack
	default n
	help
		The NOTRACK target allows a select rule to specify
		which packets *not* to enter the conntrack/NAT
		subsystem with all the consequences (no ICMP error tracking,
		no protocol helpers for the selected packets).

config FREETZ_MODULE_xt_iprange
	bool "xt_iprange.ko"
	select FREETZ_MODULE_x_tables
	default n
	help
		This option adds a "iprange" match, which allows you to match
		based on an IP address range. (Normal iptables only matches on
		single addresses x with an optional mask.)

config FREETZ_MODULE_xt_pkttype
	bool "xt_pkttype.ko"
	select FREETZ_MODULE_x_tables
	default n
	help
		Packet type matching allows you to match a packet by
		its "class", eg. BROADCAST, MULTICAST, ...

		Typical usage:
			iptables -A INPUT -m pkttype --pkt-type broadcast -j LOG

config FREETZ_MODULE_xt_physdev
	bool "xt_physdev.ko"
	select FREETZ_MODULE_x_tables
	default n
	help
		Physdev packet matching matches against the physical bridge ports
		the IP packet arrived on or will leave by.

config FREETZ_MODULE_xt_quota
	bool "xt_quota.ko"
	select FREETZ_MODULE_x_tables
	default n
	help
		This option adds a `quota' match, which allows to match on a
		byte counter.

config FREETZ_MODULE_xt_realm
	bool "xt_realm.ko"
	select FREETZ_MODULE_x_tables
	default n
	help
		This option adds a `realm' match, which allows you to use the realm
		key from the routing subsystem inside iptables.

		This match pretty much resembles the CONFIG_NET_CLS_ROUTE4 option
		in tc world.

config FREETZ_MODULE_xt_state
	bool "xt_state.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_19_MIN
	select FREETZ_MODULE_x_tables
	select FREETZ_MODULE_ip_conntrack if FREETZ_KERNEL_VERSION_2_6_19
	select FREETZ_MODULE_nf_conntrack if FREETZ_KERNEL_VERSION_2_6_28_MIN
	default n
	help
		Connection state matching allows you to match packets based on their
		relationship to a tracked connection (ie. previous packets). This
		is a powerful tool for packet classification.

config FREETZ_MODULE_xt_statistic
	bool "xt_statistic.ko"
	select FREETZ_MODULE_x_tables
	default n
	help
		This option adds a `statistic' match, which allows you to match
		on packets periodically or randomly with a given percentage.

config FREETZ_MODULE_xt_string
	bool "xt_string.ko"
	select FREETZ_MODULE_x_tables
	default n
	help
		This option adds a `string' match, which allows you to look for
		pattern matchings in packets.

config FREETZ_MODULE_xt_tcpudp
	bool "xt_tcpudp.ko"
	select FREETZ_MODULE_x_tables
	default n

config FREETZ_MODULE_xt_tcpmss
	bool "xt_tcpmss.ko"
	select FREETZ_MODULE_x_tables
	default n
	help
		This option adds a `tcpmss' match, which allows you to examine the
		MSS value of TCP SYN packets, which control the maximum packet size
		for that connection.

config FREETZ_MODULE_xt_time
	bool "xt_time.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_28_MIN
	default n

endmenu

menu "Select kernel modules (IPv6)"
	depends on FREETZ_PACKAGE_IPTABLES_KERNEL_MODULES
	depends on FREETZ_TARGET_IPV6_SUPPORT

config FREETZ_MODULE_ip6_queue
	bool "ip6_queue.ko"
	default n
	help
		Userspace queueing via NETLINK

		This option adds a queue handler to the kernel for IPv6
		packets which lets us to receive the filtered packets
		with QUEUE target using libiptc as we can do with
		the IPv4 now.

		(C) Fernando Anton 2001
		IPv64 Project - Work based in IPv64 draft by Arturo Azcorra.
		Universidad Carlos III de Madrid
		Universidad Politecnica de Alcala de Henares
		email: <[email protected]>.

config FREETZ_MODULE_ip6_tables
	select FREETZ_PACKAGE_IPTABLES_SHARED_LIBS
	select FREETZ_LIB_libxt_standard
	bool "ip6_tables.ko"
	default n
	help
		IP6 tables support (required for filtering/masq/NAT)

		ip6tables is a general, extensible packet identification framework.
		Currently only the packet filtering and packet mangling subsystem
		for IPv6 use this, but connection tracking is going to follow.

config FREETZ_MODULE_ip6table_filter
	depends on FREETZ_MODULE_ip6_tables
	bool "ip6table_filter.ko"
	default n
	help
		Packet filtering

		Packet filtering defines a table `filter', which has a series of
		rules for simple packet filtering at local input, forwarding and
		local output. See the man page for iptables(8).

config FREETZ_MODULE_ip6table_raw
	depends on FREETZ_MODULE_ip6_tables
	bool "ip6table_raw.ko"
	default n
	help
		raw table support (required for TRACE)

		This option adds a `raw' table to ip6tables. This table is the very
		first in the netfilter framework and hooks in at the PREROUTING
		and OUTPUT chains.

config FREETZ_MODULE_ip6t_ah
	depends on FREETZ_MODULE_ip6_tables
	bool "ip6t_ah.ko"
	default n
	help
		AH match support

		This module allows one to match AH and ESP packets.

config FREETZ_MODULE_ip6t_dst
	depends on FREETZ_KERNEL_VERSION_2_6_13 && FREETZ_MODULE_ip6_tables
	bool "ip6t_dst.ko"
	default n
	help
		Dst opts header match support

		This allows one to match packets based on the hop-by-hop
		and destination options headers of a packet.

config FREETZ_MODULE_ip6t_esp
	depends on FREETZ_KERNEL_VERSION_2_6_13 && FREETZ_MODULE_ip6_tables
	bool "ip6t_esp.ko"
	default n
	help
		ESP match support

		This module allows one to match AH and ESP packets.

config FREETZ_MODULE_ip6t_eui64
	depends on FREETZ_MODULE_ip6_tables
	bool "ip6t_eui64.ko"
	default n
	help
		EUI64 address check

		This module performs checking on the IPv6 source address
		Compares the last 64 bits with the EUI64 (delivered
		from the MAC address) address

config FREETZ_MODULE_ip6t_frag
	depends on FREETZ_MODULE_ip6_tables
	bool "ip6t_frag.ko"
	default n
	help
		Fragmentation header match support

		frag matching allows you to match packets based on the fragmentation
		header of the packet.

config FREETZ_MODULE_ip6t_hbh
	depends on FREETZ_MODULE_ip6_tables
	bool "ip6t_hbh.ko"
	default n
	help
		Hop-by-hop and header match support

		This allows one to match packets based on the hop-by-hop
		and destination options headers of a packet.

config FREETZ_MODULE_ip6t_hl
	depends on FREETZ_MODULE_ip6_tables
	bool "ip6t_hl.ko"
	default n
	help
		HL match support

		HL matching allows you to match packets based on the hop
		limit of the packet.

config FREETZ_MODULE_ip6t_ipv6header
	depends on FREETZ_MODULE_ip6_tables
	bool "ip6t_ipv6header.ko"
	default n
	help
		IPv6 Extension Headers Match

		This module allows one to match packets based upon
		the ipv6 extension headers.

config FREETZ_MODULE_ip6t_length
	depends on FREETZ_KERNEL_VERSION_2_6_13 && FREETZ_MODULE_ip6_tables
	bool "ip6t_length.ko"
	default n
	help
		Packet Length match support

		This option allows you to match the length of a packet against a
		specific value or range of values.

config FREETZ_MODULE_ip6t_limit
	depends on FREETZ_KERNEL_VERSION_2_6_13 && FREETZ_MODULE_ip6_tables
	bool "ip6t_limit.ko"
	default n
	help
		limit match support

		limit matching allows you to control the rate at which a rule can be
		matched: mainly useful in combination with the LOG target ("LOG
		target support", below) and to avoid some Denial of Service attacks.

config FREETZ_MODULE_ip6t_LOG
	depends on FREETZ_MODULE_ip6_tables
	bool "ip6t_LOG.ko"
	default n
	help
		LOG target support

		This option adds a `LOG' target, which allows you to create rules in
		any iptables table which records the packet header to the syslog.

config FREETZ_MODULE_ip6t_mac
	depends on FREETZ_KERNEL_VERSION_2_6_13 && FREETZ_MODULE_ip6_tables
	bool "ip6t_mac.ko"
	default n
	help
		MAC address match support

		mac matching allows you to match packets based on the source
		Ethernet address of the packet.

config FREETZ_MODULE_ip6t_mark
	depends on FREETZ_KERNEL_VERSION_2_6_13 && FREETZ_MODULE_ip6_tables
	bool "ip6t_mark.ko"
	default n
	help
		netfilter MARK match support

		Netfilter mark matching allows you to match packets based on the
		`nfmark' value in the packet. This can be set by the MARK target
		(see below).

config FREETZ_MODULE_ip6t_multiport
	depends on FREETZ_KERNEL_VERSION_2_6_13 && FREETZ_MODULE_ip6_tables
	bool "ip6t_multiport.ko"
	default n
	help
		Multiple port match support

		Multiport matching allows you to match TCP or UDP packets based on
		a series of source or destination ports: normally a rule can only
		match a single range of ports.

config FREETZ_MODULE_ip6t_owner
	depends on FREETZ_KERNEL_VERSION_2_6_13 && FREETZ_MODULE_ip6_tables
	bool "ip6t_owner.ko"
	default n
	help
		Owner match support

		Packet owner matching allows you to match locally-generated packets
		based on who created them: the user, group, process or session.

config FREETZ_MODULE_ip6t_REJECT
	depends on FREETZ_MODULE_ip6_tables
	bool "ip6t_REJECT.ko"
	default n
	help
		The REJECT target allows a filtering rule to specify that an ICMPv6
		error should be issued in response to an incoming packet, rather
		than silently being dropped.

config FREETZ_MODULE_ip6t_rt
	depends on FREETZ_MODULE_ip6_tables
	bool "ip6t_rt.ko"
	default n
	help
		Routing header match support

		rt matching allows you to match packets based on the routing
		header of the packet.

config FREETZ_MODULE_ip6table_mangle
	depends on FREETZ_MODULE_ip6_tables
	bool "ip6table_mangle.ko"
	default n
	help
		Packet mangling

		This option adds a `mangle' table to iptables: see the man page for
		iptables(8). This table is used for various packet alterations
		which can effect how the packet is routed.

config FREETZ_MODULE_ip6t_MARK
	depends on FREETZ_KERNEL_VERSION_2_6_13 && FREETZ_MODULE_ip6_tables
	bool "ip6t_MARK.ko"
	default n
	help
		MARK target support

		This option adds a `MARK' target, which allows you to create rules
		in the `mangle' table which alter the netfilter mark (nfmark) field
		associated with the packet packet prior to routing. This can change
		the routing method (see `Use netfilter MARK value as routing
		key') and can also be used by other subsystems to change their
		behavior.

config FREETZ_MODULE_nf_conntrack_ipv6
	bool
	bool "nf_conntrack_ipv6.ko"
	depends on FREETZ_KERNEL_VERSION_2_6_28_MIN
	default n
	help
		Connection tracking keeps a record of what packets have passed
		through your machine, in order to figure out how they are related
		into connections.

		This is IPv6 support on Layer 3 independent connection tracking.
		Layer 3 independent connection tracking is experimental scheme which
		generalize ip_conntrack to support other layer 3 protocols.

endmenu

config FREETZ_PACKAGE_IPTABLES_SHARED_LIBS
	bool "Iptables shared libraries"
	depends on FREETZ_PACKAGE_IPTABLES && ! FREETZ_PACKAGE_IPTABLES_STATIC
	default n
	help
		Shared Libraries for iptables

		Please note that some kernel modules have corresponding shared libraries
		and vice versa, so please make sure to select both of them, if they are
		needed for your purpose.

menu "Select shared libraries (IPv4)"
	depends on FREETZ_PACKAGE_IPTABLES_SHARED_LIBS

config FREETZ_LIB_libipt_addrtype
	bool "libipt_addrtype.so"
	default n
	help
		This module matches packets based on their address type.
		Address types are used within the kernel networking stack and categorize
		addresses into various groups. The exact definition of that group
		depends on the specific layer three protocol.
		Examples: UNICAST, BROADCAST, LOCAL, MULTICAST, ANYCAST, ...

config FREETZ_LIB_libipt_ah
	bool "libipt_ah.so"
	default n
	help
		This module matches the SPIs in Authentication header of IPsec packets.

config FREETZ_LIB_libipt_CLUSTERIP
	bool "lipipt_CLUSTERIP.so"
	default n
	help
		This module allows you to configure a simple cluster of nodes that
		share a certain IP and MAC address without an explicit load balancer
		in front of them. Connections are statically distributed between the
		nodes in this cluster.

config FREETZ_LIB_libipt_DNAT
	bool "libipt_DNAT.so"
	default n
	help
		This target is only valid in the nat table, in the PREROUTING
		and OUTPUT chains, and user-defined chains which are only called from
		those chains. It specifies that the destination address of the packet
		should be modified (and all future packets in this connection will
		also be mangled), and rules should cease being examined.

config FREETZ_LIB_libipt_ecn
	bool "libipt_ecn.so"
	default n
	help
		This allows you to match the ECN bits of the IPv4 and TCP header.
		ECN is the Explicit Congestion Notification mechanism as specified in
		RFC3168.

config FREETZ_LIB_libipt_ECN
	bool "libipt_ECN.so"
	default n
	help
		This target allows to selectively work around known ECN blackholes.
		It can only be used in the mangle table.

config FREETZ_LIB_libipt_icmp
	bool "libipt_icmp.so"
	default n
	help
		This extension can be used if `--protocol icmp' is specified.

config FREETZ_LIB_libipt_ipp2p
	bool "libipt_ipp2p.so"
	depends on FREETZ_MODULE_ipt_ipp2p
	default n
	help
		This extension can be used to match p2p protocols such as
		eDonkey, KaZaA, Gnutella, BitTorrent.

config FREETZ_LIB_libipt_LOG
	bool "libipt_LOG.so"
	default n
	help
		Turn on kernel logging of matching packets. When this option is set
		for a rule, the Linux kernel will print some information on all
		matching packets (like most IP header fields) via the kernel log
		(where it can be read with dmesg or syslogd (8)).

config FREETZ_LIB_libipt_MASQUERADE
	bool "libipt_MASQUERADE.so"
	default n
	help
		This target is only valid in the nat table, in the POSTROUTING
		chain. It should only be used with dynamically assigned IP (dialup)
		connections: if you have a static IP address, you should use the SNAT
		target.

config FREETZ_LIB_libipt_MIRROR
	bool "libipt_MIRROR.so"
	default n
	help
		This is an experimental demonstration target which inverts the source
		and destination fields in the IP header and retransmits the packet.

config FREETZ_LIB_libipt_NETMAP
	bool "libipt_NETMAP.so"
	default n
	help
		This target allows you to statically map a whole network of addresses onto
		another network of addresses.

config FREETZ_LIB_libipt_realm
	bool "libipt_realm.so"
	select FREETZ_MODULE_xt_realm if FREETZ_KERNEL_VERSION_2_6_19
	default n
	help
		This matches the routing realm. Routing realms are used in complex
		routing setups involving dynamic routing protocols like BGP.

config FREETZ_LIB_libipt_REDIRECT
	bool "libipt_REDIRECT.so"
	default n
	help
		This target redirects the packet to the machine itself by changing the
		destination IP to the primary address of the incoming interface
		(locally-generated packets are mapped to the 127.0.0.1 address).

config FREETZ_LIB_libipt_REJECT
	bool "libipt_REJECT.so"
	default n
	help
		This is used to send back an error packet in response to the matched
		packet: otherwise it is equivalent to DROP
		so it is a terminating TARGET, ending rule traversal.

config FREETZ_LIB_libipt_SAME
	bool "libipt_SAME.so"
	default n
	help
		Similar to SNAT/DNAT depending on chain: it takes a range of addresses
		(`--to 1.2.3.4-1.2.3.7') and gives a client the same
		source-/destination-address for each connection.

config FREETZ_LIB_libipt_SNAT
	bool "libipt_SNAT.so"
	default n
	help
		This target specifies that the source address of the packet should be
		modified (and all future packets in this connection will also be
		mangled), and rules should cease being examined.

config FREETZ_LIB_libipt_ttl
	bool "libipt_ttl.so"
	default n
	help
		This module matches the time to live field in the IP header.

config FREETZ_LIB_libipt_TTL
	bool "libipt_TTL.so"
	default n
	help
		This is used to modify the IPv4 TTL header field. The TTL field
		determines how many hops (routers) a packet can traverse until it's
		time to live is exceeded.

config FREETZ_LIB_libipt_ULOG
	bool "libipt_ULOG.so"
	default n
	help
		This target provides userspace logging of matching packets. When this
		target is set for a rule, the Linux kernel will multicast this packet
		through a netlink socket. One or more userspace processes may then
		subscribe to various multicast groups and receive the packets.

config FREETZ_LIB_libipt_unclean
	bool "libipt_unclean.so"
	default n
	help
		This module takes no options, but attempts to match packets which seem
		malformed or unusual. This is regarded as experimental.
endmenu

menu "Select shared libraries (both IPv4 and IPv6)"
	depends on FREETZ_PACKAGE_IPTABLES_SHARED_LIBS

config FREETZ_LIB_libxt_CLASSIFY
	bool "libxt_CLASSIFY.so"
	default n
	help
		This module allows you to set the skb->priority value (and thus
		classify the packet into a specific CBQ class).

config FREETZ_LIB_libxt_comment
	bool "libxt_comment.so"
	select FREETZ_MODULE_xt_comment if FREETZ_KERNEL_VERSION_2_6_19
	default n
	help
		Allows you to add comments (up to 256 characters) to any rule.

config FREETZ_LIB_libxt_connbytes
	bool "libxt_connbytes.so"
	default n
	help
		Match by how many bytes or packets a connection (or one of the two
		flows constituting the connection) has transferred so far, or by
		average bytes per packet.

#config FREETZ_LIB_libxt_connlimit
#	bool "libxt_connlimit.so"
#	default n
#	help
#		Allows you to restrict the number of parallel connections to a server
#		per client IP address (or client address block).

config FREETZ_LIB_libxt_connmark
	bool "libxt_connmark.so"
	default n
	help
		This module matches the netfilter mark field associated with a
		connection (which can be set using the CONNMARK target below).

config FREETZ_LIB_libxt_CONNMARK
	bool "libxt_CONNMARK.so"
	default n
	help
		This module sets the netfilter mark value associated with a connection.

config FREETZ_LIB_libxt_CONNSECMARK
	bool "libxt_CONNSECMARK.so"
	default n
	help
		This module copies security markings from packets to connections
		(if unlabeled), and from connections back to packets (also only
		if unlabeled). Typically used in conjunction with SECMARK, it is
		only valid in the mangle table.

config FREETZ_LIB_libxt_conntrack
	bool "libxt_conntrack.so"
	select FREETZ_MODULE_xt_conntrack if FREETZ_KERNEL_VERSION_2_6_19_MIN
	default n
	help
		This module, when combined with connection tracking, allows access to
		the	connection tracking state for this packet/connection.

config FREETZ_LIB_libxt_dscp
	bool "libxt_dscp.so"
	default n
	help
		This module matches the 6 bit DSCP field within the TOS field in the
		IP header. DSCP has superseded TOS within the IETF.

config FREETZ_LIB_libxt_DSCP
	bool "libxt_DSCP.so"
	default n
	help
		This target allows to alter the value of the DSCP bits within the TOS
		header of the IPv4 packet. As this manipulates a packet, it can only
		be used in the mangle table.

config FREETZ_LIB_libxt_esp
	bool "libxt_esp.so"
	default n
	help
		This module matches the SPIs in ESP header of IPsec packets.

config FREETZ_LIB_libxt_hashlimit
	bool "libxt_hashlimit.so"
	default n
	help
		hashlimit uses hash buckets to express a rate limiting match (like the
		limit match) for a group of connections using a single iptables
		rule.

config FREETZ_LIB_libxt_helper
	bool "libxt_helper.so"
	select FREETZ_MODULE_xt_helper if FREETZ_KERNEL_VERSION_2_6_19
	default n
	help
		This module matches packets related to a specific conntrack-helper.

config FREETZ_LIB_libxt_iprange
	bool "libxt_iprange.so"
	default n
	help
		This matches on a given arbitrary range of IP addresses.

config FREETZ_LIB_libxt_length
	bool "libxt_length.so"
	select FREETZ_MODULE_xt_length if FREETZ_KERNEL_VERSION_2_6_19
	default n
	help
		This module matches the length of the layer-3 payload (e.g. layer-4
		packet) of a packet against a specific value or range of values.

config FREETZ_LIB_libxt_limit
	bool "libxt_limit.so"
	select FREETZ_MODULE_xt_limit if FREETZ_KERNEL_VERSION_2_6_19
	default n
	help
		This module matches at a limited rate using a token bucket filter.
		A rule using this extension will match until this limit is reached
		(unless the `!' flag is used). It can be used in combination with the
		LOG target to give limited logging, for example.

config FREETZ_LIB_libxt_mac
	bool "libxt_mac.so"
	select FREETZ_MODULE_xt_mac if FREETZ_KERNEL_VERSION_2_6_19
	default n
	help
		Match source MAC address.

config FREETZ_LIB_libxt_mark
	bool "libxt_mark.so"
	select FREETZ_MODULE_xt_mark if FREETZ_KERNEL_VERSION_2_6_19
	default n
	help
		This module matches the netfilter mark field associated with a packet
		(which can be set using the MARK target below).

config FREETZ_LIB_libxt_MARK
	bool "libxt_MARK.so"
	select FREETZ_MODULE_xt_MARK if FREETZ_KERNEL_VERSION_2_6_19
	default n
	help
		This target is used to set the Netfilter mark value associated with
		the packet. The target can only be used in the mangle table. It can,
		for example, be used in conjunction with routing based on fwmark
		(needs iproute2).

config FREETZ_LIB_libxt_multiport
	bool "libxt_multiport.so"
	select FREETZ_MODULE_xt_multiport if FREETZ_KERNEL_VERSION_2_6_19
	default n
	help
		This module matches a set of source or destination ports. Up to 15
		ports can be specified. A port range (port:port) counts as two
		ports.

config FREETZ_LIB_libxt_NFLOG
	bool "libxt_NFLOG.so"
	default n
	help
		This target provides logging of matching packets. When this target is
		set for a rule, the Linux kernel will pass the packet to the loaded
		logging backend to log the packet.

config FREETZ_LIB_libxt_NFQUEUE
	bool "libxt_NFQUEUE.so"
	default n
	help
		This target is an extension of the QUEUE target. As opposed to QUEUE,
		it allows you to put a packet into any specific queue, identified by
		its 16-bit queue number.

config FREETZ_LIB_libxt_NOTRACK
	bool "libxt_NOTRACK.so"
	default n
	help
		This target disables connection tracking for all packets matching
		that rule.

config FREETZ_LIB_libxt_owner
	bool "libxt_owner.so"
	default n
	help
		This module attempts to match various characteristics of the packet
		creator, for locally generated packets.

config FREETZ_LIB_libxt_physdev
	bool "libxt_physdev.so"
	select FREETZ_MODULE_xt_physdev if FREETZ_KERNEL_VERSION_2_6_19
	default n
	help
		This module matches on the bridge port input and output devices
		enslaved to a bridge device.

config FREETZ_LIB_libxt_pkttype
	bool "libxt_pkttype.so"
	select FREETZ_MODULE_xt_pkttype if FREETZ_KERNEL_VERSION_2_6_19
	default n
	help
		This module matches the link-layer packet type.

config FREETZ_LIB_libxt_quota
	bool "libxt_quota.so"
	default n
	help
		Implements network quotas by decrementing a byte counter with each
		packet.

config FREETZ_LIB_libxt_rateest
	bool "libxt_rateest.so"
	default n

config FREETZ_LIB_libxt_RATEEST
	bool "libxt_RATEEST.so"
	default n
	help
		The RATEEST target collects statistics, performs rate estimation
		calculation and saves the results for later evaluation using the
		rateest match.

config FREETZ_LIB_libxt_sctp
	bool "libxt_sctp.so"
	default n

config FREETZ_LIB_libxt_SECMARK
	bool "libxt_SECMARK.so"
	default n
	help
		This is used to set the security mark value associated with the
		packet for use by security subsystems such as SELinux.

config FREETZ_LIB_libxt_standard
	bool "libxt_standard.so"
	default n

config FREETZ_LIB_libxt_state
	bool "libxt_state.so"
	select FREETZ_MODULE_xt_state if FREETZ_KERNEL_VERSION_2_6_19_MIN
	default n
	help
		This module, when combined with connection tracking, allows access to
		the connection tracking state for this packet.

config FREETZ_LIB_libxt_statistic
	bool "libxt_statistic.so"
	default n
	help
		This module matches packets based on some statistic condition.

config FREETZ_LIB_libxt_string
	bool "libxt_string.so"
	select FREETZ_MODULE_xt_string if FREETZ_KERNEL_VERSION_2_6_19
	default n
	help
		This modules matches a given string by using some pattern matching
		strategy.

config FREETZ_LIB_libxt_tcpmss
	bool "libxt_tcpmss.so"
	select FREETZ_MODULE_xt_tcpmss if FREETZ_KERNEL_VERSION_2_6_19
	default n
	help
		This matches the TCP MSS (maximum segment size) field of the TCP header.

config FREETZ_LIB_libxt_TCPMSS
	bool "libxt_TCPMSS.so"
	default n
	help
		This target allows to alter the MSS value of TCP SYN packets, to control
		the maximum size for that connection (usually limiting it to your
		outgoing interface's MTU minus 40 for IPv4 or 60 for IPv6,
		respectively).

config FREETZ_LIB_libxt_tcp
	bool "libxt_tcp.so"
	select FREETZ_MODULE_xt_tcpudp if FREETZ_KERNEL_VERSION_2_6_19
	default n
	help
		These extensions can be used if `--protocol tcp' is specified.

config FREETZ_LIB_libxt_time
	bool "libxt_time.so"
	default n
	help
		This matches if the packet arrival time/date is within a given range.

config FREETZ_LIB_libxt_tos
	bool "libxt_tos.so"
	default n
	help
		This module matches the 8-bit Type of Service field in the IPv4 header
		(i.e. including the "Precedence" bits) or the (also 8-bit) Priority
		field in the IPv6 header.

config FREETZ_LIB_libxt_TOS
	bool "libxt_TOS.so"
	default n
	help
		This module sets the Type of Service field in the IPv4 header
		(including the 'precedence' bits) or the Priority field in the IPv6
		header.

config FREETZ_LIB_libxt_TRACE
	bool "libxt_TRACE.so"
	default n
	help
		This target marks packes so that the kernel will log every rule which
		match the packets as those traverse the tables, chains, rules.
		(The ipt_LOG or ip6t_LOG module is required for the logging.)

config FREETZ_LIB_libxt_u32
	bool "libxt_u32.so"
	default n
	help
		U32 tests whether quantities of up to 4 bytes extracted from a packet
		have specified values. The specification of what to extract is general
		enough to find data at given offsets from tcp headers or payloads.

config FREETZ_LIB_libxt_udp
	bool "libxt_udp.so"
	select FREETZ_MODULE_xt_tcpudp if FREETZ_KERNEL_VERSION_2_6_19
	default n
	help
		These extensions can be used if `--protocol udp' is specified.
endmenu

menu "Select shared libraries (IPv6)"
	depends on FREETZ_PACKAGE_IPTABLES_SHARED_LIBS
	depends on FREETZ_TARGET_IPV6_SUPPORT

config FREETZ_LIB_libip6t_ah
	bool "libip6t_ah.so"
	default n
	help
		This module matches the parameters in Authentication header of IPsec
		packets.

config FREETZ_LIB_libip6t_dst
	bool "libip6t_dst.so"
	default n
	help
		This module matches the parameters in Destination Options header.

config FREETZ_LIB_libip6t_eui64
	bool "libip6t_eui64.so"
	default n
	help
		This module matches the EUI-64 part of a stateless autoconfigured IPv6
		address.

config FREETZ_LIB_libip6t_frag
	bool "libip6t_frag.so"
	default n
	help
		This module matches the parameters in Fragment header.

config FREETZ_LIB_libip6t_hbh
	bool "libip6t_hbh.so"
	default n
	help
		This module matches the parameters in Hop-by-Hop Options header.

config FREETZ_LIB_libip6t_hl
	bool "libip6t_hl.so"
	default n
	help
		This module matches the Hop Limit field in the IPv6 header.

config FREETZ_LIB_libip6t_HL
	bool "libip6t_HL.so"
	default n
	help
		This is used to modify the Hop Limit field in IPv6 header.
		The Hop Limit field is similar to what is known as TTL value in IPv4.

config FREETZ_LIB_libip6t_icmp6
	bool "libip6t_icmp6.so"
	default y
	help
		This extension can be used if `--protocol ipv6-icmp' or
		`--protocol icmpv6' is specified.

config FREETZ_LIB_libip6t_ipv6header
	bool "libip6t_ipv6header.so"
	default n
	help
		This module matches IPv6 extension headers and/or upper layer header.

config FREETZ_LIB_libip6t_LOG
	bool "libip6t_LOG.so"
	default n
	help
		Turn on kernel logging of matching packets. When this option is set
		for a rule, the Linux kernel will print some information on all
		matching packets (like most IPv6 IPv6-header fields) via the kernel log
		(where it can be read with dmesg or syslogd (8)).

config FREETZ_LIB_libip6t_mh
	bool "libip6t_mh.so"
	default n
	help
		This extension is loaded if `--protocol ipv6-mh' or `--protocol mh' is
		specified.

config FREETZ_LIB_libip6t_REJECT
	bool "libip6t_REJECT.so"
	default n
	help
		This is used to send back an error packet in response to the matched
		packet: otherwise it is equivalent to DROP so it is a terminating
		TARGET, ending rule traversal.

config FREETZ_LIB_libip6t_rt
	bool "libip6t_rt.so"
	default n
	help
		Match on IPv6 routing header.
endmenu

../make/iptables/standard-modules.in
Code:
if FREETZ_KERNEL_VERSION_2_6_13
config FREETZ_PACKAGE_IPTABLES_STANDARD_MODULES
	bool
	default n

	depends on FREETZ_PACKAGE_IPTABLES

	# Activate group menus for modules and libs before selecting sub-entries
	select FREETZ_PACKAGE_IPTABLES_KERNEL_MODULES
	select FREETZ_PACKAGE_IPTABLES_SHARED_LIBS if ! FREETZ_PACKAGE_IPTABLES_STATIC

	# Kernel modules
	select FREETZ_MODULE_ip_tables
	select FREETZ_MODULE_ip_conntrack
	select FREETZ_MODULE_ip_conntrack_ftp
	select FREETZ_MODULE_iptable_filter
	select FREETZ_MODULE_ipt_iprange
	select FREETZ_MODULE_ipt_LOG
	select FREETZ_MODULE_ipt_mac
	select FREETZ_MODULE_ipt_multiport
	select FREETZ_MODULE_ipt_state
	select FREETZ_MODULE_iptable_nat
	select FREETZ_MODULE_ipt_MASQUERADE
	select FREETZ_MODULE_ipt_REDIRECT
	select FREETZ_MODULE_ipt_REJECT

	# Shared libs
	select FREETZ_LIB_libxt_iprange
	select FREETZ_LIB_libipt_LOG
	select FREETZ_LIB_libxt_mac
	select FREETZ_LIB_libxt_multiport
	select FREETZ_LIB_libxt_standard
	select FREETZ_LIB_libxt_state
	select FREETZ_LIB_libxt_tcp
	select FREETZ_LIB_libxt_udp
	select FREETZ_LIB_libipt_DNAT
	select FREETZ_LIB_libipt_SNAT
	select FREETZ_LIB_libipt_MASQUERADE
	select FREETZ_LIB_libipt_REDIRECT
endif

if FREETZ_KERNEL_VERSION_2_6_19
config FREETZ_PACKAGE_IPTABLES_STANDARD_MODULES
	bool
	default n

	depends on FREETZ_PACKAGE_IPTABLES

	# Activate group menus for modules and libs before selecting sub-entries
	select FREETZ_PACKAGE_IPTABLES_KERNEL_MODULES
	select FREETZ_PACKAGE_IPTABLES_SHARED_LIBS if ! FREETZ_PACKAGE_IPTABLES_STATIC

	# Kernel modules
	select FREETZ_MODULE_ip_tables
	select FREETZ_MODULE_ip_conntrack
	select FREETZ_MODULE_ip_conntrack_ftp
	select FREETZ_MODULE_ip_nat
	select FREETZ_MODULE_ip_nat_ftp
	select FREETZ_MODULE_iptable_filter
	select FREETZ_MODULE_ipt_REJECT
	select FREETZ_MODULE_ipt_iprange
	select FREETZ_MODULE_ipt_LOG
	select FREETZ_MODULE_iptable_nat
	select FREETZ_MODULE_ipt_MASQUERADE
	select FREETZ_MODULE_ipt_REDIRECT
	select FREETZ_MODULE_xt_mac
	select FREETZ_MODULE_xt_multiport
	select FREETZ_MODULE_xt_state
	select FREETZ_MODULE_xt_conntrack
	select FREETZ_MODULE_xt_length
	select FREETZ_MODULE_xt_limit
	select FREETZ_MODULE_xt_mark
	select FREETZ_MODULE_xt_MARK
	select FREETZ_MODULE_xt_pkttype
	select FREETZ_MODULE_xt_physdev
	select FREETZ_MODULE_xt_tcpudp

	# Shared libs
	select FREETZ_LIB_libxt_CLASSIFY
	select FREETZ_LIB_libxt_connbytes
	select FREETZ_LIB_libxt_connmark
	select FREETZ_LIB_libxt_CONNMARK
	select FREETZ_LIB_libxt_conntrack
	select FREETZ_LIB_libxt_iprange
	select FREETZ_LIB_libxt_length
	select FREETZ_LIB_libxt_limit
	select FREETZ_LIB_libxt_mac
	select FREETZ_LIB_libxt_mark
	select FREETZ_LIB_libxt_MARK
	select FREETZ_LIB_libxt_multiport
	select FREETZ_LIB_libxt_physdev
	select FREETZ_LIB_libxt_pkttype
	select FREETZ_LIB_libxt_standard
	select FREETZ_LIB_libxt_state
	select FREETZ_LIB_libxt_TCPMSS
	select FREETZ_LIB_libxt_tcp
	select FREETZ_LIB_libxt_udp
	select FREETZ_LIB_libipt_addrtype
	select FREETZ_LIB_libipt_DNAT
	select FREETZ_LIB_libipt_icmp
	select FREETZ_LIB_libipt_LOG
	select FREETZ_LIB_libipt_MASQUERADE
	select FREETZ_LIB_libipt_REDIRECT
	select FREETZ_LIB_libipt_REJECT
	select FREETZ_LIB_libipt_SNAT
	select FREETZ_LIB_libipt_ULOG
endif

if FREETZ_KERNEL_VERSION_2_6_28
config FREETZ_PACKAGE_IPTABLES_STANDARD_MODULES
	bool
	default n

	depends on FREETZ_PACKAGE_IPTABLES

	# Activate group menus for modules and libs before selecting sub-entries
	select FREETZ_PACKAGE_IPTABLES_KERNEL_MODULES
	select FREETZ_PACKAGE_IPTABLES_SHARED_LIBS if ! FREETZ_PACKAGE_IPTABLES_STATIC

	# Kernel modules
	select FREETZ_MODULE_ip_tables
	select FREETZ_MODULE_nf_conntrack
	select FREETZ_MODULE_nf_conntrack_ftp
	select FREETZ_MODULE_nf_nat
	select FREETZ_MODULE_nf_nat_ftp
	select FREETZ_MODULE_iptable_filter
	select FREETZ_MODULE_ipt_REJECT
	select FREETZ_MODULE_ipt_LOG
	select FREETZ_MODULE_iptable_nat
	#select FREETZ_MODULE_ipt_MASQUERADE
	select FREETZ_MODULE_xt_mac
	select FREETZ_MODULE_xt_multiport
	select FREETZ_MODULE_xt_iprange
	select FREETZ_MODULE_xt_length
	select FREETZ_MODULE_xt_limit
	select FREETZ_MODULE_xt_mark
	select FREETZ_MODULE_xt_MARK
	select FREETZ_MODULE_xt_pkttype
	select FREETZ_MODULE_xt_physdev
	select FREETZ_MODULE_xt_tcpudp

	# Shared libs
	select FREETZ_LIB_libxt_CLASSIFY
	select FREETZ_LIB_libxt_connbytes
	select FREETZ_LIB_libxt_connmark
	select FREETZ_LIB_libxt_CONNMARK
	select FREETZ_LIB_libxt_conntrack
	select FREETZ_LIB_libxt_iprange
	select FREETZ_LIB_libxt_length
	select FREETZ_LIB_libxt_limit
	select FREETZ_LIB_libxt_mac
	select FREETZ_LIB_libxt_mark
	select FREETZ_LIB_libxt_MARK
	select FREETZ_LIB_libxt_multiport
	select FREETZ_LIB_libxt_physdev
	select FREETZ_LIB_libxt_pkttype
	select FREETZ_LIB_libxt_standard
	select FREETZ_LIB_libxt_state
	select FREETZ_LIB_libxt_TCPMSS
	select FREETZ_LIB_libxt_tcp
	select FREETZ_LIB_libxt_udp
	select FREETZ_LIB_libipt_addrtype
	select FREETZ_LIB_libipt_DNAT
	select FREETZ_LIB_libipt_icmp
	select FREETZ_LIB_libipt_LOG
	select FREETZ_LIB_libipt_MASQUERADE
	select FREETZ_LIB_libipt_REDIRECT
	select FREETZ_LIB_libipt_REJECT
	select FREETZ_LIB_libipt_SNAT
	select FREETZ_LIB_libipt_ULOG
endif

if FREETZ_KERNEL_VERSION_2_6_32
config FREETZ_PACKAGE_IPTABLES_STANDARD_MODULES
	bool
	default n

	depends on FREETZ_PACKAGE_IPTABLES

	# Activate group menus for modules and libs before selecting sub-entries
	select FREETZ_PACKAGE_IPTABLES_KERNEL_MODULES
	select FREETZ_PACKAGE_IPTABLES_SHARED_LIBS if ! FREETZ_PACKAGE_IPTABLES_STATIC

	# Kernel modules
	select FREETZ_MODULE_ip_tables
	select FREETZ_MODULE_nf_conntrack
	select FREETZ_MODULE_nf_conntrack_ftp
	select FREETZ_MODULE_nf_nat
	select FREETZ_MODULE_nf_nat_ftp
	select FREETZ_MODULE_iptable_filter
	select FREETZ_MODULE_ipt_REJECT
	select FREETZ_MODULE_ipt_LOG
	select FREETZ_MODULE_iptable_nat
	#select FREETZ_MODULE_ipt_MASQUERADE
	select FREETZ_MODULE_xt_mac
	select FREETZ_MODULE_xt_multiport
	select FREETZ_MODULE_xt_iprange
        select FREETZ_MODULE_xt_state
        select FREETZ_MODULE_xt_conntrack
	select FREETZ_MODULE_xt_length
	select FREETZ_MODULE_xt_limit
	select FREETZ_MODULE_xt_mark
	select FREETZ_MODULE_xt_MARK
	select FREETZ_MODULE_xt_pkttype
	select FREETZ_MODULE_xt_physdev
	select FREETZ_MODULE_xt_tcpudp

	# Shared libs
	select FREETZ_LIB_libxt_CLASSIFY
	select FREETZ_LIB_libxt_connbytes
	select FREETZ_LIB_libxt_connmark
	select FREETZ_LIB_libxt_CONNMARK
	select FREETZ_LIB_libxt_conntrack
	select FREETZ_LIB_libxt_iprange
	select FREETZ_LIB_libxt_length
	select FREETZ_LIB_libxt_limit
	select FREETZ_LIB_libxt_mac
	select FREETZ_LIB_libxt_mark
	select FREETZ_LIB_libxt_MARK
	select FREETZ_LIB_libxt_multiport
	select FREETZ_LIB_libxt_physdev
	select FREETZ_LIB_libxt_pkttype
	select FREETZ_LIB_libxt_standard
	select FREETZ_LIB_libxt_state
	select FREETZ_LIB_libxt_TCPMSS
	select FREETZ_LIB_libxt_tcp
	select FREETZ_LIB_libxt_udp
	select FREETZ_LIB_libipt_addrtype
	select FREETZ_LIB_libipt_DNAT
	select FREETZ_LIB_libipt_icmp
	select FREETZ_LIB_libipt_LOG
	select FREETZ_LIB_libipt_MASQUERADE
	select FREETZ_LIB_libipt_REDIRECT
	select FREETZ_LIB_libipt_REJECT
	select FREETZ_LIB_libipt_SNAT
	select FREETZ_LIB_libipt_ULOG
endif

lsmod
Code:
Module                  Size  Used by    Tainted: P  
userman_mod            51600  4 
ifx_ppa_mini_sessions    71104  0 
ifxmips_ppa_hal_ar9_a5    43840  0 
ath_pktlog             15776  0 
umac                  637696  1 ath_pktlog
ifxmips_ppa_datapath_ar9_a5   112240  1 
ath_dev               200240  2 ath_pktlog,umac
ath_dfs                46128  2 umac,ath_dev
ath_rate_atheros       25440  3 ath_pktlog,umac,ath_dev
ath_hal               582992  4 ath_pktlog,umac,ath_dev,ath_rate_atheros
xt_state                 784  4 
xt_multiport            1872  2 
iptable_raw              672  0 
iptable_nat             2384  0 
asf                     7632  4 umac,ath_dev,ath_dfs,ath_hal
nf_nat                 10752  1 iptable_nat
adf                    13184  3 umac,ath_dev,ath_hal
nf_conntrack_ipv4       7888  7 iptable_nat,nf_nat
nf_defrag_ipv4           640  1 nf_conntrack_ipv4
nf_conntrack           42960  4 xt_state,iptable_nat,nf_nat,nf_conntrack_ipv4
iptable_mangle          1056  0 
iptable_filter           800  1 
ipt_REJECT              1952  0 
ipt_LOG                 4800  4 
ip_tables               9280  4 iptable_raw,iptable_nat,iptable_mangle,iptable_filter
x_tables               10176  6 xt_state,xt_multiport,iptable_nat,ipt_REJECT,ipt_LOG,ip_tables
ulpcmlink              22032  0 
sch_sfq                 4704  4 
sch_llq                 7248  1 
sch_tbf                 3648  1 
aae                   107888  4 umac,ath_dev,ath_dfs,ath_hal
kdsldmod             1168720  9 userman_mod
drv_dsl_cpe_api       309104  2 
ifxmips_mei            36544  4 ifxmips_ppa_datapath_ar9_a5,drv_dsl_cpe_api
usb_storage            36704  1 
sd_mod                 27840  2 
scsi_mod              119808  2 usb_storage,sd_mod
ifxusb_host            80160  0 
usbcore               118864  3 usb_storage,ifxusb_host
ramzswap               15424  1 
lzo_compress            1728  1 ramzswap
lzo_decompress          1888  1 ramzswap
vfat                    9072  0 
fat                    46208  1 vfat
dect_io                10256  2 
avm_dect              216400  1 dect_io
capi_codec            341840  0 
isdn_fbox_fon5        727920  6 
pcmlink               378736  5 ulpcmlink,avm_dect,capi_codec,isdn_fbox_fon5
Piglet_noemif          30496  0 
rtc_avm                 3584  1 pcmlink
led_modul_Fritz_Box_7320    69008  8
Das einzige was nicht geladen werden kann ist das Modul ipt_MASQUERADE. Du siehst zwar in das ich es in der "standard-modules.in" mit einer Raute aktiviert habe, das hatte ich aber erst gemacht als das Modul nicht gebaut wurde. Warum auch immer? Mein Regewerk ist noch in der Planung.

iptables -vnL
Code:
Chain INPUT (policy ACCEPT 85295 packets, 17M bytes)
 pkts bytes target     prot opt in     out     source               destination         
  156 15351 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
 3724  980K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
29911 4245K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
85311   17M LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4 prefix "[INPUT]"

Chain FORWARD (policy ACCEPT 35782 packets, 3436K bytes)
 pkts bytes target     prot opt in     out     source               destination         
23826 3117K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
35783 3436K LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4 prefix "[FORWARD]"

Chain OUTPUT (policy ACCEPT 28981 packets, 7597K bytes)
 pkts bytes target     prot opt in     out     source               destination         
30371 7670K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
28994 7601K LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4 prefix "[OUTPUT]"

Chain PLEX (0 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     udp  --  *      *       192.168.0.0/16       0.0.0.0/0            multiport dports 1900,32400,32410,32412,32414
    0     0 ACCEPT     tcp  --  *      *       192.168.0.0/16       0.0.0.0/0            multiport dports 32400,49152
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
    0     0 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4 prefix "[CHAIN_PLEX]"
Probleme habe ich zur Zeit noch mit dem WebGUI NHIPT, mit dem Routing & dhcprelay Befehl (liegt wohl an der modifizierten ar7.cfg) und meinen Plex Media Server im Netz.

Lieben Gruß von Stefan Harbich
 
Ändere den Teil in der config.in mal so ab:
Code:
config FREETZ_MODULE_xt_state
	bool "xt_state.ko"
	#depends on FREETZ_KERNEL_VERSION_2_6_19_MIN
	select FREETZ_MODULE_x_tables
	#select FREETZ_MODULE_ip_conntrack if FREETZ_KERNEL_VERSION_2_6_19
	select FREETZ_MODULE_nf_conntrack if FREETZ_KERNEL_VERSION_2_6_28_MIN
	default n
	help

Kommt mit Deiner Ausgabe von lsmod die Fehlermeldung bei der Regel aus #2 bzgl. xt-state immer noch ?
Wozu benötigst Du MASQUERQADE bzw. was möchtest Du damit machen ?
Grüße,

JD.
 
Hallo JohnDoe,

nein die Fehlermeldung kommt nun nicht mehr. Jetzt versuche ich mein Plex Mediasevrer via DLNA Zugriff zu erreichen. Dieser befindet sich im DMZ Netz IP-Adresse 192.168.20.20 Interface=dmz (Netz:192.168.20.0/24). Meine Clients befinden sich im Netz Interface=intern (Netz:192.168.10.0/24) und im Netz Interface=lan (Netz: 192.168.30/24). Jetzt muss ich dafür soregen das aus dem intern und dem lan Netz folgende Kommunikation beim Plex Mediaserver ankommt (upd 1900,32400,32410,32412,32414) und (tcp 32400,49152). Kannst Du mir sagen welche Regel ich setzen muss, damit die Kommunikation (Hinweg & Rückweg) funktioniert?

Doof ist nur das die FritzBox den Port 1900 zu müllt wegen UPnP Funktion (Fax, Statusmedlung via Email Versand, etc.).

Lieben Gruß von Stefan Harbich
 
Zuletzt bearbeitet:
Jetzt muss ich dafür soregen das aus dem intern und dem lan Netz folgende Kommunikation beim Plex Mediaserver ankommt (upd 1900,32400,32410,32412,32414) und (tcp 32400,49152). Kannst Du mir sagen welche Regel ich setzen muss, damit die Kommunikation (Hinweg & Rückweg) funktioniert?

Versuch mal
Code:
iptables -A FORWARD -p tcp -m multiport --sport 32400,49152 --dport 32400,49152 -j ACCEPT
iptables -A FORWARD -p udp -m multiport --sport 1900,32400,32410,32412,32414 --dport 1900,32400,32410,32412,32414 -j ACCEPT
, unter der Voraussetzung, daß alles andere in dieser Kette gedropt wird.
Falls das (noch) nicht funktioniert, kannst Du am Ende der FORWARD-Kette in LOG-TARGET einbauen, dann siehst Du in den Syslogs, woran es scheitert.
Grüße,

JD.
 
Hallo JohnDoe42,

versuche ich die Regeln von Dir einzugeben kommt folgende Fehlermeldung:
Code:
iptables v1.4.11.1: multiport: option "--source-ports" cannot be used together with "--destination-ports".
Try `iptables -h' or 'iptables --help' for more information.
Exit Code 2 - iptables -A FORWARD -p udp -m multiport --sport 1900,32400,32410,32412,32414 --dport 1900,32400,32410,32412,32414 -j ACCEPT
Da scheint irgenwas noch nicht zu stimmen?

Lieben Gruß von Stefan Harbich
 
Dann laß eins von beidem weg und versuche, ob Dein Traffic funktioniert.
Ich würde die destination ports weglassen, also:
Code:
iptables -A FORWARD -p tcp -m multiport --sport 32400,49152 -j ACCEPT
iptables -A FORWARD -p udp -m multiport --sport 1900,32400,32410,32412,32414 -j ACCEPT
Grüße,

JD.
 
Hallo JohnDoe42,
die Regel kann ich erstellen leider funktioniert der Zugriff von allen DNLA-Clients zum DNLA-Server immer noch nicht. Allerdings kann ich vom FritzFon den Mediaserver erreichen. Komisch? Zugriff vom FritzFon, gemessen am Interface DMZ wo der Server dranhängt.
Code:
root@rome01:/var/mod/root# tcpdump -i dmz | grep 1900
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on dmz, link-type EN10MB (Ethernet), capture size 65535 bytes
00:20:36.453869 IP dsme01.xyz.de.6901 > 239.255.255.250.1900: UDP, length 173
00:20:36.454653 IP dsme01.xyz.de.6901 > 239.255.255.250.1900: UDP, length 173
00:20:36.504626 IP 192.168.20.1.1900 > dsme01.xyz.de.6901: UDP, length 268
00:20:36.506075 IP 192.168.20.1.1900 > dsme01.xyz.de.6901: UDP, length 268
00:20:39.171727 IP rome01.xyz.de.60335 > 239.255.255.250.1900: UDP, length 129
00:20:39.175010 IP6 fe80::be05:43ff:feef:bc08.47211 > ff02::c.1900: UDP, length 123
00:20:39.181387 IP 192.168.20.1.48241 > 239.255.255.250.1900: UDP, length 129
00:20:44.147397 IP rome01.xyz.de.60335 > 239.255.255.250.1900: UDP, length 129
Code:
root@rome01:/var/mod/root# tcpdump -i dmz | grep 32469
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on dmz, link-type EN10MB (Ethernet), capture size 65535 bytes
00:10:57.774446 IP 192.168.20.1.51505 > dsme01.xyz.de.32469: Flags [S], seq 4186218576, win 5840, options [mss 1460,sackOK,TS val 534022 ecr 0,nop,wscale 2], length 0
00:10:57.774736 IP dsme01.xyz.de.32469 > 192.168.20.1.51505: Flags [S.], seq 473081711, ack 4186218577, win 14480, options [mss 1460,sackOK,TS val 160374500 ecr 534022,nop,wscale 7], length 0
00:10:57.774980 IP 192.168.20.1.51505 > dsme01.xyz.de.32469: Flags [.], ack 1, win 1460, options [nop,nop,TS val 534022 ecr 160374500], length 0
00:10:57.796956 IP 192.168.20.1.51505 > dsme01.xyz.de.32469: Flags [P.], seq 1:123, ack 1, win 1460, options [nop,nop,TS val 534024 ecr 160374500], length 122
00:10:57.797969 IP 192.168.20.1.51505 > dsme01.xyz.de.32469: Flags [.], ack 188, win 1460, options [nop,nop,TS val 534024 ecr 160374506], length 0
00:10:57.798268 IP 192.168.20.1.51505 > dsme01.xyz.de.32469: Flags [.], ack 1636, win 2184, options [nop,nop,TS val 534024 ecr 160374506], length 0
00:10:57.798508 IP 192.168.20.1.51505 > dsme01.xyz.de.32469: Flags [.], ack 1636, win 2184, options [nop,nop,TS val 534024 ecr 160374506,nop,nop,sack 1 {3084:3933}], length 0
00:10:57.798866 IP 192.168.20.1.51505 > dsme01.xyz.de.32469: Flags [.], ack 3933, win 2908, options [nop,nop,TS val 534025 ecr 160374506], length 0
00:10:57.798976 IP dsme01.xyz.de.32469 > 192.168.20.1.51505: Flags [F.], seq 3933, ack 123, win 114, options [nop,nop,TS val 160374506 ecr 534024], length 0
00:10:57.809389 IP 192.168.20.1.52918 > dsme01.xyz.de.32469: Flags [S], seq 520244578, win 5840, options [mss 1460,sackOK,TS val 534026 ecr 0,nop,wscale 2], length 0
00:10:57.809710 IP dsme01.xyz.de.32469 > 192.168.20.1.52918: Flags [S.], seq 2090771891, ack 520244579, win 14480, options [mss 1460,sackOK,TS val 160374509 ecr 534026,nop,wscale 7], length 0
Nun der Träffik vom Interface lan wo die Clients dran hängen
Code:
root@rome01:/var/mod/root# tcpdump -i lan | grep 1900
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lan, link-type EN10MB (Ethernet), capture size 65535 bytes
00:24:46.845769 IP sgsthme01.xyz.de.33991 > 239.255.255.250.1900: UDP, length 101
00:24:46.849060 IP fritz.box.1900 > sgsthme01.xyz.de.33991: UDP, length 268
00:24:49.093557 IP rpme01.xyz.de.38325 > 239.255.255.250.1900: UDP, length 122
00:24:49.094310 IP6 fe80::c425:6ff:fe66:5946.43631 > ff02::c.1900: UDP, length 116
00:24:49.096764 IP fritz.box.1900 > rpme01.xyz.de.38325: UDP, length 310
^C68 packets captured
73 packets received by filter
3 packets dropped by kernel
Zum Port 32469 wird kein Träffic angezeigt. Auf dem dmz (Server Interface) ist kein Träffik vom und zum Client ersichtlich. Lösung wäre, wenn möglich, dass alle udp Pakete 1900 und tcp Pakete 32469 aus dem lan netz zum dmz netz, bzw. zum Server mit der IP 192.168.20.20 weitergeleitet werden? Kannst Du mich hier unterstützen?

Lieben Gruß von Stefan Harbich
 
Zuletzt bearbeitet:
Baue doch mal ein LOG-Target in Deiner FORWARD-Chain am Ende aller Regeln ein:
Code:
ipatables -A FORWARD -s 192.168.30/24 -d 192.168.20.0/24 -j LOG --log-prefix "DMZ-TRAFFIC "

Da siehst Du, welcher Traffic durch die Fritzbox zu Deiner DMZ nicht funktioniert. Hier muss die o.g. Regel als letzte in Deiner FORWARD-Chain stehen, vorausgesetzt, dass die Default-Policy auf DROP steht.
 
Hallo JohnDoe42,
ich habe überall am Ende eines Regelwerk (RULES FOR CHAIN INPUT [ filter ] [ IPv4 ], RULES FOR CHAIN FORWARD [ filter ] [ IPv4 ], RULES FOR CHAIN OUTPUT [ filter ] [ IPv4 ], RULES FOR CHAIN PREROUTING [ nat ] [ IPv4 ], usw. usw. usw. eine gesamt LOG-Target Regel z.B.
Code:
iptables -t filter -R INPUT 7  -j LOG --log-prefix '[INPUT]'
eingebaut. Allerdings sehe kein Träffic der verworfen wird. Das siehst Du ja auch im tcpdump. Ich weis nicht mehr weiter. Also ich bin kurz davor den ganzan AVM Mist in die Tonne zu schmeißen und was richtiges zu kaufen. Jetzt bringt mir das Log noch solche Meldungen
Code:
Mar 27 17:42:39 192.168.20.1 kernel: [ 1546.000000] [CHAIN_PREROUTING_MANGLE]IN=lan OUT= MAC=01:00:5e:7f:ff:fa:00:09:b0:90:8c:86:08:00:45:00:01:4c:00:00:40:00:02:11:a8:7c:c0:a8:1e:82:ef:ff:ff:fa:07:6c:07:6c:01:38:36:10:4e:4f:54:49:46:59:20:2a:20:48:54:54 SRC=192.16
Mar 27 17:42:39 192.168.20.1 kernel: [ 1546.000000] [CHAIN_INPUT_MANGLE]IN=lan OUT= MAC=01:00:5e:7f:ff:fa:00:09:b0:90:8c:86:08:00:45:00:01:4c:00:00:40:00:02:11:a8:7c:c0:a8:1e:82:ef:ff:ff:fa:07:6c:07:6c:01:38:36:10:4e:4f:54:49:46:59:20:2a:20:48:54:54 SRC=192.168.30.
Mar 27 17:42:39 192.168.20.1 kernel: [ 1546.020000] [CHAIN_PREROUTING_MANGLE]IN=lan OUT= MAC=01:00:5e:7f:ff:fa:00:09:b0:90:8c:86:08:00:45:00:01:7b:00:00:40:00:02:11:a8:4d:c0:a8:1e:82:ef:ff:ff:fa:07:6c:07:6c:01:67:2f:3f:4e:4f:54:49:46:59:20:2a:20:48:54:54 SRC=192.16
Mar 27 17:42:39 192.168.20.1 kernel: [ 1546.020000] [CHAIN_INPUT_MANGLE]IN=lan OUT= MAC=01:00:5e:7f:ff:fa:00:09:b0:90:8c:86:08:00:45:00:01:7b:00:00:40:00:02:11:a8:4d:c0:a8:1e:82:ef:ff:ff:fa:07:6c:07:6c:01:67:2f:3f:4e:4f:54:49:46:59:20:2a:20:48:54:54 SRC=192.168.30.
Mar 27 17:42:39 192.168.20.1 kernel: [ 1546.040000] [CHAIN_PREROUTING_MANGLE]IN=lan OUT= MAC=01:00:5e:7f:ff:fa:00:09:b0:90:8c:86:08:00:45:00:01:43:00:00:40:00:02:11:a8:85:c0:a8:1e:82:ef:ff:ff:fa:07:6c:07:6c:01:2f:cd:3f:4e:4f:54:49:46:59:20:2a:20:48:54:54 SRC=192.16
Mar 27 17:42:39 192.168.20.1 kernel: [ 1546.040000] [CHAIN_INPUT_MANGLE]IN=lan OUT= MAC=01:00:5e:7f:ff:fa:00:09:b0:90:8c:86:08:00:45:00:01:43:00:00:40:00:02:11:a8:85:c0:a8:1e:82:ef:ff:ff:fa:07:6c:07:6c:01:2f:cd:3f:4e:4f:54:49:46:59:20:2a:20:48:54:54 SRC=192.168.30.
Mar 27 17:42:39 192.168.20.1 kernel: [ 1546.070000] [CHAIN_PREROUTING_MANGLE]IN=lan OUT= MAC=01:00:5e:7f:ff:fa:00:09:b0:90:8c:86:08:00:45:00:01:83:00:00:40:00:02:11:a8:45:c0:a8:1e:82:ef:ff:ff:fa:07:6c:07:6c:01:6f:b0:d7:4e:4f:54:49:46:59:20:2a:20:48:54:54 SRC=192.16
Mar 27 17:42:39 192.168.20.1 kernel: [ 1546.070000] [CHAIN_INPUT_MANGLE]IN=lan OUT= MAC=01:00:5e:7f:ff:fa:00:09:b0:90:8c:86:08:00:45:00:01:83:00:00:40:00:02:11:a8:45:c0:a8:1e:82:ef:ff:ff:fa:07:6c:07:6c:01:6f:b0:d7:4e:4f:54:49:46:59:20:2a:20:48:54:54 SRC=192.168.30.
Was haben die Entwickler von AVM da nur mit dem Kernel gemacht???

Lieben Gruß von Stefan Harbich

Hier mein Regelwerk
Code:
root@rome01:/var/mod/root# iptables -vnL
Chain INPUT (policy ACCEPT 837 packets, 276K bytes)
 pkts bytes target     prot opt in     out     source               destination         
 9897 1267K ACCEPT     all  --  lan    *       192.168.30.0/24      0.0.0.0/0           
  887  169K ACCEPT     all  --  dmz    *       192.168.20.20        0.0.0.0/0           
  227 70696 ACCEPT     udp  --  intern *       192.168.10.1         239.255.255.250      multiport dports 1900
  227 70696 ACCEPT     udp  --  dmz    *       192.168.20.1         239.255.255.250      multiport dports 1900
    0     0 ACCEPT     udp  --  lan    *       192.168.30.1         239.255.255.250      multiport dports 1900
14087 3160K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
 2609  795K LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4 prefix "[INPUT]"

Chain FORWARD (policy ACCEPT 326 packets, 18265 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     icmp --  lan    intern  192.168.30.0/24      192.168.10.2        
   41  3444 ACCEPT     icmp --  dmz    dsl     192.168.20.0/24      192.168.178.5       
    4   192 ACCEPT     tcp  --  dsl    lan     74.125.136.94        192.168.30.0/24      multiport sports 443
    0     0 ACCEPT     tcp  --  dsl    intern  91.189.92.10         192.168.10.0/24      multiport sports 443
    0     0 ACCEPT     tcp  --  dsl    lan     173.194.113.50       192.168.30.0/24      multiport sports 443
    0     0 ACCEPT     tcp  --  dsl    lan     194.25.134.46        192.168.30.0/24      multiport sports 995
    0     0 ACCEPT     tcp  --  intern dmz     192.168.10.0/24      192.168.20.0/24      multiport dports 22,32400,49152
   12  1236 ACCEPT     tcp  --  lan    dmz     192.168.30.0/24      192.168.20.0/24      multiport dports 22,32400,49152
    0     0 ACCEPT     tcp  --  intern dsl     192.168.10.0/24      91.189.92.10         multiport dports 443
    0     0 ACCEPT     tcp  --  dmz    intern  192.168.20.0/24      192.168.10.0/24      multiport sports 22,32400,49152
   10  3112 ACCEPT     tcp  --  dmz    lan     192.168.20.0/24      192.168.30.0/24      multiport sports 22,32400,49152
    7   615 ACCEPT     tcp  --  lan    dsl     192.168.30.0/24      74.125.136.94        multiport dports 443
   25  2257 ACCEPT     tcp  --  lan    dsl     192.168.30.0/24      173.194.65.188       multiport dports 5228
    0     0 ACCEPT     tcp  --  lan    dsl     192.168.30.0/24      173.194.113.50       multiport dports 443
    0     0 ACCEPT     tcp  --  lan    dsl     192.168.30.0/24      137.116.224.167      multiport dports 443
    0     0 ACCEPT     tcp  --  lan    dsl     192.168.30.0/24      194.25.134.46        multiport dports 995
   48  3648 ACCEPT     udp  --  intern dsl     192.168.10.0/24      194.25.134.197       multiport dports 123
   13  1469 ACCEPT     udp  --  intern dmz     192.168.10.2         192.168.20.0/24      multiport dports 123,514
    2   146 ACCEPT     udp  --  intern dmz     192.168.10.0/24      192.168.20.0/24      multiport dports 53
  138  9382 ACCEPT     udp  --  dmz    dsl     192.168.20.0/24      217.0.43.33          multiport dports 53
    4   240 ACCEPT     udp  --  dmz    dsl     192.168.20.0/24      217.0.43.49          multiport dports 53
  300 19361 ACCEPT     udp  --  lan    dmz     192.168.30.0/24      192.168.20.20        multiport dports 53
 1200 89668 ACCEPT     udp  --  dmz    dsl     192.168.20.0/24      192.168.178.5        multiport dports 161
  306 30810 ACCEPT     udp  --  dmz    dsl     192.168.20.0/24      192.168.178.6        multiport dports 161
 2164  282K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
  684 52364 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4 prefix "[FORWARD]"

Chain OUTPUT (policy ACCEPT 177 packets, 13875 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 2757  907K ACCEPT     all  --  *      intern  192.168.10.1         192.168.10.2        
   52  1872 ACCEPT     all  --  *      intern  192.168.10.1         224.0.0.1           
   52  1872 ACCEPT     all  --  *      dmz     192.168.20.1         224.0.0.1           
   52  1872 ACCEPT     all  --  *      lan     192.168.30.1         224.0.0.1           
    0     0 ACCEPT     tcp  --  *      lan     192.168.30.1         192.168.30.0/24      multiport sports 34935
  102  6120 ACCEPT     tcp  --  *      lan     192.168.30.1         192.168.30.0/24      multiport dports 80,14013
    0     0 ACCEPT     udp  --  *      intern  192.168.10.1         192.168.10.0/24      multiport sports 1900
  225 70380 ACCEPT     udp  --  *      intern  192.168.10.1         239.255.255.250      multiport dports 1900
27861 7372K ACCEPT     udp  --  *      dmz     192.168.20.1         192.168.20.0/24      multiport dports 53,514
  665  198K ACCEPT     udp  --  *      dmz     192.168.20.1         192.168.20.0/24      multiport sports 1900
  225 70380 ACCEPT     udp  --  *      dmz     192.168.20.1         239.255.255.250      multiport dports 1900
  554  193K ACCEPT     udp  --  *      lan     192.168.30.1         192.168.30.0/24      multiport sports 1900
  225 70380 ACCEPT     udp  --  *      lan     192.168.30.1         239.255.255.250      multiport dports 1900
15628 9791K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
  841 79890 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4 prefix "[OUTPUT]"
Code:
root@rome01:/var/mod/root# iptables -vnL -t nat
Chain PREROUTING (policy ACCEPT 1351 packets, 141K bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
 2315  239K LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4 prefix "[CHAIN_PREROUTING_NAT]"

Chain POSTROUTING (policy ACCEPT 719 packets, 52848 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     icmp --  *      intern  192.168.30.0/24      192.168.10.2        
   42  3528 ACCEPT     icmp --  *      dsl     192.168.20.0/24      192.168.178.5       
   81  4860 ACCEPT     tcp  --  *      lan     192.168.30.1         192.168.30.0/24      multiport dports 80,34367
    0     0 ACCEPT     udp  --  *      intern  192.168.10.1         192.168.10.2         multiport dports 14013
    8   860 ACCEPT     udp  --  *      dmz     192.168.10.2         192.168.20.20        multiport dports 53,123,514
  172 51277 ACCEPT     udp  --  *      dmz     192.168.20.1         192.168.20.0/24      multiport sports 1900
   85 29306 ACCEPT     udp  --  *      lan     192.168.30.1         192.168.30.0/24      multiport sports 1900
  300 19361 ACCEPT     udp  --  *      dmz     192.168.30.0/24      192.168.20.20        multiport dports 53
   48  3648 ACCEPT     udp  --  *      dsl     192.168.10.130       194.25.134.197       multiport dports 123
  203 15237 ACCEPT     udp  --  *      dsl     192.168.20.0/24      192.168.178.5        multiport dports 161
   95  8170 ACCEPT     udp  --  *      dsl     192.168.20.0/24      192.168.178.6        multiport dports 161
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
 1291 98520 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4 prefix "[CHAIN_POSTROUTING_NAT]"

Chain OUTPUT (policy ACCEPT 516 packets, 39109 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   52  1872 ACCEPT     all  --  *      guest   192.168.40.1         224.0.0.1           
   34  2040 ACCEPT     tcp  --  *      lan     192.168.30.1         192.168.30.0/24      multiport dports 80
  172 51277 ACCEPT     udp  --  *      dmz     192.168.20.1         192.168.20.0/24      multiport sports 1900
   85 29306 ACCEPT     udp  --  *      lan     192.168.30.1         192.168.30.0/24      multiport sports 1900
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
  972 72172 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4 prefix "[CHAIN_OUTPUT_NAT]"
Code:
root@rome01:/var/mod/root# iptables -vnL -t mangle
Chain PREROUTING (policy ACCEPT 3133 packets, 653K bytes)
 pkts bytes target     prot opt in     out     source               destination         
23757 3881K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
 9400 2008K LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4 prefix "[CHAIN_PREROUTING_MANGLE]"

Chain INPUT (policy ACCEPT 1952 packets, 568K bytes)
 pkts bytes target     prot opt in     out     source               destination         
21542 3585K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
 6473 1780K LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4 prefix "[CHAIN_INPUT_MANGLE]"

Chain FORWARD (policy ACCEPT 420 packets, 25128 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     icmp --  *      *       162.168.20.0/24      192.168.178.5       
   10  3112 ACCEPT     tcp  --  dmz    lan     192.168.20.0/24      192.168.30.0/24      multiport sports 22
   12  1236 ACCEPT     tcp  --  lan    dmz     192.168.30.0/24      192.168.20.0/24      multiport dports 22
   49  3724 ACCEPT     udp  --  intern dsl     192.168.10.0/24      194.25.134.197       multiport dports 123
   13  1469 ACCEPT     udp  --  intern dmz     192.168.10.2         192.168.20.0/24      multiport dports 514
 1220 91128 ACCEPT     udp  --  dmz    dsl     192.168.20.0/24      192.168.178.5        multiport dports 161
  300 29010 ACCEPT     udp  --  dmz    dsl     192.168.20.0/24      192.168.178.6        multiport dports 161
  235 15383 ACCEPT     udp  --  lan    dmz     192.168.30.0/24      192.168.20.0/24      multiport dports 53
 2204  289K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
  960 71054 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4 prefix "[CHAIN_FORWARD_MANGLE]"

Chain OUTPUT (policy ACCEPT 317 packets, 59181 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   53  1908 ACCEPT     all  --  *      intern  192.168.10.1         224.0.0.1           
   53  1908 ACCEPT     all  --  *      dmz     192.168.20.1         224.0.0.1           
   53  1908 ACCEPT     all  --  *      lan     192.168.30.1         224.0.0.1           
  104  6240 ACCEPT     tcp  --  *      lan     192.168.30.1         192.168.30.0/24      multiport dports 80,14013
   53  1908 ACCEPT     all  --  *      guest   192.168.40.1         224.0.0.1           
28205 7467K ACCEPT     udp  --  *      dmz     192.168.20.1         192.168.20.0/24      multiport dports 514
  677  201K ACCEPT     udp  --  *      dmz     192.168.20.1         192.168.20.0/24      multiport sports 1900
  559  194K ACCEPT     udp  --  *      lan     192.168.30.1         192.168.30.0/24      multiport sports 1900
18143   11M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
 1694  315K LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4 prefix "[CHAIN_OUTPUT_MANGLE]"

Chain POSTROUTING (policy ACCEPT 811 packets, 117K bytes)
 pkts bytes target     prot opt in     out     source               destination         
   43  3612 ACCEPT     icmp --  *      dsl     192.168.20.0/24      192.168.178.5       
   53  1908 ACCEPT     all  --  *      intern  192.168.10.1         224.0.0.1           
   53  1908 ACCEPT     all  --  *      dmz     192.168.20.1         224.0.0.1           
   53  1908 ACCEPT     all  --  *      lan     192.168.30.1         224.0.0.1           
    0     0 ACCEPT     all  --  *      guest   192.168.40.1         224.0.0.1           
   10  3112 ACCEPT     tcp  --  *      lan     192.168.20.0/24      192.168.30.0/24      multiport sports 22
   85  5100 ACCEPT     tcp  --  *      lan     192.168.30.1         192.168.30.0/24      multiport dports 80,14013
   12  1236 ACCEPT     tcp  --  *      dmz     192.168.30.0/24      192.168.20.0/24      multiport dports 22
   49  3724 ACCEPT     udp  --  *      dsl     192.168.10.0/24      194.25.134.197       multiport dports 123
   13  1469 ACCEPT     udp  --  *      dmz     192.168.10.2         192.168.20.0/24      multiport dports 514
  677  201K ACCEPT     udp  --  *      dmz     192.168.20.1         192.168.20.0/24      multiport sports 1900
28205 7467K ACCEPT     udp  --  *      dmz     192.168.20.1         192.168.20.0/24      multiport dports 514
 1220 91128 ACCEPT     udp  --  *      dsl     192.168.20.0/24      192.168.178.5        multiport dports 161
  300 29010 ACCEPT     udp  --  *      dsl     192.168.20.0/24      192.168.178.6        multiport dports 161
  238 15569 ACCEPT     udp  --  *      dmz     192.168.30.0/24      192.168.20.0/24      multiport dports 53
  559  194K ACCEPT     udp  --  *      lan     192.168.30.1         192.168.30.0/24      multiport sports 1900
20319   11M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
 3256  582K LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4 prefix "[CHAIN_POSTROUTING_MANGLE]"

Ich weis kein Rat mehr?

Ich wünsche Dir noch ein schönes Wochenende und Lieben Gruß von Stefan Harbich
 
Leider schreibst Du nicht, ob Du mit oder ohne den AVM_PA (AVM Paket Accelerator) Deine Tests machst. Mit dem eingeschalteten AVM_PA funktioniert es definitiv NICHT. Es ist eine notwendige (aber leider nicht hinreichende) Bedingung, dass Du den AVM_PA abschaltest, damit es funktioniert.

p.s. Nur zur Info - irgendwann mal in relativ naher Zukunft wird iptables für kernel-versionen >= 2.6.28 in Freetz nicht mehr angeboten. Viele der für iptables notwendigen kernel-optionen werde ich abschalten, da unter anderem diese als Ursache für Reboots bei Replace-Kernel vermutet werden.
 
...ich habe überall am Ende eines Regelwerk ... eine gesamt LOG-Target Regel

Wie ich bereits oben schrieb: Diese Regeln werden niemals greifen, sprich: Etwas ins Log eintragen, solange die die Default Policy der jeweiligen Regel auf ACCEPT steht.
Stelle testweise die Policy Deiner FORWARD-Chain auf DROP und Logge so:
Code:
iptables -A FORWARD -j LOG --log-prefix "[FORWARD] "
iptables -A FORWARD -j DROP
Alternativ dazu kannst Du, wie er13 schon riet, den Packet Accelerator abschalten:
Code:
echo disable > /proc/net/avm_pa/control

@ er13:

Das finde ich persönlich nicht so gut, da es doch meiner Meinung nach einige Meldungen gibt, daß mit Kernel 2.6.32.* bspw. das nf_conntrack und nf_nat wieder funktionieren.
Was mache ich dann mit einer 7270v3, mit der das Ganze aktuell läuft ? Bei der Trunk-Revision vor der Abschaltung stehen bleiben und von künftigen Revisions andere Dinge betreffend ausgeschlossen sein ?
Grüße,

JD.
 
Hallo Ihr Lieben,
nachdem ich alle Regeln auf any any accept gesetzt habe sind zwar die komischen Syslog Meldungen weg
Code:
Mar 27 17:42:39 192.168.20.1 kernel: [ 1546.000000] [CHAIN_PREROUTING_MANGLE]IN=lan OUT= MAC=01:00:5e:7f:ff:fa:00:09:b0:90:8c:86:08:00:45:00:01:4c:00:00:40:00:02:11:a8:7c:c0:a8:1e:82:ef:ff:ff:fa:07:6c:07:6c:01:38:36:10:4e:4f:54:49:46:59:20:2a:20:48:54:54 SRC=192.16
Mar 27 17:42:39 192.168.20.1 kernel: [ 1546.000000] [CHAIN_INPUT_MANGLE]IN=lan OUT= MAC=01:00:5e:7f:ff:fa:00:09:b0:90:8c:86:08:00:45:00:01:4c:00:00:40:00:02:11:a8:7c:c0:a8:1e:82:ef:ff:ff:fa:07:6c:07:6c:01:38:36:10:4e:4f:54:49:46:59:20:2a:20:48:54:54 SRC=192.168.30.
Mar 27 17:42:39 192.168.20.1 kernel: [ 1546.020000] [CHAIN_PREROUTING_MANGLE]IN=lan OUT= MAC=01:00:5e:7f:ff:fa:00:09:b0:90:8c:86:08:00:45:00:01:7b:00:00:40:00:02:11:a8:4d:c0:a8:1e:82:ef:ff:ff:fa:07:6c:07:6c:01:67:2f:3f:4e:4f:54:49:46:59:20:2a:20:48:54:54 SRC=192.16
Mar 27 17:42:39 192.168.20.1 kernel: [ 1546.020000] [CHAIN_INPUT_MANGLE]IN=lan OUT= MAC=01:00:5e:7f:ff:fa:00:09:b0:90:8c:86:08:00:45:00:01:7b:00:00:40:00:02:11:a8:4d:c0:a8:1e:82:ef:ff:ff:fa:07:6c:07:6c:01:67:2f:3f:4e:4f:54:49:46:59:20:2a:20:48:54:54 SRC=192.168.30.
Mar 27 17:42:39 192.168.20.1 kernel: [ 1546.040000] [CHAIN_PREROUTING_MANGLE]IN=lan OUT= MAC=01:00:5e:7f:ff:fa:00:09:b0:90:8c:86:08:00:45:00:01:43:00:00:40:00:02:11:a8:85:c0:a8:1e:82:ef:ff:ff:fa:07:6c:07:6c:01:2f:cd:3f:4e:4f:54:49:46:59:20:2a:20:48:54:54 SRC=192.16
Mar 27 17:42:39 192.168.20.1 kernel: [ 1546.040000] [CHAIN_INPUT_MANGLE]IN=lan OUT= MAC=01:00:5e:7f:ff:fa:00:09:b0:90:8c:86:08:00:45:00:01:43:00:00:40:00:02:11:a8:85:c0:a8:1e:82:ef:ff:ff:fa:07:6c:07:6c:01:2f:cd:3f:4e:4f:54:49:46:59:20:2a:20:48:54:54 SRC=192.168.30.
Mar 27 17:42:39 192.168.20.1 kernel: [ 1546.070000] [CHAIN_PREROUTING_MANGLE]IN=lan OUT= MAC=01:00:5e:7f:ff:fa:00:09:b0:90:8c:86:08:00:45:00:01:83:00:00:40:00:02:11:a8:45:c0:a8:1e:82:ef:ff:ff:fa:07:6c:07:6c:01:6f:b0:d7:4e:4f:54:49:46:59:20:2a:20:48:54:54 SRC=192.16
Mar 27 17:42:39 192.168.20.1 kernel: [ 1546.070000] [CHAIN_INPUT_MANGLE]IN=lan OUT= MAC=01:00:5e:7f:ff:fa:00:09:b0:90:8c:86:08:00:45:00:01:83:00:00:40:00:02:11:a8:45:c0:a8:1e:82:ef:ff:ff:fa:07:6c:07:6c:01:6f:b0:d7:4e:4f:54:49:46:59:20:2a:20:48:54:54 SRC=192.168.30.
der Zugriff auf den DNLA-Server funktioniert aber immer noch nicht. Vom FritzFon aus kann ich den DNLA-Server finden. Was komisch ist das ich mich mit der FitzFon App auch nicht mehr mit der Box verbinden kann. Ein komischer Zustand eben. Okay AVM hat den Kernel total verdreht. Da stimmt nichts mehr gemäß GPL. Ich werde die AVM Hardware entsorgen und mir eine Linuxbox als Router zulegen. Telefonanlage werde ich auf Asterix aufbauen.

Lieben Gruß von Stefan Harbich
 
@Stefan: das mit GPL stimmt leider nicht. Den Quellcode (inkl. ihrer Änderungen) hat AVM sehr wohl offen gelegt. Das Problem - sie haben es in der Form "alle Patches angewandt" gemacht, sodass man sowas wie "lass' den AVM_PA.patch mal weg" nicht so einfach machen kann. Theoretisch wäre es aber möglich, die AVM_PA-related Änderungen wieder rauszupatchen (ist aber mit erheblichem Quellcode-Lese-/Vergleichsaufwand verbunden).

@JohnDoe: ich habe es noch nicht zu Ende durchdacht, aber mir schwebt in etwa folgende Lösung im Kopf. Per Default wird eine kernel-config angeboten, die sich minimal bis gar nicht von der AVM kernel-config unterscheidet. Es sollen zusätzliche freetz-menuconfig-Optionen angeboten werden, mit dessen Hilfe man weitere Kernel-Optionen (wie z.B. iptables-related ones) einschalten kann. Derjenige, der diese einschaltet, soll sich dessen bewusst sein, dass diese zu Stabilitätsproblemen führen können, und soll sich mit allen daraus resultierenden Problemen selbst auseinandersetzen. Der Schwerpunkt wird auf die Stabilität gelegt - der aktuelle Zustand "Replace-Kernel gleichbedeutend mit Reboots" ist einfach nicht akzeptabel.

p.s. idealerweise sollte die per Default angebotene kernel-config sich gar nicht von der von AVM unterscheiden. Denn im Falle der Stabilitätsprobleme könnten wir dann AVM nachweisen, dass sie nicht die tatsächlich verwendete kernel-config ihren opensrc-Paketen beilegen, was wir derzeit vermuten, aber eben leider nicht nachweisen können (bzw. nur als Indizienbeweise). Wäre das der Fall, dann läge in der Tat eine GPL-Verletzung seitens AVM vor. Bis dahin ist es leider nur eine Vermutung - es ist nicht auszuschließen, dass wir durchs Einschalten zusätzlicher Kernel-Optionen die Stabilitätsprobleme herbeiführen.
 
Wenn das Protokoll auch nur im Ansatz stimmt, dann paßt aber das "iptables" bzw. die "libpcap" eher nicht zum verwendeten Kernel.

Ich würde das auf "Unkenntnis" der AVM-Änderungen am "sk_buff" zurückführen, da wird ja offensichtlich nicht einmal die MAC-Adresse samt Längenfeld an der richtigen Stelle gefunden ... und das wäre dann in jedem Falle (unabhängig von allen anderen richtigen Bemerkungen zu den iptables-Einschränkungen im Zusammenspiel mit dem PA) ein Handling-Fehler in der verwendeten Firmware (ob beim Build oder beim Update der Box ist natürlich im Moment unklar).
 
Hallo Ihr Lieben,
ich habe die Vermutung das ich den Packet Accelerator mit dem Befehl
Code:
echo disable > /proc/net/avm_pa/control
nicht abschalten kann. Editiere ich die Datei mit
Code:
cat /proc/net/avm_pa/control > /var/tmp/control
so ist die Datei leer. Wenn ich nach avm_pa suche bekommen ich folgende Ergebnisse angezeigt.
Code:
/dev/avm_pa
/dev/.udev/db/misc:avm_pa
/proc/avm_panic_sd
/proc/avm_panic_cr
/proc/driver/avmnet/swi_ar9/avm_pa_ifx_multiplexer
/proc/1/net/avm_pa
/proc/1/net/avm_pa/prioack
/proc/1/net/avm_pa/hashes
/proc/1/net/avm_pa/macaddrs
/proc/1/net/avm_pa/bsessions
/proc/1/net/avm_pa/sessions
/proc/1/net/avm_pa/vpids
/proc/1/net/avm_pa/pids
/proc/1/net/avm_pa/stats
/proc/1/net/avm_pa/status
/proc/1/net/avm_pa/brief
/proc/1/net/avm_pa/control
/proc/2/net/avm_pa
/proc/2/net/avm_pa/prioack
/proc/2/net/avm_pa/hashes
/proc/2/net/avm_pa/macaddrs
/proc/2/net/avm_pa/bsessions
/proc/2/net/avm_pa/sessions
/proc/2/net/avm_pa/vpids
/proc/2/net/avm_pa/pids
/proc/2/net/avm_pa/stats
/proc/2/net/avm_pa/status
/proc/2/net/avm_pa/brief
/proc/2/net/avm_pa/control
/proc/3/net/avm_pa
/proc/3/net/avm_pa/prioack
/proc/3/net/avm_pa/hashes
/proc/3/net/avm_pa/macaddrs
/proc/3/net/avm_pa/bsessions
/proc/3/net/avm_pa/sessions
/proc/3/net/avm_pa/vpids
/proc/3/net/avm_pa/pids
/proc/3/net/avm_pa/stats
/proc/3/net/avm_pa/status
/proc/3/net/avm_pa/brief
/proc/3/net/avm_pa/control
/proc/4/net/avm_pa
/proc/4/net/avm_pa/prioack
/proc/4/net/avm_pa/hashes
/proc/4/net/avm_pa/macaddrs
/proc/4/net/avm_pa/bsessions
/proc/4/net/avm_pa/sessions
/proc/4/net/avm_pa/vpids
/proc/4/net/avm_pa/pids
/proc/4/net/avm_pa/stats
/proc/4/net/avm_pa/status
/proc/4/net/avm_pa/brief
/proc/4/net/avm_pa/control
/proc/5/net/avm_pa
/proc/5/net/avm_pa/prioack
/proc/5/net/avm_pa/hashes
/proc/5/net/avm_pa/macaddrs
/proc/5/net/avm_pa/bsessions
/proc/5/net/avm_pa/sessions
/proc/5/net/avm_pa/vpids
/proc/5/net/avm_pa/pids
/proc/5/net/avm_pa/stats
/proc/5/net/avm_pa/status
/proc/5/net/avm_pa/brief
/proc/5/net/avm_pa/control
/proc/6/net/avm_pa
/proc/6/net/avm_pa/prioack
/proc/6/net/avm_pa/hashes
/proc/6/net/avm_pa/macaddrs
/proc/6/net/avm_pa/bsessions
/proc/6/net/avm_pa/sessions
/proc/6/net/avm_pa/vpids
/proc/6/net/avm_pa/pids
/proc/6/net/avm_pa/stats
/proc/6/net/avm_pa/status
/proc/6/net/avm_pa/brief
/proc/6/net/avm_pa/control
/proc/9/net/avm_pa
/proc/9/net/avm_pa/prioack
/proc/9/net/avm_pa/hashes
/proc/9/net/avm_pa/macaddrs
/proc/9/net/avm_pa/bsessions
/proc/9/net/avm_pa/sessions
/proc/9/net/avm_pa/vpids
/proc/9/net/avm_pa/pids
/proc/9/net/avm_pa/stats
/proc/9/net/avm_pa/status
/proc/9/net/avm_pa/brief
/proc/9/net/avm_pa/control
/proc/23/net/avm_pa
/proc/23/net/avm_pa/prioack
/proc/23/net/avm_pa/hashes
/proc/23/net/avm_pa/macaddrs
/proc/23/net/avm_pa/bsessions
/proc/23/net/avm_pa/sessions
/proc/23/net/avm_pa/vpids
/proc/23/net/avm_pa/pids
/proc/23/net/avm_pa/stats
/proc/23/net/avm_pa/status
/proc/23/net/avm_pa/brief
/proc/23/net/avm_pa/control
/proc/24/net/avm_pa
/proc/24/net/avm_pa/prioack
/proc/24/net/avm_pa/hashes
/proc/24/net/avm_pa/macaddrs
/proc/24/net/avm_pa/bsessions
/proc/24/net/avm_pa/sessions
/proc/24/net/avm_pa/vpids
/proc/24/net/avm_pa/pids
/proc/24/net/avm_pa/stats
/proc/24/net/avm_pa/status
/proc/24/net/avm_pa/brief
/proc/24/net/avm_pa/control
/proc/26/net/avm_pa
/proc/26/net/avm_pa/prioack
/proc/26/net/avm_pa/hashes
/proc/26/net/avm_pa/macaddrs
/proc/26/net/avm_pa/bsessions
/proc/26/net/avm_pa/sessions
/proc/26/net/avm_pa/vpids
/proc/26/net/avm_pa/pids
/proc/26/net/avm_pa/stats
/proc/26/net/avm_pa/status
/proc/26/net/avm_pa/brief
/proc/26/net/avm_pa/control
/proc/37/net/avm_pa
/proc/37/net/avm_pa/prioack
/proc/37/net/avm_pa/hashes
/proc/37/net/avm_pa/macaddrs
/proc/37/net/avm_pa/bsessions
/proc/37/net/avm_pa/sessions
/proc/37/net/avm_pa/vpids
/proc/37/net/avm_pa/pids
/proc/37/net/avm_pa/stats
/proc/37/net/avm_pa/status
/proc/37/net/avm_pa/brief
/proc/37/net/avm_pa/control
/proc/45/net/avm_pa
/proc/45/net/avm_pa/prioack
/proc/45/net/avm_pa/hashes
/proc/45/net/avm_pa/macaddrs
/proc/45/net/avm_pa/bsessions
/proc/45/net/avm_pa/sessions
/proc/45/net/avm_pa/vpids
/proc/45/net/avm_pa/pids
/proc/45/net/avm_pa/stats
/proc/45/net/avm_pa/status
/proc/45/net/avm_pa/brief
/proc/45/net/avm_pa/control
/proc/46/net/avm_pa
/proc/46/net/avm_pa/prioack
/proc/46/net/avm_pa/hashes
/proc/46/net/avm_pa/macaddrs
/proc/46/net/avm_pa/bsessions
/proc/46/net/avm_pa/sessions
/proc/46/net/avm_pa/vpids
/proc/46/net/avm_pa/pids
/proc/46/net/avm_pa/stats
/proc/46/net/avm_pa/status
/proc/46/net/avm_pa/brief
/proc/46/net/avm_pa/control
/proc/47/net/avm_pa
/proc/47/net/avm_pa/prioack
/proc/47/net/avm_pa/hashes
/proc/47/net/avm_pa/macaddrs
/proc/47/net/avm_pa/bsessions
/proc/47/net/avm_pa/sessions
/proc/47/net/avm_pa/vpids
/proc/47/net/avm_pa/pids
/proc/47/net/avm_pa/stats
/proc/47/net/avm_pa/status
/proc/47/net/avm_pa/brief
/proc/47/net/avm_pa/control
/proc/48/net/avm_pa
/proc/48/net/avm_pa/prioack
/proc/48/net/avm_pa/hashes
/proc/48/net/avm_pa/macaddrs
/proc/48/net/avm_pa/bsessions
/proc/48/net/avm_pa/sessions
/proc/48/net/avm_pa/vpids
/proc/48/net/avm_pa/pids
/proc/48/net/avm_pa/stats
/proc/48/net/avm_pa/status
/proc/48/net/avm_pa/brief
/proc/48/net/avm_pa/control
/proc/49/net/avm_pa
/proc/49/net/avm_pa/prioack
/proc/49/net/avm_pa/hashes
/proc/49/net/avm_pa/macaddrs
/proc/49/net/avm_pa/bsessions
/proc/49/net/avm_pa/sessions
/proc/49/net/avm_pa/vpids
/proc/49/net/avm_pa/pids
/proc/49/net/avm_pa/stats
/proc/49/net/avm_pa/status
/proc/49/net/avm_pa/brief
/proc/49/net/avm_pa/control
/proc/58/net/avm_pa
/proc/58/net/avm_pa/prioack
/proc/58/net/avm_pa/hashes
/proc/58/net/avm_pa/macaddrs
/proc/58/net/avm_pa/bsessions
/proc/58/net/avm_pa/sessions
/proc/58/net/avm_pa/vpids
/proc/58/net/avm_pa/pids
/proc/58/net/avm_pa/stats
/proc/58/net/avm_pa/status
/proc/58/net/avm_pa/brief
/proc/58/net/avm_pa/control
/proc/65/net/avm_pa
/proc/65/net/avm_pa/prioack
/proc/65/net/avm_pa/hashes
/proc/65/net/avm_pa/macaddrs
/proc/65/net/avm_pa/bsessions
/proc/65/net/avm_pa/sessions
/proc/65/net/avm_pa/vpids
/proc/65/net/avm_pa/pids
/proc/65/net/avm_pa/stats
/proc/65/net/avm_pa/status
/proc/65/net/avm_pa/brief
/proc/65/net/avm_pa/control
/proc/91/net/avm_pa
/proc/91/net/avm_pa/prioack
/proc/91/net/avm_pa/hashes
/proc/91/net/avm_pa/macaddrs
/proc/91/net/avm_pa/bsessions
/proc/91/net/avm_pa/sessions
/proc/91/net/avm_pa/vpids
/proc/91/net/avm_pa/pids
/proc/91/net/avm_pa/stats
/proc/91/net/avm_pa/status
/proc/91/net/avm_pa/brief
/proc/91/net/avm_pa/control
/proc/109/net/avm_pa
/proc/109/net/avm_pa/prioack
/proc/109/net/avm_pa/hashes
/proc/109/net/avm_pa/macaddrs
/proc/109/net/avm_pa/bsessions
/proc/109/net/avm_pa/sessions
/proc/109/net/avm_pa/vpids
/proc/109/net/avm_pa/pids
/proc/109/net/avm_pa/stats
/proc/109/net/avm_pa/status
/proc/109/net/avm_pa/brief
/proc/109/net/avm_pa/control
/proc/113/net/avm_pa
/proc/113/net/avm_pa/prioack
/proc/113/net/avm_pa/hashes
/proc/113/net/avm_pa/macaddrs
/proc/113/net/avm_pa/bsessions
/proc/113/net/avm_pa/sessions
/proc/113/net/avm_pa/vpids
/proc/113/net/avm_pa/pids
/proc/113/net/avm_pa/stats
/proc/113/net/avm_pa/status
/proc/113/net/avm_pa/brief
/proc/113/net/avm_pa/control
/proc/114/net/avm_pa
/proc/114/net/avm_pa/prioack
/proc/114/net/avm_pa/hashes
/proc/114/net/avm_pa/macaddrs
/proc/114/net/avm_pa/bsessions
/proc/114/net/avm_pa/sessions
/proc/114/net/avm_pa/vpids
/proc/114/net/avm_pa/pids
/proc/114/net/avm_pa/stats
/proc/114/net/avm_pa/status
/proc/114/net/avm_pa/brief
/proc/114/net/avm_pa/control
/proc/117/net/avm_pa
/proc/117/net/avm_pa/prioack
/proc/117/net/avm_pa/hashes
/proc/117/net/avm_pa/macaddrs
/proc/117/net/avm_pa/bsessions
/proc/117/net/avm_pa/sessions
/proc/117/net/avm_pa/vpids
/proc/117/net/avm_pa/pids
/proc/117/net/avm_pa/stats
/proc/117/net/avm_pa/status
/proc/117/net/avm_pa/brief
/proc/117/net/avm_pa/control
/proc/118/net/avm_pa
/proc/118/net/avm_pa/prioack
/proc/118/net/avm_pa/hashes
/proc/118/net/avm_pa/macaddrs
/proc/118/net/avm_pa/bsessions
/proc/118/net/avm_pa/sessions
/proc/118/net/avm_pa/vpids
/proc/118/net/avm_pa/pids
/proc/118/net/avm_pa/stats
/proc/118/net/avm_pa/status
/proc/118/net/avm_pa/brief
/proc/118/net/avm_pa/control
/proc/171/net/avm_pa
/proc/171/net/avm_pa/prioack
/proc/171/net/avm_pa/hashes
/proc/171/net/avm_pa/macaddrs
/proc/171/net/avm_pa/bsessions
/proc/171/net/avm_pa/sessions
/proc/171/net/avm_pa/vpids
/proc/171/net/avm_pa/pids
/proc/171/net/avm_pa/stats
/proc/171/net/avm_pa/status
/proc/171/net/avm_pa/brief
/proc/171/net/avm_pa/control
/proc/288/net/avm_pa
/proc/288/net/avm_pa/prioack
/proc/288/net/avm_pa/hashes
/proc/288/net/avm_pa/macaddrs
/proc/288/net/avm_pa/bsessions
/proc/288/net/avm_pa/sessions
/proc/288/net/avm_pa/vpids
/proc/288/net/avm_pa/pids
/proc/288/net/avm_pa/stats
/proc/288/net/avm_pa/status
/proc/288/net/avm_pa/brief
/proc/288/net/avm_pa/control
/proc/307/net/avm_pa
/proc/307/net/avm_pa/prioack
/proc/307/net/avm_pa/hashes
/proc/307/net/avm_pa/macaddrs
/proc/307/net/avm_pa/bsessions
/proc/307/net/avm_pa/sessions
/proc/307/net/avm_pa/vpids
/proc/307/net/avm_pa/pids
/proc/307/net/avm_pa/stats
/proc/307/net/avm_pa/status
/proc/307/net/avm_pa/brief
/proc/307/net/avm_pa/control
/proc/315/net/avm_pa
/proc/315/net/avm_pa/prioack
/proc/315/net/avm_pa/hashes
/proc/315/net/avm_pa/macaddrs
/proc/315/net/avm_pa/bsessions
/proc/315/net/avm_pa/sessions
/proc/315/net/avm_pa/vpids
/proc/315/net/avm_pa/pids
/proc/315/net/avm_pa/stats
/proc/315/net/avm_pa/status
/proc/315/net/avm_pa/brief
/proc/315/net/avm_pa/control
/proc/316/net/avm_pa
/proc/316/net/avm_pa/prioack
/proc/316/net/avm_pa/hashes
/proc/316/net/avm_pa/macaddrs
/proc/316/net/avm_pa/bsessions
/proc/316/net/avm_pa/sessions
/proc/316/net/avm_pa/vpids
/proc/316/net/avm_pa/pids
/proc/316/net/avm_pa/stats
/proc/316/net/avm_pa/status
/proc/316/net/avm_pa/brief
/proc/316/net/avm_pa/control
/proc/317/net/avm_pa
/proc/317/net/avm_pa/prioack
/proc/317/net/avm_pa/hashes
/proc/317/net/avm_pa/macaddrs
/proc/317/net/avm_pa/bsessions
/proc/317/net/avm_pa/sessions
/proc/317/net/avm_pa/vpids
/proc/317/net/avm_pa/pids
/proc/317/net/avm_pa/stats
/proc/317/net/avm_pa/status
/proc/317/net/avm_pa/brief
/proc/317/net/avm_pa/control
/proc/318/net/avm_pa
/proc/318/net/avm_pa/prioack
/proc/318/net/avm_pa/hashes
/proc/318/net/avm_pa/macaddrs
/proc/318/net/avm_pa/bsessions
/proc/318/net/avm_pa/sessions
/proc/318/net/avm_pa/vpids
/proc/318/net/avm_pa/pids
/proc/318/net/avm_pa/stats
/proc/318/net/avm_pa/status
/proc/318/net/avm_pa/brief
/proc/318/net/avm_pa/control
/proc/322/net/avm_pa
/proc/322/net/avm_pa/prioack
/proc/322/net/avm_pa/hashes
/proc/322/net/avm_pa/macaddrs
/proc/322/net/avm_pa/bsessions
/proc/322/net/avm_pa/sessions
/proc/322/net/avm_pa/vpids
/proc/322/net/avm_pa/pids
/proc/322/net/avm_pa/stats
/proc/322/net/avm_pa/status
/proc/322/net/avm_pa/brief
/proc/322/net/avm_pa/control
/proc/323/net/avm_pa
/proc/323/net/avm_pa/prioack
/proc/323/net/avm_pa/hashes
/proc/323/net/avm_pa/macaddrs
/proc/323/net/avm_pa/bsessions
/proc/323/net/avm_pa/sessions
/proc/323/net/avm_pa/vpids
/proc/323/net/avm_pa/pids
/proc/323/net/avm_pa/stats
/proc/323/net/avm_pa/status
/proc/323/net/avm_pa/brief
/proc/323/net/avm_pa/control
/proc/324/net/avm_pa
/proc/324/net/avm_pa/prioack
/proc/324/net/avm_pa/hashes
/proc/324/net/avm_pa/macaddrs
/proc/324/net/avm_pa/bsessions
/proc/324/net/avm_pa/sessions
/proc/324/net/avm_pa/vpids
/proc/324/net/avm_pa/pids
/proc/324/net/avm_pa/stats
/proc/324/net/avm_pa/status
/proc/324/net/avm_pa/brief
/proc/324/net/avm_pa/control
/proc/547/net/avm_pa
/proc/547/net/avm_pa/prioack
/proc/547/net/avm_pa/hashes
/proc/547/net/avm_pa/macaddrs
/proc/547/net/avm_pa/bsessions
/proc/547/net/avm_pa/sessions
/proc/547/net/avm_pa/vpids
/proc/547/net/avm_pa/pids
/proc/547/net/avm_pa/stats
/proc/547/net/avm_pa/status
/proc/547/net/avm_pa/brief
/proc/547/net/avm_pa/control
/proc/573/net/avm_pa
/proc/573/net/avm_pa/prioack
/proc/573/net/avm_pa/hashes
/proc/573/net/avm_pa/macaddrs
/proc/573/net/avm_pa/bsessions
/proc/573/net/avm_pa/sessions
/proc/573/net/avm_pa/vpids
/proc/573/net/avm_pa/pids
/proc/573/net/avm_pa/stats
/proc/573/net/avm_pa/status
/proc/573/net/avm_pa/brief
/proc/573/net/avm_pa/control
/proc/747/net/avm_pa
/proc/747/net/avm_pa/prioack
/proc/747/net/avm_pa/hashes
/proc/747/net/avm_pa/macaddrs
/proc/747/net/avm_pa/bsessions
/proc/747/net/avm_pa/sessions
/proc/747/net/avm_pa/vpids
/proc/747/net/avm_pa/pids
/proc/747/net/avm_pa/stats
/proc/747/net/avm_pa/status
/proc/747/net/avm_pa/brief
/proc/747/net/avm_pa/control
/proc/748/net/avm_pa
/proc/748/net/avm_pa/prioack
/proc/748/net/avm_pa/hashes
/proc/748/net/avm_pa/macaddrs
/proc/748/net/avm_pa/bsessions
/proc/748/net/avm_pa/sessions
/proc/748/net/avm_pa/vpids
/proc/748/net/avm_pa/pids
/proc/748/net/avm_pa/stats
/proc/748/net/avm_pa/status
/proc/748/net/avm_pa/brief
/proc/748/net/avm_pa/control
/proc/921/net/avm_pa
/proc/921/net/avm_pa/prioack
/proc/921/net/avm_pa/hashes
/proc/921/net/avm_pa/macaddrs
/proc/921/net/avm_pa/bsessions
/proc/921/net/avm_pa/sessions
/proc/921/net/avm_pa/vpids
/proc/921/net/avm_pa/pids
/proc/921/net/avm_pa/stats
/proc/921/net/avm_pa/status
/proc/921/net/avm_pa/brief
/proc/921/net/avm_pa/control
/proc/922/net/avm_pa
/proc/922/net/avm_pa/prioack
/proc/922/net/avm_pa/hashes
/proc/922/net/avm_pa/macaddrs
/proc/922/net/avm_pa/bsessions
/proc/922/net/avm_pa/sessions
/proc/922/net/avm_pa/vpids
/proc/922/net/avm_pa/pids
/proc/922/net/avm_pa/stats
/proc/922/net/avm_pa/status
/proc/922/net/avm_pa/brief
/proc/922/net/avm_pa/control
/proc/1009/net/avm_pa
/proc/1009/net/avm_pa/prioack
/proc/1009/net/avm_pa/hashes
/proc/1009/net/avm_pa/macaddrs
/proc/1009/net/avm_pa/bsessions
/proc/1009/net/avm_pa/sessions
/proc/1009/net/avm_pa/vpids
/proc/1009/net/avm_pa/pids
/proc/1009/net/avm_pa/stats
/proc/1009/net/avm_pa/status
/proc/1009/net/avm_pa/brief
/proc/1009/net/avm_pa/control
/proc/1065/net/avm_pa
/proc/1065/net/avm_pa/prioack
/proc/1065/net/avm_pa/hashes
/proc/1065/net/avm_pa/macaddrs
/proc/1065/net/avm_pa/bsessions
/proc/1065/net/avm_pa/sessions
/proc/1065/net/avm_pa/vpids
/proc/1065/net/avm_pa/pids
/proc/1065/net/avm_pa/stats
/proc/1065/net/avm_pa/status
/proc/1065/net/avm_pa/brief
/proc/1065/net/avm_pa/control
/proc/1071/net/avm_pa
/proc/1071/net/avm_pa/prioack
/proc/1071/net/avm_pa/hashes
/proc/1071/net/avm_pa/macaddrs
/proc/1071/net/avm_pa/bsessions
/proc/1071/net/avm_pa/sessions
/proc/1071/net/avm_pa/vpids
/proc/1071/net/avm_pa/pids
/proc/1071/net/avm_pa/stats
/proc/1071/net/avm_pa/status
/proc/1071/net/avm_pa/brief
/proc/1071/net/avm_pa/control
/proc/1080/net/avm_pa
/proc/1080/net/avm_pa/prioack
/proc/1080/net/avm_pa/hashes
/proc/1080/net/avm_pa/macaddrs
/proc/1080/net/avm_pa/bsessions
/proc/1080/net/avm_pa/sessions
/proc/1080/net/avm_pa/vpids
/proc/1080/net/avm_pa/pids
/proc/1080/net/avm_pa/stats
/proc/1080/net/avm_pa/status
/proc/1080/net/avm_pa/brief
/proc/1080/net/avm_pa/control
/proc/1081/net/avm_pa
/proc/1081/net/avm_pa/prioack
/proc/1081/net/avm_pa/hashes
/proc/1081/net/avm_pa/macaddrs
/proc/1081/net/avm_pa/bsessions
/proc/1081/net/avm_pa/sessions
/proc/1081/net/avm_pa/vpids
/proc/1081/net/avm_pa/pids
/proc/1081/net/avm_pa/stats
/proc/1081/net/avm_pa/status
/proc/1081/net/avm_pa/brief
/proc/1081/net/avm_pa/control
/proc/1082/net/avm_pa
/proc/1082/net/avm_pa/prioack
/proc/1082/net/avm_pa/hashes
/proc/1082/net/avm_pa/macaddrs
/proc/1082/net/avm_pa/bsessions
/proc/1082/net/avm_pa/sessions
/proc/1082/net/avm_pa/vpids
/proc/1082/net/avm_pa/pids
/proc/1082/net/avm_pa/stats
/proc/1082/net/avm_pa/status
/proc/1082/net/avm_pa/brief
/proc/1082/net/avm_pa/control
/proc/1087/net/avm_pa
/proc/1087/net/avm_pa/prioack
/proc/1087/net/avm_pa/hashes
/proc/1087/net/avm_pa/macaddrs
/proc/1087/net/avm_pa/bsessions
/proc/1087/net/avm_pa/sessions
/proc/1087/net/avm_pa/vpids
/proc/1087/net/avm_pa/pids
/proc/1087/net/avm_pa/stats
/proc/1087/net/avm_pa/status
/proc/1087/net/avm_pa/brief
/proc/1087/net/avm_pa/control
/proc/1104/net/avm_pa
/proc/1104/net/avm_pa/prioack
/proc/1104/net/avm_pa/hashes
/proc/1104/net/avm_pa/macaddrs
/proc/1104/net/avm_pa/bsessions
/proc/1104/net/avm_pa/sessions
/proc/1104/net/avm_pa/vpids
/proc/1104/net/avm_pa/pids
/proc/1104/net/avm_pa/stats
/proc/1104/net/avm_pa/status
/proc/1104/net/avm_pa/brief
/proc/1104/net/avm_pa/control
/proc/1105/net/avm_pa
/proc/1105/net/avm_pa/prioack
/proc/1105/net/avm_pa/hashes
/proc/1105/net/avm_pa/macaddrs
/proc/1105/net/avm_pa/bsessions
/proc/1105/net/avm_pa/sessions
/proc/1105/net/avm_pa/vpids
/proc/1105/net/avm_pa/pids
/proc/1105/net/avm_pa/stats
/proc/1105/net/avm_pa/status
/proc/1105/net/avm_pa/brief
/proc/1105/net/avm_pa/control
/proc/1106/net/avm_pa
/proc/1106/net/avm_pa/prioack
/proc/1106/net/avm_pa/hashes
/proc/1106/net/avm_pa/macaddrs
/proc/1106/net/avm_pa/bsessions
/proc/1106/net/avm_pa/sessions
/proc/1106/net/avm_pa/vpids
/proc/1106/net/avm_pa/pids
/proc/1106/net/avm_pa/stats
/proc/1106/net/avm_pa/status
/proc/1106/net/avm_pa/brief
/proc/1106/net/avm_pa/control
/proc/1107/net/avm_pa
/proc/1107/net/avm_pa/prioack
/proc/1107/net/avm_pa/hashes
/proc/1107/net/avm_pa/macaddrs
/proc/1107/net/avm_pa/bsessions
/proc/1107/net/avm_pa/sessions
/proc/1107/net/avm_pa/vpids
/proc/1107/net/avm_pa/pids
/proc/1107/net/avm_pa/stats
/proc/1107/net/avm_pa/status
/proc/1107/net/avm_pa/brief
/proc/1107/net/avm_pa/control
/proc/1108/net/avm_pa
/proc/1108/net/avm_pa/prioack
/proc/1108/net/avm_pa/hashes
/proc/1108/net/avm_pa/macaddrs
/proc/1108/net/avm_pa/bsessions
/proc/1108/net/avm_pa/sessions
/proc/1108/net/avm_pa/vpids
/proc/1108/net/avm_pa/pids
/proc/1108/net/avm_pa/stats
/proc/1108/net/avm_pa/status
/proc/1108/net/avm_pa/brief
/proc/1108/net/avm_pa/control
/proc/1160/net/avm_pa
/proc/1160/net/avm_pa/prioack
/proc/1160/net/avm_pa/hashes
/proc/1160/net/avm_pa/macaddrs
/proc/1160/net/avm_pa/bsessions
/proc/1160/net/avm_pa/sessions
/proc/1160/net/avm_pa/vpids
/proc/1160/net/avm_pa/pids
/proc/1160/net/avm_pa/stats
/proc/1160/net/avm_pa/status
/proc/1160/net/avm_pa/brief
/proc/1160/net/avm_pa/control
/proc/1288/net/avm_pa
/proc/1288/net/avm_pa/prioack
/proc/1288/net/avm_pa/hashes
/proc/1288/net/avm_pa/macaddrs
/proc/1288/net/avm_pa/bsessions
/proc/1288/net/avm_pa/sessions
/proc/1288/net/avm_pa/vpids
/proc/1288/net/avm_pa/pids
/proc/1288/net/avm_pa/stats
/proc/1288/net/avm_pa/status
/proc/1288/net/avm_pa/brief
/proc/1288/net/avm_pa/control
/proc/1292/net/avm_pa
/proc/1292/net/avm_pa/prioack
/proc/1292/net/avm_pa/hashes
/proc/1292/net/avm_pa/macaddrs
/proc/1292/net/avm_pa/bsessions
/proc/1292/net/avm_pa/sessions
/proc/1292/net/avm_pa/vpids
/proc/1292/net/avm_pa/pids
/proc/1292/net/avm_pa/stats
/proc/1292/net/avm_pa/status
/proc/1292/net/avm_pa/brief
/proc/1292/net/avm_pa/control
/proc/1296/net/avm_pa
/proc/1296/net/avm_pa/prioack
/proc/1296/net/avm_pa/hashes
/proc/1296/net/avm_pa/macaddrs
/proc/1296/net/avm_pa/bsessions
/proc/1296/net/avm_pa/sessions
/proc/1296/net/avm_pa/vpids
/proc/1296/net/avm_pa/pids
/proc/1296/net/avm_pa/stats
/proc/1296/net/avm_pa/status
/proc/1296/net/avm_pa/brief
/proc/1296/net/avm_pa/control
/proc/1300/net/avm_pa
/proc/1300/net/avm_pa/prioack
/proc/1300/net/avm_pa/hashes
/proc/1300/net/avm_pa/macaddrs
/proc/1300/net/avm_pa/bsessions
/proc/1300/net/avm_pa/sessions
/proc/1300/net/avm_pa/vpids
/proc/1300/net/avm_pa/pids
/proc/1300/net/avm_pa/stats
/proc/1300/net/avm_pa/status
/proc/1300/net/avm_pa/brief
/proc/1300/net/avm_pa/control
/proc/1301/net/avm_pa
/proc/1301/net/avm_pa/prioack
/proc/1301/net/avm_pa/hashes
/proc/1301/net/avm_pa/macaddrs
/proc/1301/net/avm_pa/bsessions
/proc/1301/net/avm_pa/sessions
/proc/1301/net/avm_pa/vpids
/proc/1301/net/avm_pa/pids
/proc/1301/net/avm_pa/stats
/proc/1301/net/avm_pa/status
/proc/1301/net/avm_pa/brief
/proc/1301/net/avm_pa/control
/proc/1302/net/avm_pa
/proc/1302/net/avm_pa/prioack
/proc/1302/net/avm_pa/hashes
/proc/1302/net/avm_pa/macaddrs
/proc/1302/net/avm_pa/bsessions
/proc/1302/net/avm_pa/sessions
/proc/1302/net/avm_pa/vpids
/proc/1302/net/avm_pa/pids
/proc/1302/net/avm_pa/stats
/proc/1302/net/avm_pa/status
/proc/1302/net/avm_pa/brief
/proc/1302/net/avm_pa/control
/proc/1303/net/avm_pa
/proc/1303/net/avm_pa/prioack
/proc/1303/net/avm_pa/hashes
/proc/1303/net/avm_pa/macaddrs
/proc/1303/net/avm_pa/bsessions
/proc/1303/net/avm_pa/sessions
/proc/1303/net/avm_pa/vpids
/proc/1303/net/avm_pa/pids
/proc/1303/net/avm_pa/stats
/proc/1303/net/avm_pa/status
/proc/1303/net/avm_pa/brief
/proc/1303/net/avm_pa/control
/proc/1306/net/avm_pa
/proc/1306/net/avm_pa/prioack
/proc/1306/net/avm_pa/hashes
/proc/1306/net/avm_pa/macaddrs
/proc/1306/net/avm_pa/bsessions
/proc/1306/net/avm_pa/sessions
/proc/1306/net/avm_pa/vpids
/proc/1306/net/avm_pa/pids
/proc/1306/net/avm_pa/stats
/proc/1306/net/avm_pa/status
/proc/1306/net/avm_pa/brief
/proc/1306/net/avm_pa/control
/proc/1310/net/avm_pa
/proc/1310/net/avm_pa/prioack
/proc/1310/net/avm_pa/hashes
/proc/1310/net/avm_pa/macaddrs
/proc/1310/net/avm_pa/bsessions
/proc/1310/net/avm_pa/sessions
/proc/1310/net/avm_pa/vpids
/proc/1310/net/avm_pa/pids
/proc/1310/net/avm_pa/stats
/proc/1310/net/avm_pa/status
/proc/1310/net/avm_pa/brief
/proc/1310/net/avm_pa/control
/proc/1346/net/avm_pa
/proc/1346/net/avm_pa/prioack
/proc/1346/net/avm_pa/hashes
/proc/1346/net/avm_pa/macaddrs
/proc/1346/net/avm_pa/bsessions
/proc/1346/net/avm_pa/sessions
/proc/1346/net/avm_pa/vpids
/proc/1346/net/avm_pa/pids
/proc/1346/net/avm_pa/stats
/proc/1346/net/avm_pa/status
/proc/1346/net/avm_pa/brief
/proc/1346/net/avm_pa/control
/proc/1366/net/avm_pa
/proc/1366/net/avm_pa/prioack
/proc/1366/net/avm_pa/hashes
/proc/1366/net/avm_pa/macaddrs
/proc/1366/net/avm_pa/bsessions
/proc/1366/net/avm_pa/sessions
/proc/1366/net/avm_pa/vpids
/proc/1366/net/avm_pa/pids
/proc/1366/net/avm_pa/stats
/proc/1366/net/avm_pa/status
/proc/1366/net/avm_pa/brief
/proc/1366/net/avm_pa/control
/proc/1369/net/avm_pa
/proc/1369/net/avm_pa/prioack
/proc/1369/net/avm_pa/hashes
/proc/1369/net/avm_pa/macaddrs
/proc/1369/net/avm_pa/bsessions
/proc/1369/net/avm_pa/sessions
/proc/1369/net/avm_pa/vpids
/proc/1369/net/avm_pa/pids
/proc/1369/net/avm_pa/stats
/proc/1369/net/avm_pa/status
/proc/1369/net/avm_pa/brief
/proc/1369/net/avm_pa/control
/proc/1372/net/avm_pa
/proc/1372/net/avm_pa/prioack
/proc/1372/net/avm_pa/hashes
/proc/1372/net/avm_pa/macaddrs
/proc/1372/net/avm_pa/bsessions
/proc/1372/net/avm_pa/sessions
/proc/1372/net/avm_pa/vpids
/proc/1372/net/avm_pa/pids
/proc/1372/net/avm_pa/stats
/proc/1372/net/avm_pa/status
/proc/1372/net/avm_pa/brief
/proc/1372/net/avm_pa/control
/proc/1383/net/avm_pa
/proc/1383/net/avm_pa/prioack
/proc/1383/net/avm_pa/hashes
/proc/1383/net/avm_pa/macaddrs
/proc/1383/net/avm_pa/bsessions
/proc/1383/net/avm_pa/sessions
/proc/1383/net/avm_pa/vpids
/proc/1383/net/avm_pa/pids
/proc/1383/net/avm_pa/stats
/proc/1383/net/avm_pa/status
/proc/1383/net/avm_pa/brief
/proc/1383/net/avm_pa/control
/proc/1401/net/avm_pa
/proc/1401/net/avm_pa/prioack
/proc/1401/net/avm_pa/hashes
/proc/1401/net/avm_pa/macaddrs
/proc/1401/net/avm_pa/bsessions
/proc/1401/net/avm_pa/sessions
/proc/1401/net/avm_pa/vpids
/proc/1401/net/avm_pa/pids
/proc/1401/net/avm_pa/stats
/proc/1401/net/avm_pa/status
/proc/1401/net/avm_pa/brief
/proc/1401/net/avm_pa/control
/proc/1410/net/avm_pa
/proc/1410/net/avm_pa/prioack
/proc/1410/net/avm_pa/hashes
/proc/1410/net/avm_pa/macaddrs
/proc/1410/net/avm_pa/bsessions
/proc/1410/net/avm_pa/sessions
/proc/1410/net/avm_pa/vpids
/proc/1410/net/avm_pa/pids
/proc/1410/net/avm_pa/stats
/proc/1410/net/avm_pa/status
/proc/1410/net/avm_pa/brief
/proc/1410/net/avm_pa/control
/proc/1411/net/avm_pa
/proc/1411/net/avm_pa/prioack
/proc/1411/net/avm_pa/hashes
/proc/1411/net/avm_pa/macaddrs
/proc/1411/net/avm_pa/bsessions
/proc/1411/net/avm_pa/sessions
/proc/1411/net/avm_pa/vpids
/proc/1411/net/avm_pa/pids
/proc/1411/net/avm_pa/stats
/proc/1411/net/avm_pa/status
/proc/1411/net/avm_pa/brief
/proc/1411/net/avm_pa/control
/proc/1412/net/avm_pa
/proc/1412/net/avm_pa/prioack
/proc/1412/net/avm_pa/hashes
/proc/1412/net/avm_pa/macaddrs
/proc/1412/net/avm_pa/bsessions
/proc/1412/net/avm_pa/sessions
/proc/1412/net/avm_pa/vpids
/proc/1412/net/avm_pa/pids
/proc/1412/net/avm_pa/stats
/proc/1412/net/avm_pa/status
/proc/1412/net/avm_pa/brief
/proc/1412/net/avm_pa/control
/proc/1415/net/avm_pa
/proc/1415/net/avm_pa/prioack
/proc/1415/net/avm_pa/hashes
/proc/1415/net/avm_pa/macaddrs
/proc/1415/net/avm_pa/bsessions
/proc/1415/net/avm_pa/sessions
/proc/1415/net/avm_pa/vpids
/proc/1415/net/avm_pa/pids
/proc/1415/net/avm_pa/stats
/proc/1415/net/avm_pa/status
/proc/1415/net/avm_pa/brief
/proc/1415/net/avm_pa/control
/proc/1417/net/avm_pa
/proc/1417/net/avm_pa/prioack
/proc/1417/net/avm_pa/hashes
/proc/1417/net/avm_pa/macaddrs
/proc/1417/net/avm_pa/bsessions
/proc/1417/net/avm_pa/sessions
/proc/1417/net/avm_pa/vpids
/proc/1417/net/avm_pa/pids
/proc/1417/net/avm_pa/stats
/proc/1417/net/avm_pa/status
/proc/1417/net/avm_pa/brief
/proc/1417/net/avm_pa/control
/proc/1419/net/avm_pa
/proc/1419/net/avm_pa/prioack
/proc/1419/net/avm_pa/hashes
/proc/1419/net/avm_pa/macaddrs
/proc/1419/net/avm_pa/bsessions
/proc/1419/net/avm_pa/sessions
/proc/1419/net/avm_pa/vpids
/proc/1419/net/avm_pa/pids
/proc/1419/net/avm_pa/stats
/proc/1419/net/avm_pa/status
/proc/1419/net/avm_pa/brief
/proc/1419/net/avm_pa/control
/proc/1420/net/avm_pa
/proc/1420/net/avm_pa/prioack
/proc/1420/net/avm_pa/hashes
/proc/1420/net/avm_pa/macaddrs
/proc/1420/net/avm_pa/bsessions
/proc/1420/net/avm_pa/sessions
/proc/1420/net/avm_pa/vpids
/proc/1420/net/avm_pa/pids
/proc/1420/net/avm_pa/stats
/proc/1420/net/avm_pa/status
/proc/1420/net/avm_pa/brief
/proc/1420/net/avm_pa/control
/proc/1431/net/avm_pa
/proc/1431/net/avm_pa/prioack
/proc/1431/net/avm_pa/hashes
/proc/1431/net/avm_pa/macaddrs
/proc/1431/net/avm_pa/bsessions
/proc/1431/net/avm_pa/sessions
/proc/1431/net/avm_pa/vpids
/proc/1431/net/avm_pa/pids
/proc/1431/net/avm_pa/stats
/proc/1431/net/avm_pa/status
/proc/1431/net/avm_pa/brief
/proc/1431/net/avm_pa/control
/proc/1434/net/avm_pa
/proc/1434/net/avm_pa/prioack
/proc/1434/net/avm_pa/hashes
/proc/1434/net/avm_pa/macaddrs
/proc/1434/net/avm_pa/bsessions
/proc/1434/net/avm_pa/sessions
/proc/1434/net/avm_pa/vpids
/proc/1434/net/avm_pa/pids
/proc/1434/net/avm_pa/stats
/proc/1434/net/avm_pa/status
/proc/1434/net/avm_pa/brief
/proc/1434/net/avm_pa/control
/proc/1435/net/avm_pa
/proc/1435/net/avm_pa/prioack
/proc/1435/net/avm_pa/hashes
/proc/1435/net/avm_pa/macaddrs
/proc/1435/net/avm_pa/bsessions
/proc/1435/net/avm_pa/sessions
/proc/1435/net/avm_pa/vpids
/proc/1435/net/avm_pa/pids
/proc/1435/net/avm_pa/stats
/proc/1435/net/avm_pa/status
/proc/1435/net/avm_pa/brief
/proc/1435/net/avm_pa/control
/proc/1438/net/avm_pa
/proc/1438/net/avm_pa/prioack
/proc/1438/net/avm_pa/hashes
/proc/1438/net/avm_pa/macaddrs
/proc/1438/net/avm_pa/bsessions
/proc/1438/net/avm_pa/sessions
/proc/1438/net/avm_pa/vpids
/proc/1438/net/avm_pa/pids
/proc/1438/net/avm_pa/stats
/proc/1438/net/avm_pa/status
/proc/1438/net/avm_pa/brief
/proc/1438/net/avm_pa/control
/proc/1443/net/avm_pa
/proc/1443/net/avm_pa/prioack
/proc/1443/net/avm_pa/hashes
/proc/1443/net/avm_pa/macaddrs
/proc/1443/net/avm_pa/bsessions
/proc/1443/net/avm_pa/sessions
/proc/1443/net/avm_pa/vpids
/proc/1443/net/avm_pa/pids
/proc/1443/net/avm_pa/stats
/proc/1443/net/avm_pa/status
/proc/1443/net/avm_pa/brief
/proc/1443/net/avm_pa/control
/proc/1501/net/avm_pa
/proc/1501/net/avm_pa/prioack
/proc/1501/net/avm_pa/hashes
/proc/1501/net/avm_pa/macaddrs
/proc/1501/net/avm_pa/bsessions
/proc/1501/net/avm_pa/sessions
/proc/1501/net/avm_pa/vpids
/proc/1501/net/avm_pa/pids
/proc/1501/net/avm_pa/stats
/proc/1501/net/avm_pa/status
/proc/1501/net/avm_pa/brief
/proc/1501/net/avm_pa/control
/proc/1506/net/avm_pa
/proc/1506/net/avm_pa/prioack
/proc/1506/net/avm_pa/hashes
/proc/1506/net/avm_pa/macaddrs
/proc/1506/net/avm_pa/bsessions
/proc/1506/net/avm_pa/sessions
/proc/1506/net/avm_pa/vpids
/proc/1506/net/avm_pa/pids
/proc/1506/net/avm_pa/stats
/proc/1506/net/avm_pa/status
/proc/1506/net/avm_pa/brief
/proc/1506/net/avm_pa/control
/proc/1513/net/avm_pa
/proc/1513/net/avm_pa/prioack
/proc/1513/net/avm_pa/hashes
/proc/1513/net/avm_pa/macaddrs
/proc/1513/net/avm_pa/bsessions
/proc/1513/net/avm_pa/sessions
/proc/1513/net/avm_pa/vpids
/proc/1513/net/avm_pa/pids
/proc/1513/net/avm_pa/stats
/proc/1513/net/avm_pa/status
/proc/1513/net/avm_pa/brief
/proc/1513/net/avm_pa/control
/proc/1520/net/avm_pa
/proc/1520/net/avm_pa/prioack
/proc/1520/net/avm_pa/hashes
/proc/1520/net/avm_pa/macaddrs
/proc/1520/net/avm_pa/bsessions
/proc/1520/net/avm_pa/sessions
/proc/1520/net/avm_pa/vpids
/proc/1520/net/avm_pa/pids
/proc/1520/net/avm_pa/stats
/proc/1520/net/avm_pa/status
/proc/1520/net/avm_pa/brief
/proc/1520/net/avm_pa/control
/proc/1536/net/avm_pa
/proc/1536/net/avm_pa/prioack
/proc/1536/net/avm_pa/hashes
/proc/1536/net/avm_pa/macaddrs
/proc/1536/net/avm_pa/bsessions
/proc/1536/net/avm_pa/sessions
/proc/1536/net/avm_pa/vpids
/proc/1536/net/avm_pa/pids
/proc/1536/net/avm_pa/stats
/proc/1536/net/avm_pa/status
/proc/1536/net/avm_pa/brief
/proc/1536/net/avm_pa/control
/proc/1562/net/avm_pa
/proc/1562/net/avm_pa/prioack
/proc/1562/net/avm_pa/hashes
/proc/1562/net/avm_pa/macaddrs
/proc/1562/net/avm_pa/bsessions
/proc/1562/net/avm_pa/sessions
/proc/1562/net/avm_pa/vpids
/proc/1562/net/avm_pa/pids
/proc/1562/net/avm_pa/stats
/proc/1562/net/avm_pa/status
/proc/1562/net/avm_pa/brief
/proc/1562/net/avm_pa/control
/proc/1563/net/avm_pa
/proc/1563/net/avm_pa/prioack
/proc/1563/net/avm_pa/hashes
/proc/1563/net/avm_pa/macaddrs
/proc/1563/net/avm_pa/bsessions
/proc/1563/net/avm_pa/sessions
/proc/1563/net/avm_pa/vpids
/proc/1563/net/avm_pa/pids
/proc/1563/net/avm_pa/stats
/proc/1563/net/avm_pa/status
/proc/1563/net/avm_pa/brief
/proc/1563/net/avm_pa/control
/proc/1725/net/avm_pa
/proc/1725/net/avm_pa/prioack
/proc/1725/net/avm_pa/hashes
/proc/1725/net/avm_pa/macaddrs
/proc/1725/net/avm_pa/bsessions
/proc/1725/net/avm_pa/sessions
/proc/1725/net/avm_pa/vpids
/proc/1725/net/avm_pa/pids
/proc/1725/net/avm_pa/stats
/proc/1725/net/avm_pa/status
/proc/1725/net/avm_pa/brief
/proc/1725/net/avm_pa/control
/proc/1963/net/avm_pa
/proc/1963/net/avm_pa/prioack
/proc/1963/net/avm_pa/hashes
/proc/1963/net/avm_pa/macaddrs
/proc/1963/net/avm_pa/bsessions
/proc/1963/net/avm_pa/sessions
/proc/1963/net/avm_pa/vpids
/proc/1963/net/avm_pa/pids
/proc/1963/net/avm_pa/stats
/proc/1963/net/avm_pa/status
/proc/1963/net/avm_pa/brief
/proc/1963/net/avm_pa/control
/proc/1964/net/avm_pa
/proc/1964/net/avm_pa/prioack
/proc/1964/net/avm_pa/hashes
/proc/1964/net/avm_pa/macaddrs
/proc/1964/net/avm_pa/bsessions
/proc/1964/net/avm_pa/sessions
/proc/1964/net/avm_pa/vpids
/proc/1964/net/avm_pa/pids
/proc/1964/net/avm_pa/stats
/proc/1964/net/avm_pa/status
/proc/1964/net/avm_pa/brief
/proc/1964/net/avm_pa/control
/proc/1965/net/avm_pa
/proc/1965/net/avm_pa/prioack
/proc/1965/net/avm_pa/hashes
/proc/1965/net/avm_pa/macaddrs
/proc/1965/net/avm_pa/bsessions
/proc/1965/net/avm_pa/sessions
/proc/1965/net/avm_pa/vpids
/proc/1965/net/avm_pa/pids
/proc/1965/net/avm_pa/stats
/proc/1965/net/avm_pa/status
/proc/1965/net/avm_pa/brief
/proc/1965/net/avm_pa/control
/proc/2023/net/avm_pa
/proc/2023/net/avm_pa/prioack
/proc/2023/net/avm_pa/hashes
/proc/2023/net/avm_pa/macaddrs
/proc/2023/net/avm_pa/bsessions
/proc/2023/net/avm_pa/sessions
/proc/2023/net/avm_pa/vpids
/proc/2023/net/avm_pa/pids
/proc/2023/net/avm_pa/stats
/proc/2023/net/avm_pa/status
/proc/2023/net/avm_pa/brief
/proc/2023/net/avm_pa/control
/proc/2078/net/avm_pa
/proc/2078/net/avm_pa/prioack
/proc/2078/net/avm_pa/hashes
/proc/2078/net/avm_pa/macaddrs
/proc/2078/net/avm_pa/bsessions
/proc/2078/net/avm_pa/sessions
/proc/2078/net/avm_pa/vpids
/proc/2078/net/avm_pa/pids
/proc/2078/net/avm_pa/stats
/proc/2078/net/avm_pa/status
/proc/2078/net/avm_pa/brief
/proc/2078/net/avm_pa/control
/proc/2283/net/avm_pa
/proc/2283/net/avm_pa/prioack
/proc/2283/net/avm_pa/hashes
/proc/2283/net/avm_pa/macaddrs
/proc/2283/net/avm_pa/bsessions
/proc/2283/net/avm_pa/sessions
/proc/2283/net/avm_pa/vpids
/proc/2283/net/avm_pa/pids
/proc/2283/net/avm_pa/stats
/proc/2283/net/avm_pa/status
/proc/2283/net/avm_pa/brief
/proc/2283/net/avm_pa/control
/proc/2630/net/avm_pa
/proc/2630/net/avm_pa/prioack
/proc/2630/net/avm_pa/hashes
/proc/2630/net/avm_pa/macaddrs
/proc/2630/net/avm_pa/bsessions
/proc/2630/net/avm_pa/sessions
/proc/2630/net/avm_pa/vpids
/proc/2630/net/avm_pa/pids
/proc/2630/net/avm_pa/stats
/proc/2630/net/avm_pa/status
/proc/2630/net/avm_pa/brief
/proc/2630/net/avm_pa/control
/proc/2636/net/avm_pa
/proc/2636/net/avm_pa/prioack
/proc/2636/net/avm_pa/hashes
/proc/2636/net/avm_pa/macaddrs
/proc/2636/net/avm_pa/bsessions
/proc/2636/net/avm_pa/sessions
/proc/2636/net/avm_pa/vpids
/proc/2636/net/avm_pa/pids
/proc/2636/net/avm_pa/stats
/proc/2636/net/avm_pa/status
/proc/2636/net/avm_pa/brief
/proc/2636/net/avm_pa/control
/proc/2655/net/avm_pa
/proc/2655/net/avm_pa/prioack
/proc/2655/net/avm_pa/hashes
/proc/2655/net/avm_pa/macaddrs
/proc/2655/net/avm_pa/bsessions
/proc/2655/net/avm_pa/sessions
/proc/2655/net/avm_pa/vpids
/proc/2655/net/avm_pa/pids
/proc/2655/net/avm_pa/stats
/proc/2655/net/avm_pa/status
/proc/2655/net/avm_pa/brief
/proc/2655/net/avm_pa/control
/proc/2660/net/avm_pa
/proc/2660/net/avm_pa/prioack
/proc/2660/net/avm_pa/hashes
/proc/2660/net/avm_pa/macaddrs
/proc/2660/net/avm_pa/bsessions
/proc/2660/net/avm_pa/sessions
/proc/2660/net/avm_pa/vpids
/proc/2660/net/avm_pa/pids
/proc/2660/net/avm_pa/stats
/proc/2660/net/avm_pa/status
/proc/2660/net/avm_pa/brief
/proc/2660/net/avm_pa/control
/proc/2663/net/avm_pa
/proc/2663/net/avm_pa/prioack
/proc/2663/net/avm_pa/hashes
/proc/2663/net/avm_pa/macaddrs
/proc/2663/net/avm_pa/bsessions
/proc/2663/net/avm_pa/sessions
/proc/2663/net/avm_pa/vpids
/proc/2663/net/avm_pa/pids
/proc/2663/net/avm_pa/stats
/proc/2663/net/avm_pa/status
/proc/2663/net/avm_pa/brief
/proc/2663/net/avm_pa/control
/proc/2665/net/avm_pa
/proc/2665/net/avm_pa/prioack
/proc/2665/net/avm_pa/hashes
/proc/2665/net/avm_pa/macaddrs
/proc/2665/net/avm_pa/bsessions
/proc/2665/net/avm_pa/sessions
/proc/2665/net/avm_pa/vpids
/proc/2665/net/avm_pa/pids
/proc/2665/net/avm_pa/stats
/proc/2665/net/avm_pa/status
/proc/2665/net/avm_pa/brief
/proc/2665/net/avm_pa/control
/proc/2682/net/avm_pa
/proc/2682/net/avm_pa/prioack
/proc/2682/net/avm_pa/hashes
/proc/2682/net/avm_pa/macaddrs
/proc/2682/net/avm_pa/bsessions
/proc/2682/net/avm_pa/sessions
/proc/2682/net/avm_pa/vpids
/proc/2682/net/avm_pa/pids
/proc/2682/net/avm_pa/stats
/proc/2682/net/avm_pa/status
/proc/2682/net/avm_pa/brief
/proc/2682/net/avm_pa/control
/proc/4658/net/avm_pa
/proc/4658/net/avm_pa/prioack
/proc/4658/net/avm_pa/hashes
/proc/4658/net/avm_pa/macaddrs
/proc/4658/net/avm_pa/bsessions
/proc/4658/net/avm_pa/sessions
/proc/4658/net/avm_pa/vpids
/proc/4658/net/avm_pa/pids
/proc/4658/net/avm_pa/stats
/proc/4658/net/avm_pa/status
/proc/4658/net/avm_pa/brief
/proc/4658/net/avm_pa/control
/proc/21429/net/avm_pa
/proc/21429/net/avm_pa/prioack
/proc/21429/net/avm_pa/hashes
/proc/21429/net/avm_pa/macaddrs
/proc/21429/net/avm_pa/bsessions
/proc/21429/net/avm_pa/sessions
/proc/21429/net/avm_pa/vpids
/proc/21429/net/avm_pa/pids
/proc/21429/net/avm_pa/stats
/proc/21429/net/avm_pa/status
/proc/21429/net/avm_pa/brief
/proc/21429/net/avm_pa/control
/proc/22277/net/avm_pa
/proc/22277/net/avm_pa/prioack
/proc/22277/net/avm_pa/hashes
/proc/22277/net/avm_pa/macaddrs
/proc/22277/net/avm_pa/bsessions
/proc/22277/net/avm_pa/sessions
/proc/22277/net/avm_pa/vpids
/proc/22277/net/avm_pa/pids
/proc/22277/net/avm_pa/stats
/proc/22277/net/avm_pa/status
/proc/22277/net/avm_pa/brief
/proc/22277/net/avm_pa/control
/proc/22278/net/avm_pa
/proc/22278/net/avm_pa/prioack
/proc/22278/net/avm_pa/hashes
/proc/22278/net/avm_pa/macaddrs
/proc/22278/net/avm_pa/bsessions
/proc/22278/net/avm_pa/sessions
/proc/22278/net/avm_pa/vpids
/proc/22278/net/avm_pa/pids
/proc/22278/net/avm_pa/stats
/proc/22278/net/avm_pa/status
/proc/22278/net/avm_pa/brief
/proc/22278/net/avm_pa/control
find: /proc/22284: No such file or directory
/proc/30504/net/avm_pa
/proc/30504/net/avm_pa/prioack
/proc/30504/net/avm_pa/hashes
/proc/30504/net/avm_pa/macaddrs
/proc/30504/net/avm_pa/bsessions
/proc/30504/net/avm_pa/sessions
/proc/30504/net/avm_pa/vpids
/proc/30504/net/avm_pa/pids
/proc/30504/net/avm_pa/stats
/proc/30504/net/avm_pa/status
/proc/30504/net/avm_pa/brief
/proc/30504/net/avm_pa/control
/sys/devices/virtual/misc/avm_pa
/sys/devices/virtual/misc/avm_pa/uevent
/sys/devices/virtual/misc/avm_pa/dev
/sys/devices/virtual/misc/avm_pa/subsystem
/sys/class/misc/avm_pa
Wird für jede Kommunikationsbeziehung mehrere Prozesse vom PA geöffnet? Was hat da nur AVM gemacht?

Lieben Gruß von Stefan Harbich
 
...ich habe die Vermutung das ich den Packet Accelerator mit dem Befehl
Code:
echo disable > /proc/net/avm_pa/control
nicht abschalten kann.

Ob der Packet Accelerator abgeschaltet ist, kannst Du mit

Code:
cat /proc/net/avm_pa/status

testen, wie hier zu lesen ist. Teste das doch mal.
Grüße,

JD.
 
Holen Sie sich 3CX - völlig kostenlos!
Verbinden Sie Ihr Team und Ihre Kunden Telefonie Livechat Videokonferenzen

Gehostet oder selbst-verwaltet. Für bis zu 10 Nutzer dauerhaft kostenlos. Keine Kreditkartendetails erforderlich. Ohne Risiko testen.

3CX
Für diese E-Mail-Adresse besteht bereits ein 3CX-Konto. Sie werden zum Kundenportal weitergeleitet, wo Sie sich anmelden oder Ihr Passwort zurücksetzen können, falls Sie dieses vergessen haben.