* [dunfell 00/15] Patch review July 24th
@ 2021-07-25 4:52 Armin Kuster
2021-07-25 4:52 ` [dunfell 01/15] vboxguestdrivers: upgrade 6.1.6 -> 6.1.12 Armin Kuster
` (14 more replies)
0 siblings, 15 replies; 16+ messages in thread
From: Armin Kuster @ 2021-07-25 4:52 UTC (permalink / raw)
To: openembedded-devel
please have comments back by Tuesday.
The following changes since commit 10082fce3b6ddeaaae4df95f7f002356942b7577:
postgresql: update to 12.7 (2021-07-17 07:42:33 -0700)
are available in the Git repository at:
git://git.openembedded.org/meta-openembedded-contrib stable/dunfell-nut
http://cgit.openembedded.org/meta-openembedded-contrib/log/?h=stable/dunfell-nut
Armin Kuster (2):
mariadb: update to 10.4.20
hiawatha: fix url.
Bruce Ashfield (1):
vboxguestdrivers: fix build against kernel v5.10+
Gianfranco (5):
vboxguestdrivers: upgrade 6.1.16 -> 6.1.18
vboxguestdrivers: Add patch proposed upstream to fix a build failure
on i386
vboxguestdrivers: upgrade 6.1.18 -> 6.1.20
vboxguestdrivers: upgrade 6.1.20 -> 6.1.22
vboxguestdrivers: add a fix for build failure with kernel 5.13
Gianfranco Costamagna (3):
vboxguestdrivers: upgrade 6.1.6 -> 6.1.12
vboxguestdrivers: upgrade 6.1.12 -> 6.1.14 Drop kernel 5.8
compatibility patch, now part of upstream codebase
vboxguestdrivers: upgrade 6.1.14 -> 6.1.16
Hongxu Jia (1):
vboxguestdrivers: fix failed to compile with kernel 5.8.0
Jate Sujjavanich (1):
ufw: backport patches, update RRECOMMENDS, python3 support, tests
Khem Raj (2):
vboxguestdrivers: Fix build with kernel 5.8
vboxguestdrivers: Add __divmoddi4 builtin support
.../0006-check-requirements-get-error.patch | 36 +
...se-conntrack-instead-of-state-module.patch | 14903 ++++++++++++++++
...8-support-.-setup.py-build-LP-819600.patch | 93 +
...st-runtime-tests-to-use-daytime-port.patch | 2895 +++
...IPT_MODULES-and-update-documentation.patch | 106 +
...nts--simplify-and-support-python-3.8.patch | 33 +
...tect-openembedded-python-interpreter.patch | 33 +
...setup-only-make-one-reference-to-env.patch | 14 +-
.../recipes-connectivity/ufw/ufw_0.33.bb | 49 +-
...e_10.4.17.bb => mariadb-native_10.4.20.bb} | 0
meta-oe/recipes-dbs/mysql/mariadb.inc | 4 +-
...{mariadb_10.4.17.bb => mariadb_10.4.20.bb} | 0
.../40-linux-5.13-support.patch | 276 +
.../vboxguestdrivers/add__divmoddi4.patch | 36 +
...rs_6.1.6.bb => vboxguestdrivers_6.1.22.bb} | 9 +-
.../recipes-httpd/hiawatha/hiawatha_10.10.bb | 2 +-
16 files changed, 18476 insertions(+), 13 deletions(-)
create mode 100644 meta-networking/recipes-connectivity/ufw/ufw/0006-check-requirements-get-error.patch
create mode 100644 meta-networking/recipes-connectivity/ufw/ufw/0007-use-conntrack-instead-of-state-module.patch
create mode 100644 meta-networking/recipes-connectivity/ufw/ufw/0008-support-.-setup.py-build-LP-819600.patch
create mode 100644 meta-networking/recipes-connectivity/ufw/ufw/0009-adjust-runtime-tests-to-use-daytime-port.patch
create mode 100644 meta-networking/recipes-connectivity/ufw/ufw/0010-empty-out-IPT_MODULES-and-update-documentation.patch
create mode 100644 meta-networking/recipes-connectivity/ufw/ufw/0011-tests-check-requirements--simplify-and-support-python-3.8.patch
create mode 100644 meta-networking/recipes-connectivity/ufw/ufw/Add-code-to-detect-openembedded-python-interpreter.patch
rename meta-oe/recipes-dbs/mysql/{mariadb-native_10.4.17.bb => mariadb-native_10.4.20.bb} (100%)
rename meta-oe/recipes-dbs/mysql/{mariadb_10.4.17.bb => mariadb_10.4.20.bb} (100%)
create mode 100644 meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/40-linux-5.13-support.patch
create mode 100644 meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/add__divmoddi4.patch
rename meta-oe/recipes-support/vboxguestdrivers/{vboxguestdrivers_6.1.6.bb => vboxguestdrivers_6.1.22.bb} (90%)
--
2.25.1
^ permalink raw reply [flat|nested] 16+ messages in thread
* [dunfell 01/15] vboxguestdrivers: upgrade 6.1.6 -> 6.1.12
2021-07-25 4:52 [dunfell 00/15] Patch review July 24th Armin Kuster
@ 2021-07-25 4:52 ` Armin Kuster
2021-07-25 4:52 ` [dunfell 02/15] vboxguestdrivers: fix failed to compile with kernel 5.8.0 Armin Kuster
` (13 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Armin Kuster @ 2021-07-25 4:52 UTC (permalink / raw)
To: openembedded-devel
From: Gianfranco Costamagna <costamagna.gianfranco@gmail.com>
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 21bc66202e18a7b214869e3654b8547ea0ea9cbd)
[Stable branch]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../{vboxguestdrivers_6.1.6.bb => vboxguestdrivers_6.1.12.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta-oe/recipes-support/vboxguestdrivers/{vboxguestdrivers_6.1.6.bb => vboxguestdrivers_6.1.12.bb} (95%)
diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.6.bb b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.12.bb
similarity index 95%
rename from meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.6.bb
rename to meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.12.bb
index 89b1ee11e2..dfa15da2db 100644
--- a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.6.bb
+++ b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.12.bb
@@ -14,8 +14,8 @@ VBOX_NAME = "VirtualBox-${PV}"
SRC_URI = "http://download.virtualbox.org/virtualbox/${PV}/${VBOX_NAME}.tar.bz2 \
file://Makefile.utils \
"
-SRC_URI[md5sum] = "fe6328d22dfb20ea372daa4b58b12374"
-SRC_URI[sha256sum] = "b031c30d770f28c5f884071ad933e8c1f83e65b93aaba03a4012077c1d90a54f"
+SRC_URI[md5sum] = "3c351f7fd6376e0bb3c8489505a9450c"
+SRC_URI[sha256sum] = "05eff0321daa72f6d00fb121a6b4211f39964778823806fa0b7b751667dec362"
S = "${WORKDIR}/vbox_module"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [dunfell 02/15] vboxguestdrivers: fix failed to compile with kernel 5.8.0
2021-07-25 4:52 [dunfell 00/15] Patch review July 24th Armin Kuster
2021-07-25 4:52 ` [dunfell 01/15] vboxguestdrivers: upgrade 6.1.6 -> 6.1.12 Armin Kuster
@ 2021-07-25 4:52 ` Armin Kuster
2021-07-25 4:52 ` [dunfell 03/15] vboxguestdrivers: Fix build with kernel 5.8 Armin Kuster
` (12 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Armin Kuster @ 2021-07-25 4:52 UTC (permalink / raw)
To: openembedded-devel
From: Hongxu Jia <hongxu.jia@windriver.com>
Backport patches from upstream [1] to fix the issue
It also requires to apply a patch on 5.8 kernel [2]
[1] https://www.virtualbox.org/ticket/19644
[2] https://www.virtualbox.org/raw-attachment/ticket/19644/local_patches
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 9c10ed4baa95648b7735757121e3af8b0aeb8e06)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../0001-fixes_for_mm_struct.patch | 176 ++++++++++++++++++
.../0002-fixes_for_module_memory.patch | 65 +++++++
...03-fixes_for_changes_in_cpu_tlbstate.patch | 39 ++++
.../vboxguestdrivers/kernel-5.8-4.patch | 19 ++
.../vboxguestdrivers_6.1.12.bb | 7 +-
5 files changed, 305 insertions(+), 1 deletion(-)
create mode 100644 meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0001-fixes_for_mm_struct.patch
create mode 100644 meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0002-fixes_for_module_memory.patch
create mode 100644 meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0003-fixes_for_changes_in_cpu_tlbstate.patch
create mode 100644 meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/kernel-5.8-4.patch
diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0001-fixes_for_mm_struct.patch b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0001-fixes_for_mm_struct.patch
new file mode 100644
index 0000000000..1ad5ce51bf
--- /dev/null
+++ b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0001-fixes_for_mm_struct.patch
@@ -0,0 +1,176 @@
+From 98070c936931879d2b8e22939724b5a0689721d0 Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Tue, 18 Aug 2020 17:48:29 +0800
+Subject: [PATCH 1/3] fixes_for_mm_struct
+
+Upstream-Status: Backport [https://www.virtualbox.org/ticket/19644]
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ .../Runtime/r0drv/linux/memobj-r0drv-linux.c | 74 +++++++++++++++++--
+ 1 file changed, 67 insertions(+), 7 deletions(-)
+
+diff --git a/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c b/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c
+index 37389bcc..cdc7e8e6 100644
+--- a/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c
++++ b/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c
+@@ -222,9 +222,17 @@ static void *rtR0MemObjLinuxDoMmap(RTR3PTR R3PtrFixed, size_t cb, size_t uAlignm
+ #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 5, 0)
+ ulAddr = vm_mmap(NULL, R3PtrFixed, cb, fLnxProt, MAP_SHARED | MAP_ANONYMOUS | MAP_FIXED, 0);
+ #else
++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
+ down_write(&pTask->mm->mmap_sem);
++#else
++ down_write(&pTask->mm->mmap_lock);
++#endif
+ ulAddr = do_mmap(NULL, R3PtrFixed, cb, fLnxProt, MAP_SHARED | MAP_ANONYMOUS | MAP_FIXED, 0);
++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
+ up_write(&pTask->mm->mmap_sem);
++#else
++ up_write(&pTask->mm->mmap_lock);
++#endif
+ #endif
+ }
+ else
+@@ -232,9 +240,17 @@ static void *rtR0MemObjLinuxDoMmap(RTR3PTR R3PtrFixed, size_t cb, size_t uAlignm
+ #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 5, 0)
+ ulAddr = vm_mmap(NULL, 0, cb, fLnxProt, MAP_SHARED | MAP_ANONYMOUS, 0);
+ #else
++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
+ down_write(&pTask->mm->mmap_sem);
++#else
++ down_write(&pTask->mm->mmap_lock);
++#endif
+ ulAddr = do_mmap(NULL, 0, cb, fLnxProt, MAP_SHARED | MAP_ANONYMOUS, 0);
++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
+ up_write(&pTask->mm->mmap_sem);
++#else
++ up_write(&pTask->mm->mmap_lock);
++#endif
+ #endif
+ if ( !(ulAddr & ~PAGE_MASK)
+ && (ulAddr & (uAlignment - 1)))
+@@ -269,13 +285,29 @@ static void rtR0MemObjLinuxDoMunmap(void *pv, size_t cb, struct task_struct *pTa
+ Assert(pTask == current); RT_NOREF_PV(pTask);
+ vm_munmap((unsigned long)pv, cb);
+ #elif defined(USE_RHEL4_MUNMAP)
++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
+ down_write(&pTask->mm->mmap_sem);
++#else
++ down_write(&pTask->mm->mmap_lock);
++#endif
+ do_munmap(pTask->mm, (unsigned long)pv, cb, 0); /* should it be 1 or 0? */
++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
+ up_write(&pTask->mm->mmap_sem);
+ #else
++ up_write(&pTask->mm->mmap_lock);
++#endif
++#else
++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
+ down_write(&pTask->mm->mmap_sem);
++#else
++ down_write(&pTask->mm->mmap_lock);
++#endif
+ do_munmap(pTask->mm, (unsigned long)pv, cb);
++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
+ up_write(&pTask->mm->mmap_sem);
++#else
++ up_write(&pTask->mm->mmap_lock);
++#endif
+ #endif
+ }
+
+@@ -593,7 +625,11 @@ DECLHIDDEN(int) rtR0MemObjNativeFree(RTR0MEMOBJ pMem)
+ size_t iPage;
+ Assert(pTask);
+ if (pTask && pTask->mm)
+- down_read(&pTask->mm->mmap_sem);
++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
++ down_read(&pTask->mm->mmap_sem);
++#else
++ down_read(&pTask->mm->mmap_lock);
++#endif
+
+ iPage = pMemLnx->cPages;
+ while (iPage-- > 0)
+@@ -608,7 +644,11 @@ DECLHIDDEN(int) rtR0MemObjNativeFree(RTR0MEMOBJ pMem)
+ }
+
+ if (pTask && pTask->mm)
+- up_read(&pTask->mm->mmap_sem);
++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
++ up_read(&pTask->mm->mmap_sem);
++#else
++ up_read(&pTask->mm->mmap_lock);
++#endif
+ }
+ /* else: kernel memory - nothing to do here. */
+ break;
+@@ -1076,7 +1116,11 @@ DECLHIDDEN(int) rtR0MemObjNativeLockUser(PPRTR0MEMOBJINTERNAL ppMem, RTR3PTR R3P
+ papVMAs = (struct vm_area_struct **)RTMemAlloc(sizeof(*papVMAs) * cPages);
+ if (papVMAs)
+ {
+- down_read(&pTask->mm->mmap_sem);
++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
++ down_read(&pTask->mm->mmap_sem);
++#else
++ down_read(&pTask->mm->mmap_lock);
++#endif
+
+ /*
+ * Get user pages.
+@@ -1162,7 +1206,11 @@ DECLHIDDEN(int) rtR0MemObjNativeLockUser(PPRTR0MEMOBJINTERNAL ppMem, RTR3PTR R3P
+ papVMAs[rc]->vm_flags |= VM_DONTCOPY | VM_LOCKED;
+ }
+
+- up_read(&pTask->mm->mmap_sem);
++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
++ up_read(&pTask->mm->mmap_sem);
++#else
++ up_read(&pTask->mm->mmap_lock);
++#endif
+
+ RTMemFree(papVMAs);
+
+@@ -1189,7 +1237,11 @@ DECLHIDDEN(int) rtR0MemObjNativeLockUser(PPRTR0MEMOBJINTERNAL ppMem, RTR3PTR R3P
+ #endif
+ }
+
+- up_read(&pTask->mm->mmap_sem);
++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
++ up_read(&pTask->mm->mmap_sem);
++#else
++ up_read(&pTask->mm->mmap_lock);
++#endif
+
+ RTMemFree(papVMAs);
+ rc = VERR_LOCK_FAILED;
+@@ -1604,7 +1656,11 @@ DECLHIDDEN(int) rtR0MemObjNativeMapUser(PPRTR0MEMOBJINTERNAL ppMem, RTR0MEMOBJ p
+ const size_t cPages = (offSub + cbSub) >> PAGE_SHIFT;
+ size_t iPage;
+
+- down_write(&pTask->mm->mmap_sem);
++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
++ down_write(&pTask->mm->mmap_sem);
++#else
++ down_write(&pTask->mm->mmap_lock);
++#endif
+
+ rc = VINF_SUCCESS;
+ if (pMemLnxToMap->cPages)
+@@ -1721,7 +1777,11 @@ DECLHIDDEN(int) rtR0MemObjNativeMapUser(PPRTR0MEMOBJINTERNAL ppMem, RTR0MEMOBJ p
+ }
+ #endif /* CONFIG_NUMA_BALANCING */
+
+- up_write(&pTask->mm->mmap_sem);
++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
++ up_write(&pTask->mm->mmap_sem);
++#else
++ up_write(&pTask->mm->mmap_lock);
++#endif
+
+ if (RT_SUCCESS(rc))
+ {
+--
+2.18.2
+
diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0002-fixes_for_module_memory.patch b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0002-fixes_for_module_memory.patch
new file mode 100644
index 0000000000..a3cfc3b370
--- /dev/null
+++ b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0002-fixes_for_module_memory.patch
@@ -0,0 +1,65 @@
+From bb580f7b601e5395a2f8fcb2485387035273320f Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Tue, 18 Aug 2020 17:49:34 +0800
+Subject: [PATCH 2/3] fixes_for_module_memory
+
+Upstream-Status: Backport [https://www.virtualbox.org/ticket/19644]
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ .../Runtime/r0drv/linux/alloc-r0drv-linux.c | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/src/VBox/Runtime/r0drv/linux/alloc-r0drv-linux.c b/src/VBox/Runtime/r0drv/linux/alloc-r0drv-linux.c
+index bbb8acc6..45cd34c7 100644
+--- a/src/VBox/Runtime/r0drv/linux/alloc-r0drv-linux.c
++++ b/src/VBox/Runtime/r0drv/linux/alloc-r0drv-linux.c
+@@ -153,6 +153,8 @@ RT_EXPORT_SYMBOL(RTR0MemExecDonate);
+
+
+ #ifdef RTMEMALLOC_EXEC_VM_AREA
++
++
+ /**
+ * Allocate executable kernel memory in the module range.
+ *
+@@ -168,7 +170,12 @@ static PRTMEMHDR rtR0MemAllocExecVmArea(size_t cb)
+ struct vm_struct *pVmArea;
+ size_t iPage;
+
++# if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
++ pVmArea = __get_vm_area_caller(cbAlloc, VM_ALLOC, MODULES_VADDR, MODULES_END,
++ __builtin_return_address(0));
++#else
+ pVmArea = __get_vm_area(cbAlloc, VM_ALLOC, MODULES_VADDR, MODULES_END);
++#endif
+ if (!pVmArea)
+ return NULL;
+ pVmArea->nr_pages = 0; /* paranoia? */
+@@ -201,14 +208,21 @@ static PRTMEMHDR rtR0MemAllocExecVmArea(size_t cb)
+ # endif
+ pVmArea->nr_pages = cPages;
+ pVmArea->pages = papPages;
+- if (!map_vm_area(pVmArea, PAGE_KERNEL_EXEC,
++# if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
++ unsigned long start = (unsigned long)pVmArea->addr;
++ unsigned long size = get_vm_area_size(pVmArea);
++
++ if (!map_kernel_range(start, size, PAGE_KERNEL_EXEC, papPages))
++#else
++ if (!map_vm_area(pVmArea, PAGE_KERNEL_EXEC,
+ # if LINUX_VERSION_CODE < KERNEL_VERSION(3, 17, 0)
+ &papPagesIterator
+ # else
+ papPages
+ # endif
+ ))
+- {
++#endif
++ {
+ PRTMEMLNXHDREX pHdrEx = (PRTMEMLNXHDREX)pVmArea->addr;
+ pHdrEx->pVmArea = pVmArea;
+ pHdrEx->pvDummy = NULL;
+--
+2.18.2
+
diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0003-fixes_for_changes_in_cpu_tlbstate.patch b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0003-fixes_for_changes_in_cpu_tlbstate.patch
new file mode 100644
index 0000000000..6a3e63f63d
--- /dev/null
+++ b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0003-fixes_for_changes_in_cpu_tlbstate.patch
@@ -0,0 +1,39 @@
+From 6089974a81b1b44e1d2dfa5af1fdc110dfee40c1 Mon Sep 17 00:00:00 2001
+From: Hongxu Jia <hongxu.jia@windriver.com>
+Date: Tue, 18 Aug 2020 17:51:24 +0800
+Subject: [PATCH 3/3] fixes_for_changes_in_cpu_tlbstate
+
+Upstream-Status: Backport [https://www.virtualbox.org/ticket/19644]
+
+Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
+---
+ src/VBox/HostDrivers/Support/linux/SUPDrv-linux.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/src/VBox/HostDrivers/Support/linux/SUPDrv-linux.c b/src/VBox/HostDrivers/Support/linux/SUPDrv-linux.c
+index c7d0d99a..2e7aa6e1 100644
+--- a/src/VBox/HostDrivers/Support/linux/SUPDrv-linux.c
++++ b/src/VBox/HostDrivers/Support/linux/SUPDrv-linux.c
+@@ -757,12 +757,19 @@ EXPORT_SYMBOL(SUPDrvLinuxIDC);
+ RTCCUINTREG VBOXCALL supdrvOSChangeCR4(RTCCUINTREG fOrMask, RTCCUINTREG fAndMask)
+ {
+ #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 20, 0)
++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
+ RTCCUINTREG uOld = this_cpu_read(cpu_tlbstate.cr4);
++#else
++ RTCCUINTREG uOld = __read_cr4();
++#endif
+ RTCCUINTREG uNew = (uOld & fAndMask) | fOrMask;
+ if (uNew != uOld)
+ {
++#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
+ this_cpu_write(cpu_tlbstate.cr4, uNew);
+ __write_cr4(uNew);
++#endif
++ ASMSetCR4(uNew);
+ }
+ #else
+ RTCCUINTREG uOld = ASMGetCR4();
+--
+2.18.2
+
diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/kernel-5.8-4.patch b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/kernel-5.8-4.patch
new file mode 100644
index 0000000000..cb4148fc79
--- /dev/null
+++ b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/kernel-5.8-4.patch
@@ -0,0 +1,19 @@
+Description: Fix kernel 5.8 forbidding use of vermagic.h header file
+Author: Gianfranco Costamagna <locutusofborg@debian.org>
+Origin: https://www.virtualbox.org/ticket/19644
+Bug-Ubuntu: https://launchpad.net/bugs/1884652
+Last-Update: 2020-08-10
+
+--- virtualbox-6.1.12-dfsg.orig/src/VBox/Additions/linux/sharedfolders/vfsmod.c
++++ virtualbox-6.1.12-dfsg/src/VBox/Additions/linux/sharedfolders/vfsmod.c
+@@ -53,7 +53,9 @@
+ #include <linux/seq_file.h>
+ #include <linux/vfs.h>
+ #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 5, 62)
+-# include <linux/vermagic.h>
++# if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
++# include <linux/vermagic.h>
++# endif
+ #endif
+ #include <VBox/err.h>
+ #include <iprt/path.h>
diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.12.bb b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.12.bb
index dfa15da2db..e57df58d6c 100644
--- a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.12.bb
+++ b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.12.bb
@@ -12,12 +12,17 @@ COMPATIBLE_MACHINE = "(qemux86|qemux86-64)"
VBOX_NAME = "VirtualBox-${PV}"
SRC_URI = "http://download.virtualbox.org/virtualbox/${PV}/${VBOX_NAME}.tar.bz2 \
+ file://0001-fixes_for_mm_struct.patch \
+ file://0002-fixes_for_module_memory.patch \
+ file://0003-fixes_for_changes_in_cpu_tlbstate.patch \
+ file://kernel-5.8-4.patch \
file://Makefile.utils \
"
SRC_URI[md5sum] = "3c351f7fd6376e0bb3c8489505a9450c"
SRC_URI[sha256sum] = "05eff0321daa72f6d00fb121a6b4211f39964778823806fa0b7b751667dec362"
-S = "${WORKDIR}/vbox_module"
+S ?= "${WORKDIR}/vbox_module"
+S_task-patch = "${WORKDIR}/${VBOX_NAME}"
export BUILD_TARGET_ARCH="${ARCH}"
export BUILD_TARGET_ARCH_x86-64="amd64"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [dunfell 03/15] vboxguestdrivers: Fix build with kernel 5.8
2021-07-25 4:52 [dunfell 00/15] Patch review July 24th Armin Kuster
2021-07-25 4:52 ` [dunfell 01/15] vboxguestdrivers: upgrade 6.1.6 -> 6.1.12 Armin Kuster
2021-07-25 4:52 ` [dunfell 02/15] vboxguestdrivers: fix failed to compile with kernel 5.8.0 Armin Kuster
@ 2021-07-25 4:52 ` Armin Kuster
2021-07-25 4:52 ` [dunfell 04/15] vboxguestdrivers: upgrade 6.1.12 -> 6.1.14 Drop kernel 5.8 compatibility patch, now part of upstream codebase Armin Kuster
` (11 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Armin Kuster @ 2021-07-25 4:52 UTC (permalink / raw)
To: openembedded-devel
From: Khem Raj <raj.khem@gmail.com>
Remove patches which are already covered in this new patch
Fixes
step1b: ERROR: modpost: "__get_vm_area_caller" [/home/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/qemux86_64-poky-linux/vboxguestdrivers/6.1.12-r0/vboxguestdrivers-6.1.12/vboxguest/vboxguest.ko] undefined!
step1b: ERROR: modpost: "map_kernel_range" [/home/pokybuild/yocto-worker/meta-oe/build/build/tmp/work/qemux86_64-poky-linux/vboxguestdrivers/6.1.12-r0/vboxguestdrivers-6.1.12/vboxguest/vboxguest.ko] undefined!
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 5efb06176add13c4b8287c9972651dcac94adf79)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../0001-fixes_for_mm_struct.patch | 176 -
.../0002-fixes_for_module_memory.patch | 65 -
...03-fixes_for_changes_in_cpu_tlbstate.patch | 39 -
.../vboxguestdrivers/021-linux-5-8.patch | 5046 +++++++++++++++++
.../vboxguestdrivers/kernel-5.8-4.patch | 19 -
.../vboxguestdrivers_6.1.12.bb | 5 +-
6 files changed, 5047 insertions(+), 303 deletions(-)
delete mode 100644 meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0001-fixes_for_mm_struct.patch
delete mode 100644 meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0002-fixes_for_module_memory.patch
delete mode 100644 meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0003-fixes_for_changes_in_cpu_tlbstate.patch
create mode 100644 meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/021-linux-5-8.patch
delete mode 100644 meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/kernel-5.8-4.patch
diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0001-fixes_for_mm_struct.patch b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0001-fixes_for_mm_struct.patch
deleted file mode 100644
index 1ad5ce51bf..0000000000
--- a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0001-fixes_for_mm_struct.patch
+++ /dev/null
@@ -1,176 +0,0 @@
-From 98070c936931879d2b8e22939724b5a0689721d0 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Tue, 18 Aug 2020 17:48:29 +0800
-Subject: [PATCH 1/3] fixes_for_mm_struct
-
-Upstream-Status: Backport [https://www.virtualbox.org/ticket/19644]
-
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- .../Runtime/r0drv/linux/memobj-r0drv-linux.c | 74 +++++++++++++++++--
- 1 file changed, 67 insertions(+), 7 deletions(-)
-
-diff --git a/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c b/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c
-index 37389bcc..cdc7e8e6 100644
---- a/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c
-+++ b/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c
-@@ -222,9 +222,17 @@ static void *rtR0MemObjLinuxDoMmap(RTR3PTR R3PtrFixed, size_t cb, size_t uAlignm
- #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 5, 0)
- ulAddr = vm_mmap(NULL, R3PtrFixed, cb, fLnxProt, MAP_SHARED | MAP_ANONYMOUS | MAP_FIXED, 0);
- #else
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
- down_write(&pTask->mm->mmap_sem);
-+#else
-+ down_write(&pTask->mm->mmap_lock);
-+#endif
- ulAddr = do_mmap(NULL, R3PtrFixed, cb, fLnxProt, MAP_SHARED | MAP_ANONYMOUS | MAP_FIXED, 0);
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
- up_write(&pTask->mm->mmap_sem);
-+#else
-+ up_write(&pTask->mm->mmap_lock);
-+#endif
- #endif
- }
- else
-@@ -232,9 +240,17 @@ static void *rtR0MemObjLinuxDoMmap(RTR3PTR R3PtrFixed, size_t cb, size_t uAlignm
- #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 5, 0)
- ulAddr = vm_mmap(NULL, 0, cb, fLnxProt, MAP_SHARED | MAP_ANONYMOUS, 0);
- #else
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
- down_write(&pTask->mm->mmap_sem);
-+#else
-+ down_write(&pTask->mm->mmap_lock);
-+#endif
- ulAddr = do_mmap(NULL, 0, cb, fLnxProt, MAP_SHARED | MAP_ANONYMOUS, 0);
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
- up_write(&pTask->mm->mmap_sem);
-+#else
-+ up_write(&pTask->mm->mmap_lock);
-+#endif
- #endif
- if ( !(ulAddr & ~PAGE_MASK)
- && (ulAddr & (uAlignment - 1)))
-@@ -269,13 +285,29 @@ static void rtR0MemObjLinuxDoMunmap(void *pv, size_t cb, struct task_struct *pTa
- Assert(pTask == current); RT_NOREF_PV(pTask);
- vm_munmap((unsigned long)pv, cb);
- #elif defined(USE_RHEL4_MUNMAP)
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
- down_write(&pTask->mm->mmap_sem);
-+#else
-+ down_write(&pTask->mm->mmap_lock);
-+#endif
- do_munmap(pTask->mm, (unsigned long)pv, cb, 0); /* should it be 1 or 0? */
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
- up_write(&pTask->mm->mmap_sem);
- #else
-+ up_write(&pTask->mm->mmap_lock);
-+#endif
-+#else
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
- down_write(&pTask->mm->mmap_sem);
-+#else
-+ down_write(&pTask->mm->mmap_lock);
-+#endif
- do_munmap(pTask->mm, (unsigned long)pv, cb);
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
- up_write(&pTask->mm->mmap_sem);
-+#else
-+ up_write(&pTask->mm->mmap_lock);
-+#endif
- #endif
- }
-
-@@ -593,7 +625,11 @@ DECLHIDDEN(int) rtR0MemObjNativeFree(RTR0MEMOBJ pMem)
- size_t iPage;
- Assert(pTask);
- if (pTask && pTask->mm)
-- down_read(&pTask->mm->mmap_sem);
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
-+ down_read(&pTask->mm->mmap_sem);
-+#else
-+ down_read(&pTask->mm->mmap_lock);
-+#endif
-
- iPage = pMemLnx->cPages;
- while (iPage-- > 0)
-@@ -608,7 +644,11 @@ DECLHIDDEN(int) rtR0MemObjNativeFree(RTR0MEMOBJ pMem)
- }
-
- if (pTask && pTask->mm)
-- up_read(&pTask->mm->mmap_sem);
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
-+ up_read(&pTask->mm->mmap_sem);
-+#else
-+ up_read(&pTask->mm->mmap_lock);
-+#endif
- }
- /* else: kernel memory - nothing to do here. */
- break;
-@@ -1076,7 +1116,11 @@ DECLHIDDEN(int) rtR0MemObjNativeLockUser(PPRTR0MEMOBJINTERNAL ppMem, RTR3PTR R3P
- papVMAs = (struct vm_area_struct **)RTMemAlloc(sizeof(*papVMAs) * cPages);
- if (papVMAs)
- {
-- down_read(&pTask->mm->mmap_sem);
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
-+ down_read(&pTask->mm->mmap_sem);
-+#else
-+ down_read(&pTask->mm->mmap_lock);
-+#endif
-
- /*
- * Get user pages.
-@@ -1162,7 +1206,11 @@ DECLHIDDEN(int) rtR0MemObjNativeLockUser(PPRTR0MEMOBJINTERNAL ppMem, RTR3PTR R3P
- papVMAs[rc]->vm_flags |= VM_DONTCOPY | VM_LOCKED;
- }
-
-- up_read(&pTask->mm->mmap_sem);
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
-+ up_read(&pTask->mm->mmap_sem);
-+#else
-+ up_read(&pTask->mm->mmap_lock);
-+#endif
-
- RTMemFree(papVMAs);
-
-@@ -1189,7 +1237,11 @@ DECLHIDDEN(int) rtR0MemObjNativeLockUser(PPRTR0MEMOBJINTERNAL ppMem, RTR3PTR R3P
- #endif
- }
-
-- up_read(&pTask->mm->mmap_sem);
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
-+ up_read(&pTask->mm->mmap_sem);
-+#else
-+ up_read(&pTask->mm->mmap_lock);
-+#endif
-
- RTMemFree(papVMAs);
- rc = VERR_LOCK_FAILED;
-@@ -1604,7 +1656,11 @@ DECLHIDDEN(int) rtR0MemObjNativeMapUser(PPRTR0MEMOBJINTERNAL ppMem, RTR0MEMOBJ p
- const size_t cPages = (offSub + cbSub) >> PAGE_SHIFT;
- size_t iPage;
-
-- down_write(&pTask->mm->mmap_sem);
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
-+ down_write(&pTask->mm->mmap_sem);
-+#else
-+ down_write(&pTask->mm->mmap_lock);
-+#endif
-
- rc = VINF_SUCCESS;
- if (pMemLnxToMap->cPages)
-@@ -1721,7 +1777,11 @@ DECLHIDDEN(int) rtR0MemObjNativeMapUser(PPRTR0MEMOBJINTERNAL ppMem, RTR0MEMOBJ p
- }
- #endif /* CONFIG_NUMA_BALANCING */
-
-- up_write(&pTask->mm->mmap_sem);
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
-+ up_write(&pTask->mm->mmap_sem);
-+#else
-+ up_write(&pTask->mm->mmap_lock);
-+#endif
-
- if (RT_SUCCESS(rc))
- {
---
-2.18.2
-
diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0002-fixes_for_module_memory.patch b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0002-fixes_for_module_memory.patch
deleted file mode 100644
index a3cfc3b370..0000000000
--- a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0002-fixes_for_module_memory.patch
+++ /dev/null
@@ -1,65 +0,0 @@
-From bb580f7b601e5395a2f8fcb2485387035273320f Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Tue, 18 Aug 2020 17:49:34 +0800
-Subject: [PATCH 2/3] fixes_for_module_memory
-
-Upstream-Status: Backport [https://www.virtualbox.org/ticket/19644]
-
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- .../Runtime/r0drv/linux/alloc-r0drv-linux.c | 18 ++++++++++++++++--
- 1 file changed, 16 insertions(+), 2 deletions(-)
-
-diff --git a/src/VBox/Runtime/r0drv/linux/alloc-r0drv-linux.c b/src/VBox/Runtime/r0drv/linux/alloc-r0drv-linux.c
-index bbb8acc6..45cd34c7 100644
---- a/src/VBox/Runtime/r0drv/linux/alloc-r0drv-linux.c
-+++ b/src/VBox/Runtime/r0drv/linux/alloc-r0drv-linux.c
-@@ -153,6 +153,8 @@ RT_EXPORT_SYMBOL(RTR0MemExecDonate);
-
-
- #ifdef RTMEMALLOC_EXEC_VM_AREA
-+
-+
- /**
- * Allocate executable kernel memory in the module range.
- *
-@@ -168,7 +170,12 @@ static PRTMEMHDR rtR0MemAllocExecVmArea(size_t cb)
- struct vm_struct *pVmArea;
- size_t iPage;
-
-+# if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
-+ pVmArea = __get_vm_area_caller(cbAlloc, VM_ALLOC, MODULES_VADDR, MODULES_END,
-+ __builtin_return_address(0));
-+#else
- pVmArea = __get_vm_area(cbAlloc, VM_ALLOC, MODULES_VADDR, MODULES_END);
-+#endif
- if (!pVmArea)
- return NULL;
- pVmArea->nr_pages = 0; /* paranoia? */
-@@ -201,14 +208,21 @@ static PRTMEMHDR rtR0MemAllocExecVmArea(size_t cb)
- # endif
- pVmArea->nr_pages = cPages;
- pVmArea->pages = papPages;
-- if (!map_vm_area(pVmArea, PAGE_KERNEL_EXEC,
-+# if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
-+ unsigned long start = (unsigned long)pVmArea->addr;
-+ unsigned long size = get_vm_area_size(pVmArea);
-+
-+ if (!map_kernel_range(start, size, PAGE_KERNEL_EXEC, papPages))
-+#else
-+ if (!map_vm_area(pVmArea, PAGE_KERNEL_EXEC,
- # if LINUX_VERSION_CODE < KERNEL_VERSION(3, 17, 0)
- &papPagesIterator
- # else
- papPages
- # endif
- ))
-- {
-+#endif
-+ {
- PRTMEMLNXHDREX pHdrEx = (PRTMEMLNXHDREX)pVmArea->addr;
- pHdrEx->pVmArea = pVmArea;
- pHdrEx->pvDummy = NULL;
---
-2.18.2
-
diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0003-fixes_for_changes_in_cpu_tlbstate.patch b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0003-fixes_for_changes_in_cpu_tlbstate.patch
deleted file mode 100644
index 6a3e63f63d..0000000000
--- a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0003-fixes_for_changes_in_cpu_tlbstate.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 6089974a81b1b44e1d2dfa5af1fdc110dfee40c1 Mon Sep 17 00:00:00 2001
-From: Hongxu Jia <hongxu.jia@windriver.com>
-Date: Tue, 18 Aug 2020 17:51:24 +0800
-Subject: [PATCH 3/3] fixes_for_changes_in_cpu_tlbstate
-
-Upstream-Status: Backport [https://www.virtualbox.org/ticket/19644]
-
-Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
----
- src/VBox/HostDrivers/Support/linux/SUPDrv-linux.c | 7 +++++++
- 1 file changed, 7 insertions(+)
-
-diff --git a/src/VBox/HostDrivers/Support/linux/SUPDrv-linux.c b/src/VBox/HostDrivers/Support/linux/SUPDrv-linux.c
-index c7d0d99a..2e7aa6e1 100644
---- a/src/VBox/HostDrivers/Support/linux/SUPDrv-linux.c
-+++ b/src/VBox/HostDrivers/Support/linux/SUPDrv-linux.c
-@@ -757,12 +757,19 @@ EXPORT_SYMBOL(SUPDrvLinuxIDC);
- RTCCUINTREG VBOXCALL supdrvOSChangeCR4(RTCCUINTREG fOrMask, RTCCUINTREG fAndMask)
- {
- #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 20, 0)
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
- RTCCUINTREG uOld = this_cpu_read(cpu_tlbstate.cr4);
-+#else
-+ RTCCUINTREG uOld = __read_cr4();
-+#endif
- RTCCUINTREG uNew = (uOld & fAndMask) | fOrMask;
- if (uNew != uOld)
- {
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
- this_cpu_write(cpu_tlbstate.cr4, uNew);
- __write_cr4(uNew);
-+#endif
-+ ASMSetCR4(uNew);
- }
- #else
- RTCCUINTREG uOld = ASMGetCR4();
---
-2.18.2
-
diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/021-linux-5-8.patch b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/021-linux-5-8.patch
new file mode 100644
index 0000000000..9d45750608
--- /dev/null
+++ b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/021-linux-5-8.patch
@@ -0,0 +1,5046 @@
+fix Linux 5.8
+
+This is a squashed patch with following upstream revisions:
+
+ r85208
+ r85430
+ r85431
+ r85432
+ r85447 # context required adjustment
+ r85453
+ r85460
+ r85461 # context required adjustment
+ r85500
+ r85501
+ r85503
+ r85504
+ r85505
+ r85506
+ r85507 # context required adjustment
+ r85509
+ r85510
+ r85511
+ r85514
+ r85516
+ r85517
+ r85518
+ r85525
+ r85526
+ r85527
+ r85533
+ r85534
+ r85540
+ r85541
+ r85545
+ r85546
+ r85552
+ r85555
+ r85556
+ r85590
+
+Thanks a lot to loqs for his hard work on FS#67488!
+
+--- a/src/VBox/Runtime/r0drv/linux/time-r0drv-linux.c
++++ b/src/VBox/Runtime/r0drv/linux/time-r0drv-linux.c
+@@ -31,6 +31,12 @@
+ #define LOG_GROUP RTLOGGROUP_TIME
+ #include "the-linux-kernel.h"
+ #include "internal/iprt.h"
++/* Make sure we have the setting functions we need for RTTimeNow: */
++#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 16)
++# define RTTIME_INCL_TIMEVAL
++#elif LINUX_VERSION_CODE < KERNEL_VERSION(3, 17, 0)
++# define RTTIME_INCL_TIMESPEC
++#endif
+ #include <iprt/time.h>
+ #include <iprt/asm.h>
+
+@@ -181,22 +187,19 @@ RT_EXPORT_SYMBOL(RTTimeSystemMilliTS);
+ RTDECL(PRTTIMESPEC) RTTimeNow(PRTTIMESPEC pTime)
+ {
+ IPRT_LINUX_SAVE_EFL_AC();
+-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 16)
+-/* On Linux 4.20, time.h includes time64.h and we have to use 64-bit times. */
+-# ifdef _LINUX_TIME64_H
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 17, 0)
+ struct timespec64 Ts;
+- ktime_get_real_ts64(&Ts);
+-# else
+- struct timespec Ts;
+- ktime_get_real_ts(&Ts);
+-# endif
++ ktime_get_real_ts64(&Ts); /* ktime_get_real_ts64 was added as a macro in 3.17, function since 4.18. */
+ IPRT_LINUX_RESTORE_EFL_AC();
+-# ifdef _LINUX_TIME64_H
+ return RTTimeSpecSetTimespec64(pTime, &Ts);
+-# else
++
++#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 16)
++ struct timespec Ts;
++ ktime_get_real_ts(&Ts); /* ktime_get_real_ts was removed in Linux 4.20. */
++ IPRT_LINUX_RESTORE_EFL_AC();
+ return RTTimeSpecSetTimespec(pTime, &Ts);
+-# endif
+-#else /* < 2.6.16 */
++
++#else /* < 2.6.16 */
+ struct timeval Tv;
+ do_gettimeofday(&Tv);
+ IPRT_LINUX_RESTORE_EFL_AC();
+--- a/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c
++++ b/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c
+@@ -52,6 +52,14 @@
+ # define PAGE_READONLY_EXEC PAGE_READONLY
+ #endif
+
++/** @def IPRT_USE_ALLOC_VM_AREA_FOR_EXEC
++ * Whether we use alloc_vm_area (3.2+) for executable memory.
++ * This is a must for 5.8+, but we enable it all the way back to 3.2.x for
++ * better W^R compliance (fExecutable flag). */
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 2, 0) || defined(DOXYGEN_RUNNING)
++# define IPRT_USE_ALLOC_VM_AREA_FOR_EXEC
++#endif
++
+ /*
+ * 2.6.29+ kernels don't work with remap_pfn_range() anymore because
+ * track_pfn_vma_new() is apparently not defined for non-RAM pages.
+@@ -72,12 +80,27 @@
+ # define gfp_t unsigned
+ #endif
+
++/*
++ * Wrappers around mmap_lock/mmap_sem difference.
++ */
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
++# define LNX_MM_DOWN_READ(a_pMm) down_read(&(a_pMm)->mmap_lock)
++# define LNX_MM_UP_READ(a_pMm) up_read(&(a_pMm)->mmap_lock)
++# define LNX_MM_DOWN_WRITE(a_pMm) down_write(&(a_pMm)->mmap_lock)
++# define LNX_MM_UP_WRITE(a_pMm) up_write(&(a_pMm)->mmap_lock)
++#else
++# define LNX_MM_DOWN_READ(a_pMm) down_read(&(a_pMm)->mmap_sem)
++# define LNX_MM_UP_READ(a_pMm) up_read(&(a_pMm)->mmap_sem)
++# define LNX_MM_DOWN_WRITE(a_pMm) down_write(&(a_pMm)->mmap_sem)
++# define LNX_MM_UP_WRITE(a_pMm) up_write(&(a_pMm)->mmap_sem)
++#endif
++
+
+ /*********************************************************************************************************************************
+ * Structures and Typedefs *
+ *********************************************************************************************************************************/
+ /**
+- * The Darwin version of the memory object structure.
++ * The Linux version of the memory object structure.
+ */
+ typedef struct RTR0MEMOBJLNX
+ {
+@@ -90,11 +113,20 @@ typedef struct RTR0MEMOBJLNX
+ bool fExecutable;
+ /** Set if we've vmap'ed the memory into ring-0. */
+ bool fMappedToRing0;
++#ifdef IPRT_USE_ALLOC_VM_AREA_FOR_EXEC
++ /** Return from alloc_vm_area() that we now need to use for executable
++ * memory. */
++ struct vm_struct *pArea;
++ /** PTE array that goes along with pArea (must be freed). */
++ pte_t **papPtesForArea;
++#endif
+ /** The pages in the apPages array. */
+ size_t cPages;
+ /** Array of struct page pointers. (variable size) */
+ struct page *apPages[1];
+-} RTR0MEMOBJLNX, *PRTR0MEMOBJLNX;
++} RTR0MEMOBJLNX;
++/** Pointer to the linux memory object. */
++typedef RTR0MEMOBJLNX *PRTR0MEMOBJLNX;
+
+
+ static void rtR0MemObjLinuxFreePages(PRTR0MEMOBJLNX pMemLnx);
+@@ -182,7 +214,7 @@ static pgprot_t rtR0MemObjLinuxConvertPr
+ * Worker for rtR0MemObjNativeReserveUser and rtR0MemObjNativerMapUser that creates
+ * an empty user space mapping.
+ *
+- * We acquire the mmap_sem of the task!
++ * We acquire the mmap_sem/mmap_lock of the task!
+ *
+ * @returns Pointer to the mapping.
+ * (void *)-1 on failure.
+@@ -222,9 +254,9 @@ static void *rtR0MemObjLinuxDoMmap(RTR3P
+ #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 5, 0)
+ ulAddr = vm_mmap(NULL, R3PtrFixed, cb, fLnxProt, MAP_SHARED | MAP_ANONYMOUS | MAP_FIXED, 0);
+ #else
+- down_write(&pTask->mm->mmap_sem);
++ LNX_MM_DOWN_WRITE(pTask->mm);
+ ulAddr = do_mmap(NULL, R3PtrFixed, cb, fLnxProt, MAP_SHARED | MAP_ANONYMOUS | MAP_FIXED, 0);
+- up_write(&pTask->mm->mmap_sem);
++ LNX_MM_UP_WRITE(pTask->mm);
+ #endif
+ }
+ else
+@@ -232,9 +264,9 @@ static void *rtR0MemObjLinuxDoMmap(RTR3P
+ #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 5, 0)
+ ulAddr = vm_mmap(NULL, 0, cb, fLnxProt, MAP_SHARED | MAP_ANONYMOUS, 0);
+ #else
+- down_write(&pTask->mm->mmap_sem);
++ LNX_MM_DOWN_WRITE(pTask->mm);
+ ulAddr = do_mmap(NULL, 0, cb, fLnxProt, MAP_SHARED | MAP_ANONYMOUS, 0);
+- up_write(&pTask->mm->mmap_sem);
++ LNX_MM_UP_WRITE(pTask->mm);
+ #endif
+ if ( !(ulAddr & ~PAGE_MASK)
+ && (ulAddr & (uAlignment - 1)))
+@@ -257,7 +289,7 @@ static void *rtR0MemObjLinuxDoMmap(RTR3P
+ * Worker that destroys a user space mapping.
+ * Undoes what rtR0MemObjLinuxDoMmap did.
+ *
+- * We acquire the mmap_sem of the task!
++ * We acquire the mmap_sem/mmap_lock of the task!
+ *
+ * @param pv The ring-3 mapping.
+ * @param cb The size of the mapping.
+@@ -269,13 +301,13 @@ static void rtR0MemObjLinuxDoMunmap(void
+ Assert(pTask == current); RT_NOREF_PV(pTask);
+ vm_munmap((unsigned long)pv, cb);
+ #elif defined(USE_RHEL4_MUNMAP)
+- down_write(&pTask->mm->mmap_sem);
++ LNX_MM_DOWN_WRITE(pTask->mm);
+ do_munmap(pTask->mm, (unsigned long)pv, cb, 0); /* should it be 1 or 0? */
+- up_write(&pTask->mm->mmap_sem);
++ LNX_MM_UP_WRITE(pTask->mm);
+ #else
+- down_write(&pTask->mm->mmap_sem);
++ LNX_MM_DOWN_WRITE(pTask->mm);
+ do_munmap(pTask->mm, (unsigned long)pv, cb);
+- up_write(&pTask->mm->mmap_sem);
++ LNX_MM_UP_WRITE(pTask->mm);
+ #endif
+ }
+
+@@ -520,15 +552,49 @@ static int rtR0MemObjLinuxVMap(PRTR0MEMO
+ pgprot_val(fPg) |= _PAGE_NX;
+ # endif
+
++# ifdef IPRT_USE_ALLOC_VM_AREA_FOR_EXEC
++ if (fExecutable)
++ {
++ pte_t **papPtes = (pte_t **)kmalloc_array(pMemLnx->cPages, sizeof(papPtes[0]), GFP_KERNEL);
++ if (papPtes)
++ {
++ pMemLnx->pArea = alloc_vm_area(pMemLnx->Core.cb, papPtes); /* Note! pArea->nr_pages is not set. */
++ if (pMemLnx->pArea)
++ {
++ size_t i;
++ Assert(pMemLnx->pArea->size >= pMemLnx->Core.cb); /* Note! includes guard page. */
++ Assert(pMemLnx->pArea->addr);
++# ifdef _PAGE_NX
++ pgprot_val(fPg) |= _PAGE_NX; /* Uses RTR0MemObjProtect to clear NX when memory ready, W^X fashion. */
++# endif
++ pMemLnx->papPtesForArea = papPtes;
++ for (i = 0; i < pMemLnx->cPages; i++)
++ *papPtes[i] = mk_pte(pMemLnx->apPages[i], fPg);
++ pMemLnx->Core.pv = pMemLnx->pArea->addr;
++ pMemLnx->fMappedToRing0 = true;
++ }
++ else
++ {
++ kfree(papPtes);
++ rc = VERR_MAP_FAILED;
++ }
++ }
++ else
++ rc = VERR_MAP_FAILED;
++ }
++ else
++# endif
++ {
+ # ifdef VM_MAP
+- pMemLnx->Core.pv = vmap(&pMemLnx->apPages[0], pMemLnx->cPages, VM_MAP, fPg);
++ pMemLnx->Core.pv = vmap(&pMemLnx->apPages[0], pMemLnx->cPages, VM_MAP, fPg);
+ # else
+- pMemLnx->Core.pv = vmap(&pMemLnx->apPages[0], pMemLnx->cPages, VM_ALLOC, fPg);
++ pMemLnx->Core.pv = vmap(&pMemLnx->apPages[0], pMemLnx->cPages, VM_ALLOC, fPg);
+ # endif
+- if (pMemLnx->Core.pv)
+- pMemLnx->fMappedToRing0 = true;
+- else
+- rc = VERR_MAP_FAILED;
++ if (pMemLnx->Core.pv)
++ pMemLnx->fMappedToRing0 = true;
++ else
++ rc = VERR_MAP_FAILED;
++ }
+ #else /* < 2.4.22 */
+ rc = VERR_NOT_SUPPORTED;
+ #endif
+@@ -554,6 +620,22 @@ static int rtR0MemObjLinuxVMap(PRTR0MEMO
+ static void rtR0MemObjLinuxVUnmap(PRTR0MEMOBJLNX pMemLnx)
+ {
+ #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 4, 22)
++# ifdef IPRT_USE_ALLOC_VM_AREA_FOR_EXEC
++ if (pMemLnx->pArea)
++ {
++# if 0
++ pte_t **papPtes = pMemLnx->papPtesForArea;
++ size_t i;
++ for (i = 0; i < pMemLnx->cPages; i++)
++ *papPtes[i] = 0;
++# endif
++ free_vm_area(pMemLnx->pArea);
++ kfree(pMemLnx->papPtesForArea);
++ pMemLnx->pArea = NULL;
++ pMemLnx->papPtesForArea = NULL;
++ }
++ else
++# endif
+ if (pMemLnx->fMappedToRing0)
+ {
+ Assert(pMemLnx->Core.pv);
+@@ -593,7 +675,7 @@ DECLHIDDEN(int) rtR0MemObjNativeFree(RTR
+ size_t iPage;
+ Assert(pTask);
+ if (pTask && pTask->mm)
+- down_read(&pTask->mm->mmap_sem);
++ LNX_MM_DOWN_READ(pTask->mm);
+
+ iPage = pMemLnx->cPages;
+ while (iPage-- > 0)
+@@ -608,7 +690,7 @@ DECLHIDDEN(int) rtR0MemObjNativeFree(RTR
+ }
+
+ if (pTask && pTask->mm)
+- up_read(&pTask->mm->mmap_sem);
++ LNX_MM_UP_READ(pTask->mm);
+ }
+ /* else: kernel memory - nothing to do here. */
+ break;
+@@ -1076,7 +1158,7 @@ DECLHIDDEN(int) rtR0MemObjNativeLockUser
+ papVMAs = (struct vm_area_struct **)RTMemAlloc(sizeof(*papVMAs) * cPages);
+ if (papVMAs)
+ {
+- down_read(&pTask->mm->mmap_sem);
++ LNX_MM_DOWN_READ(pTask->mm);
+
+ /*
+ * Get user pages.
+@@ -1162,7 +1244,7 @@ DECLHIDDEN(int) rtR0MemObjNativeLockUser
+ papVMAs[rc]->vm_flags |= VM_DONTCOPY | VM_LOCKED;
+ }
+
+- up_read(&pTask->mm->mmap_sem);
++ LNX_MM_UP_READ(pTask->mm);
+
+ RTMemFree(papVMAs);
+
+@@ -1189,7 +1271,7 @@ DECLHIDDEN(int) rtR0MemObjNativeLockUser
+ #endif
+ }
+
+- up_read(&pTask->mm->mmap_sem);
++ LNX_MM_UP_READ(pTask->mm);
+
+ RTMemFree(papVMAs);
+ rc = VERR_LOCK_FAILED;
+@@ -1422,6 +1504,7 @@ DECLHIDDEN(int) rtR0MemObjNativeMapKerne
+ * Use vmap - 2.4.22 and later.
+ */
+ pgprot_t fPg = rtR0MemObjLinuxConvertProt(fProt, true /* kernel */);
++ /** @todo We don't really care too much for EXEC here... 5.8 always adds NX. */
+ Assert(((offSub + cbSub) >> PAGE_SHIFT) <= pMemLnxToMap->cPages);
+ # ifdef VM_MAP
+ pMemLnx->Core.pv = vmap(&pMemLnxToMap->apPages[offSub >> PAGE_SHIFT], cbSub >> PAGE_SHIFT, VM_MAP, fPg);
+@@ -1604,7 +1687,7 @@ DECLHIDDEN(int) rtR0MemObjNativeMapUser(
+ const size_t cPages = (offSub + cbSub) >> PAGE_SHIFT;
+ size_t iPage;
+
+- down_write(&pTask->mm->mmap_sem);
++ LNX_MM_DOWN_WRITE(pTask->mm);
+
+ rc = VINF_SUCCESS;
+ if (pMemLnxToMap->cPages)
+@@ -1721,7 +1804,7 @@ DECLHIDDEN(int) rtR0MemObjNativeMapUser(
+ }
+ #endif /* CONFIG_NUMA_BALANCING */
+
+- up_write(&pTask->mm->mmap_sem);
++ LNX_MM_UP_WRITE(pTask->mm);
+
+ if (RT_SUCCESS(rc))
+ {
+@@ -1753,6 +1836,29 @@ DECLHIDDEN(int) rtR0MemObjNativeMapUser(
+
+ DECLHIDDEN(int) rtR0MemObjNativeProtect(PRTR0MEMOBJINTERNAL pMem, size_t offSub, size_t cbSub, uint32_t fProt)
+ {
++# ifdef IPRT_USE_ALLOC_VM_AREA_FOR_EXEC
++ /*
++ * Currently only supported when we've got addresses PTEs from the kernel.
++ */
++ PRTR0MEMOBJLNX pMemLnx = (PRTR0MEMOBJLNX)pMem;
++ if (pMemLnx->pArea && pMemLnx->papPtesForArea)
++ {
++ pgprot_t const fPg = rtR0MemObjLinuxConvertProt(fProt, true /*fKernel*/);
++ size_t const cPages = (offSub + cbSub) >> PAGE_SHIFT;
++ pte_t **papPtes = pMemLnx->papPtesForArea;
++ size_t i;
++
++ for (i = offSub >> PAGE_SHIFT; i < cPages; i++)
++ {
++ set_pte(papPtes[i], mk_pte(pMemLnx->apPages[i], fPg));
++ }
++ preempt_disable();
++ __flush_tlb_all();
++ preempt_enable();
++ return VINF_SUCCESS;
++ }
++# endif
++
+ NOREF(pMem);
+ NOREF(offSub);
+ NOREF(cbSub);
+--- a/src/VBox/HostDrivers/Support/linux/SUPDrv-linux.c
++++ b/src/VBox/HostDrivers/Support/linux/SUPDrv-linux.c
+@@ -144,9 +144,9 @@ static int force_async_tsc = 0;
+ * Memory for the executable memory heap (in IPRT).
+ */
+ # ifdef DEBUG
+-# define EXEC_MEMORY_SIZE 8388608 /* 8 MB */
++# define EXEC_MEMORY_SIZE 10485760 /* 10 MB */
+ # else
+-# define EXEC_MEMORY_SIZE 2097152 /* 2 MB */
++# define EXEC_MEMORY_SIZE 8388608 /* 8 MB */
+ # endif
+ extern uint8_t g_abExecMemory[EXEC_MEMORY_SIZE];
+ # ifndef VBOX_WITH_TEXT_MODMEM_HACK
+@@ -756,20 +756,25 @@ EXPORT_SYMBOL(SUPDrvLinuxIDC);
+
+ RTCCUINTREG VBOXCALL supdrvOSChangeCR4(RTCCUINTREG fOrMask, RTCCUINTREG fAndMask)
+ {
+-#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 20, 0)
+- RTCCUINTREG uOld = this_cpu_read(cpu_tlbstate.cr4);
+- RTCCUINTREG uNew = (uOld & fAndMask) | fOrMask;
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
++ RTCCUINTREG const uOld = __read_cr4();
++#elif LINUX_VERSION_CODE >= KERNEL_VERSION(3, 20, 0)
++ RTCCUINTREG const uOld = this_cpu_read(cpu_tlbstate.cr4);
++#else
++ RTCCUINTREG const uOld = ASMGetCR4();
++#endif
++ RTCCUINTREG const uNew = (uOld & fAndMask) | fOrMask;
+ if (uNew != uOld)
+ {
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
++ ASMSetCR4(uNew);
++#elif LINUX_VERSION_CODE >= KERNEL_VERSION(3, 20, 0)
+ this_cpu_write(cpu_tlbstate.cr4, uNew);
+ __write_cr4(uNew);
+- }
+ #else
+- RTCCUINTREG uOld = ASMGetCR4();
+- RTCCUINTREG uNew = (uOld & fAndMask) | fOrMask;
+- if (uNew != uOld)
+ ASMSetCR4(uNew);
+ #endif
++ }
+ return uOld;
+ }
+
+--- a/src/VBox/Additions/linux/sharedfolders/vfsmod.c
++++ b/src/VBox/Additions/linux/sharedfolders/vfsmod.c
+@@ -52,7 +52,7 @@
+ #endif
+ #include <linux/seq_file.h>
+ #include <linux/vfs.h>
+-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 5, 62)
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 5, 62) && LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
+ # include <linux/vermagic.h>
+ #endif
+ #include <VBox/err.h>
+--- a/Config.kmk
++++ b/Config.kmk
+@@ -4462,15 +4462,20 @@ endif # pe
+
+ ifeq ($(VBOX_LDR_FMT),elf)
+ TEMPLATE_VBoxR0_TOOL = $(VBOX_GCC_TOOL)
+-TEMPLATE_VBoxR0_CFLAGS = -fno-pie -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_C) $(VBOX_GCC_Wno-variadic-macros) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) -fno-strict-aliasing -fno-exceptions $(VBOX_GCC_fno-stack-protector) -fno-common $(VBOX_GCC_fvisibility-hidden) -std=gnu99 $(VBOX_GCC_IPRT_FMT_CHECK)
+-TEMPLATE_VBoxR0_CXXFLAGS = -fno-pie -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_CXX) $(VBOX_GCC_Wno-variadic-macros) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) -fno-strict-aliasing -fno-exceptions $(VBOX_GCC_fno-stack-protector) -fno-common $(VBOX_GCC_fvisibility-inlines-hidden) $(VBOX_GCC_fvisibility-hidden) -fno-rtti $(VBOX_GCC_IPRT_FMT_CHECK)
+-TEMPLATE_VBoxR0_CFLAGS.amd64 = -m64 -mno-red-zone -mcmodel=kernel -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fasynchronous-unwind-tables -ffreestanding
+-TEMPLATE_VBoxR0_CXXFLAGS.amd64 = -m64 -mno-red-zone -mcmodel=kernel -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fasynchronous-unwind-tables
++TEMPLATE_VBoxR0_CFLAGS = -fno-pie -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_C) \
++ $(VBOX_GCC_Wno-variadic-macros) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) -fno-strict-aliasing -fno-exceptions \
++ $(VBOX_GCC_fno-stack-protector) -fno-common $(VBOX_GCC_fvisibility-hidden) -std=gnu99 $(VBOX_GCC_IPRT_FMT_CHECK)
++TEMPLATE_VBoxR0_CXXFLAGS = -fno-pie -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_CXX) \
++ $(VBOX_GCC_Wno-variadic-macros) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) -fno-strict-aliasing -fno-exceptions \
++ $(VBOX_GCC_fno-stack-protector) -fno-common $(VBOX_GCC_fvisibility-inlines-hidden) $(VBOX_GCC_fvisibility-hidden) \
++ -fno-rtti $(VBOX_GCC_std) $(VBOX_GCC_IPRT_FMT_CHECK)
+++TEMPLATE_VBoxR0_CFLAGS.amd64 = -m64 -mno-red-zone -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fasynchronous-unwind-tables -ffreestanding
+++TEMPLATE_VBoxR0_CXXFLAGS.amd64 = -m64 -mno-red-zone -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fasynchronous-unwind-tables
+ TEMPLATE_VBoxR0_CXXFLAGS.freebsd = -ffreestanding
+ if $(VBOX_GCC_VERSION_CC) < 30400
+ TEMPLATE_VBoxR0_DEFS += RT_WITHOUT_PRAGMA_ONCE
+ endif
+-ifeq ($(KBUILD_TARGET),solaris)
++ ifeq ($(KBUILD_TARGET),solaris)
+ TEMPLATE_VBoxR0_LDFLAGS = -r
+ TEMPLATE_VBoxR0_LDFLAGS.solaris = -u _init -u _info
+ TEMPLATE_VBoxR0_LIBS.solaris = \
+@@ -4481,19 +4486,32 @@ ifeq ($(KBUILD_TARGET),solaris)
+ endif
+ # Solaris driver signing.
+ TEMPLATE_VBoxR0_POST_CMDS = $(VBOX_SIGN_DRIVER_CMDS)
+-else
++ else
+ TEMPLATE_VBoxR0_LDFLAGS = -nostdlib -Bsymbolic -g
+ ## @todo WTF doesn't the globals work? Debug info is supposed to be split everywhere. GRR
+ TEMPLATE_VBoxR0_LD_DEBUG = split
+-endif
+-ifn1of ($(KBUILD_TARGET),solaris freebsd)
++ endif
++ if1of ($(KBUILD_TARGET), linux)
++VBOX_WITH_VBOXR0_AS_DLL = 1
++TEMPLATE_VBoxR0_DLLSUFF = .r0
++TEMPLATE_VBoxR0_CFLAGS += -fPIC
++TEMPLATE_VBoxR0_CXXFLAGS += -fPIC
++TEMPLATE_VBoxR0_LDFLAGS +=
++TEMPLATE_VBoxR0_DTRACE_HDR_FLAGS += --pic
++TEMPLATE_VBoxR0_DTRACE_OBJ_FLAGS += --pic
++ else
++TEMPLATE_VBoxR0_CFLAGS.amd64 += -mcmodel=kernel
++TEMPLATE_VBoxR0_CXXFLAGS.amd64 += -mcmodel=kernel
++ endif
++ ifn1of ($(KBUILD_TARGET),solaris freebsd)
+ TEMPLATE_VBoxR0_LIBS = \
+ $(VBOX_GCC_LIBGCC) # intrinsics
+-endif
+-if1of ($(KBUILD_TARGET),linux)
+- TEMPLATE_VBoxR0_POST_CMDS = $(if $(eq $(tool_do),LINK_SYSMOD),if readelf -S $(out)|grep -q "[cd]tors"; then echo "Found ctors/dtors in $(out)!"; exit 1; fi)
+-endif
+-endif
++ endif
++ if1of ($(KBUILD_TARGET),linux)
++ TEMPLATE_VBoxR0_POST_CMDS += $(NLTAB)\
++ $(if $(eq $(tool_do),LINK_SYSMOD),if readelf -S $(out)|grep -q "[cd]tors"; then echo "Found ctors/dtors in $(out)!"; exit 1; fi)
++ endif
++endif # elf
+
+ ifeq ($(VBOX_LDR_FMT),macho)
+ TEMPLATE_VBoxR0_TOOL = $(VBOX_GCC_TOOL)
+--- a/tools/bin/gen-slickedit-workspace.sh
++++ b/tools/bin/gen-slickedit-workspace.sh
+@@ -496,11 +496,13 @@ my_generate_usercpp_h()
+ #
+ # Probe the slickedit user config, picking the most recent version.
+ #
++ MY_VSLICK_DB_OLD=
+ if test -z "${MY_SLICK_CONFIG}"; then
+ if test -d "${HOME}/Library/Application Support/SlickEdit"; then
+ MY_SLICKDIR_="${HOME}/Library/Application Support/SlickEdit"
+ MY_USERCPP_H="unxcpp.h"
+ MY_VSLICK_DB="vslick.sta" # was .stu earlier, 24 is using .sta.
++ MY_VSLICK_DB_OLD="vslick.stu"
+ elif test -d "${HOMEDRIVE}${HOMEPATH}/Documents/My SlickEdit Config"; then
+ MY_SLICKDIR_="${HOMEDRIVE}${HOMEPATH}/Documents/My SlickEdit Config"
+ MY_USERCPP_H="usercpp.h"
+@@ -508,7 +510,8 @@ my_generate_usercpp_h()
+ else
+ MY_SLICKDIR_="${HOME}/.slickedit"
+ MY_USERCPP_H="unxcpp.h"
+- MY_VSLICK_DB="vslick.stu"
++ MY_VSLICK_DB="vslick.sta"
++ MY_VSLICK_DB_OLD="vslick.stu"
+ fi
+ else
+ MY_SLICKDIR_="${MY_SLICK_CONFIG}"
+@@ -517,7 +520,8 @@ my_generate_usercpp_h()
+ MY_VSLICK_DB="vslick.sta"
+ else
+ MY_USERCPP_H="unxcpp.h"
+- MY_VSLICK_DB="vslick.stu"
++ MY_VSLICK_DB="vslick.sta"
++ MY_VSLICK_DB_OLD="vslick.stu"
+ fi
+ # MacOS: Implement me!
+ fi
+@@ -526,7 +530,9 @@ my_generate_usercpp_h()
+ MY_VER="0.0.0"
+ for subdir in "${MY_SLICKDIR_}/"*;
+ do
+- if test -f "${subdir}/${MY_USERCPP_H}" -o -f "${subdir}/${MY_VSLICK_DB}"; then
++ if test -f "${subdir}/${MY_USERCPP_H}" \
++ -o -f "${subdir}/${MY_VSLICK_DB}" \
++ -o '(' -n "${MY_VSLICK_DB_OLD}" -a -f "${subdir}/${MY_VSLICK_DB_OLD}" ')'; then
+ MY_CUR_VER_NUM=0
+ MY_CUR_VER=`echo "${subdir}" | ${MY_SED} -e 's,^.*/,,g'`
+
+@@ -561,6 +567,7 @@ my_generate_usercpp_h()
+ echo "Found SlickEdit v${MY_VER} preprocessor file: ${MY_USERCPP_H_FULL}"
+ else
+ echo "Failed to locate SlickEdit preprocessor file. You need to manually merge ${MY_USERCPP_H}."
++ echo "dbg: MY_SLICKDIR=${MY_SLICKDIR} MY_USERCPP_H_FULL=${MY_USERCPP_H_FULL}"
+ MY_USERCPP_H_FULL=""
+ fi
+
+@@ -717,6 +724,10 @@ EOF
+ #define RTASN1TYPE_STANDARD_PROTOTYPES_NO_GET_CORE(a_TypeNm, a_DeclMacro, a_ImplExtNm) int a_ImplExtNm##_Init(P##a_TypeNm pThis, PCRTASN1ALLOCATORVTABLE pAllocator); int a_ImplExtNm##_Clone(P##a_TypeNm pThis, PC##a_TypeNm) pSrc, PCRTASN1ALLOCATORVTABLE pAllocator); void a_ImplExtNm##_Delete(P##a_TypeNm pThis); int a_ImplExtNm##_Enum(P##a_TypeNm pThis, PFNRTASN1ENUMCALLBACK pfnCallback, uint32_t uDepth, void *pvUser); int a_ImplExtNm##_Compare(PC##a_TypeNm) pLeft, PC##a_TypeNm pRight); int a_ImplExtNm##_DecodeAsn1(PRTASN1CURSOR pCursor, uint32_t fFlags, P##a_TypeNm pThis, const char *pszErrorTag); int a_ImplExtNm##_CheckSanity(PC##a_TypeNm pThis, uint32_t fFlags, PRTERRINFO pErrInfo, const char *pszErrorTag)
+ #define RTASN1TYPE_STANDARD_PROTOTYPES(a_TypeNm, a_DeclMacro, a_ImplExtNm, a_Asn1CoreNm) inline PRTASN1CORE a_ImplExtNm##_GetAsn1Core(PC##a_TypeNm pThis) { return (PRTASN1CORE)&pThis->a_Asn1CoreNm; } inline bool a_ImplExtNm##_IsPresent(PC##a_TypeNm pThis) { return pThis && RTASN1CORE_IS_PRESENT(&pThis->a_Asn1CoreNm); } RTASN1TYPE_STANDARD_PROTOTYPES_NO_GET_CORE(a_TypeNm, a_DeclMacro, a_ImplExtNm)
+
++#define RTLDRELF_NAME(name) rtldrELF64##name
++#define RTLDRELF_SUFF(name) name##64
++#define RTLDRELF_MID(pre,suff) pre##64##suff
++
+ #define BS3_DECL(type) type
+ #define BS3_DECL_CALLBACK(type) type
+ #define TMPL_NM(name) name##_mmm
+--- a/include/iprt/asmdefs.mac
++++ b/include/iprt/asmdefs.mac
+@@ -841,18 +841,18 @@ size NAME(%1 %+ _EndProc) 0
+ ; is defined and RT_WITHOUT_NOCRT_WRAPPERS isn't.
+ ;
+ %macro RT_NOCRT_BEGINPROC 1
+-%ifdef RT_WITH_NOCRT_ALIASES
+-BEGINPROC RT_NOCRT(%1)
+-%ifdef ASM_FORMAT_ELF
++ %ifdef RT_WITH_NOCRT_ALIASES
++BEGINPROC_EXPORTED RT_NOCRT(%1)
++ %ifdef ASM_FORMAT_ELF
+ global NAME(%1)
+ weak NAME(%1)
+ NAME(%1):
+-%else
++ %else
+ GLOBALNAME %1
+-%endif
+-%else ; !RT_WITH_NOCRT_ALIASES
+-BEGINPROC RT_NOCRT(%1)
+-%endif ; !RT_WITH_NOCRT_ALIASES
++ %endif
++ %else ; !RT_WITH_NOCRT_ALIASES
++BEGINPROC_EXPORTED RT_NOCRT(%1)
++ %endif ; !RT_WITH_NOCRT_ALIASES
+ %endmacro ; RT_NOCRT_BEGINPROC
+
+ %ifdef RT_WITH_NOCRT_ALIASES
+--- a/src/VBox/Runtime/testcase/tstLdr-4.cpp
++++ b/src/VBox/Runtime/testcase/tstLdr-4.cpp
+@@ -35,9 +35,9 @@
+ #include <iprt/assert.h>
+ #include <iprt/param.h>
+ #include <iprt/path.h>
+-#include <iprt/initterm.h>
+ #include <iprt/err.h>
+ #include <iprt/string.h>
++#include <iprt/test.h>
+
+ #include <VBox/sup.h>
+
+@@ -45,8 +45,9 @@
+ /*********************************************************************************************************************************
+ * Global Variables *
+ *********************************************************************************************************************************/
+-static SUPGLOBALINFOPAGE g_MyGip = { SUPGLOBALINFOPAGE_MAGIC, SUPGLOBALINFOPAGE_VERSION, SUPGIPMODE_INVARIANT_TSC, 42 };
+-static PSUPGLOBALINFOPAGE g_pMyGip = &g_MyGip;
++static RTTEST g_hTest;
++static SUPGLOBALINFOPAGE g_MyGip = { SUPGLOBALINFOPAGE_MAGIC, SUPGLOBALINFOPAGE_VERSION, SUPGIPMODE_INVARIANT_TSC, 42 };
++static PSUPGLOBALINFOPAGE g_pMyGip = &g_MyGip;
+
+ extern "C" DECLEXPORT(int) DisasmTest1(void);
+
+@@ -58,6 +59,60 @@ static DECLCALLBACK(int) testEnumSegment
+ " link=%RTptr LB %RTptr align=%RTptr fProt=%#x offFile=%RTfoff\n"
+ , *piSeg, pSeg->RVA, pSeg->cbMapped, pSeg->pszName,
+ pSeg->LinkAddress, pSeg->cb, pSeg->Alignment, pSeg->fProt, pSeg->offFile);
++
++ if (pSeg->RVA != NIL_RTLDRADDR)
++ {
++ RTTESTI_CHECK(pSeg->cbMapped != NIL_RTLDRADDR);
++ RTTESTI_CHECK(pSeg->cbMapped >= pSeg->cb);
++ }
++ else
++ {
++ RTTESTI_CHECK(pSeg->cbMapped == NIL_RTLDRADDR);
++ }
++
++ /*
++ * Do some address conversion tests:
++ */
++ if (pSeg->cbMapped != NIL_RTLDRADDR)
++ {
++ /* RTLdrRvaToSegOffset: */
++ uint32_t iSegConv = ~(uint32_t)42;
++ RTLDRADDR offSegConv = ~(RTLDRADDR)22;
++ int rc = RTLdrRvaToSegOffset(hLdrMod, pSeg->RVA, &iSegConv, &offSegConv);
++ if (RT_FAILURE(rc))
++ RTTestIFailed("RTLdrRvaToSegOffset failed on Seg #%u / RVA %#RTptr: %Rrc", *piSeg, pSeg->RVA, rc);
++ else if (iSegConv != *piSeg || offSegConv != 0)
++ RTTestIFailed("RTLdrRvaToSegOffset on Seg #%u / RVA %#RTptr returned: iSegConv=%#x offSegConv=%RTptr, expected %#x and 0",
++ *piSeg, pSeg->RVA, iSegConv, offSegConv, *piSeg);
++
++ /* RTLdrSegOffsetToRva: */
++ RTLDRADDR uRvaConv = ~(RTLDRADDR)22;
++ rc = RTLdrSegOffsetToRva(hLdrMod, *piSeg, 0, &uRvaConv);
++ if (RT_FAILURE(rc))
++ RTTestIFailed("RTLdrSegOffsetToRva failed on Seg #%u / off 0: %Rrc", *piSeg, rc);
++ else if (uRvaConv != pSeg->RVA)
++ RTTestIFailed("RTLdrSegOffsetToRva on Seg #%u / off 0 returned: %RTptr, expected %RTptr", *piSeg, uRvaConv, pSeg->RVA);
++
++ /* RTLdrLinkAddressToRva: */
++ uRvaConv = ~(RTLDRADDR)22;
++ rc = RTLdrLinkAddressToRva(hLdrMod, pSeg->LinkAddress, &uRvaConv);
++ if (RT_FAILURE(rc))
++ RTTestIFailed("RTLdrLinkAddressToRva failed on Seg #%u / %RTptr: %Rrc", *piSeg, pSeg->LinkAddress, rc);
++ else if (uRvaConv != pSeg->RVA)
++ RTTestIFailed("RTLdrLinkAddressToRva on Seg #%u / %RTptr returned: %RTptr, expected %RTptr",
++ *piSeg, pSeg->LinkAddress, uRvaConv, pSeg->RVA);
++
++ /* RTLdrLinkAddressToSegOffset: */
++ iSegConv = ~(uint32_t)42;
++ offSegConv = ~(RTLDRADDR)22;
++ rc = RTLdrLinkAddressToSegOffset(hLdrMod, pSeg->LinkAddress, &iSegConv, &offSegConv);
++ if (RT_FAILURE(rc))
++ RTTestIFailed("RTLdrLinkAddressToSegOffset failed on Seg #%u / %#RTptr: %Rrc", *piSeg, pSeg->LinkAddress, rc);
++ else if (iSegConv != *piSeg || offSegConv != 0)
++ RTTestIFailed("RTLdrLinkAddressToSegOffset on Seg #%u / %#RTptr returned: iSegConv=%#x offSegConv=%RTptr, expected %#x and 0",
++ *piSeg, pSeg->LinkAddress, iSegConv, offSegConv, *piSeg);
++ }
++
+ *piSeg += 1;
+ RT_NOREF(hLdrMod);
+ return VINF_SUCCESS;
+@@ -125,12 +180,12 @@ static DECLCALLBACK(int) testGetImport(R
+ * regions the for compare usage. The third is loaded into one
+ * and then relocated between the two and other locations a few times.
+ *
+- * @returns number of errors.
+ * @param pszFilename The file to load the mess with.
+ */
+-static int testLdrOne(const char *pszFilename)
++static void testLdrOne(const char *pszFilename)
+ {
+- int cErrors = 0;
++ RTTestSub(g_hTest, RTPathFilename(pszFilename));
++
+ size_t cbImage = 0;
+ struct Load
+ {
+@@ -155,9 +210,8 @@ static int testLdrOne(const char *pszFil
+ rc = RTLdrOpen(pszFilename, 0, RTLDRARCH_WHATEVER, &aLoads[i].hLdrMod);
+ if (RT_FAILURE(rc))
+ {
+- RTPrintf("tstLdr-4: Failed to open '%s'/%d, rc=%Rrc. aborting test.\n", pszFilename, i, rc);
++ RTTestIFailed("tstLdr-4: Failed to open '%s'/%d, rc=%Rrc. aborting test.", pszFilename, i, rc);
+ Assert(aLoads[i].hLdrMod == NIL_RTLDRMOD);
+- cErrors++;
+ break;
+ }
+
+@@ -165,8 +219,7 @@ static int testLdrOne(const char *pszFil
+ size_t cb = RTLdrSize(aLoads[i].hLdrMod);
+ if (cbImage && cb != cbImage)
+ {
+- RTPrintf("tstLdr-4: Size mismatch '%s'/%d. aborting test.\n", pszFilename, i);
+- cErrors++;
++ RTTestIFailed("tstLdr-4: Size mismatch '%s'/%d. aborting test.", pszFilename, i);
+ break;
+ }
+ aLoads[i].cbBits = cbImage = cb;
+@@ -175,8 +228,7 @@ static int testLdrOne(const char *pszFil
+ aLoads[i].pvBits = RTMemExecAlloc(cb);
+ if (!aLoads[i].pvBits)
+ {
+- RTPrintf("tstLdr-4: Out of memory '%s'/%d cbImage=%d. aborting test.\n", pszFilename, i, cbImage);
+- cErrors++;
++ RTTestIFailed("Out of memory '%s'/%d cbImage=%d. aborting test.", pszFilename, i, cbImage);
+ break;
+ }
+
+@@ -184,8 +236,7 @@ static int testLdrOne(const char *pszFil
+ rc = RTLdrGetBits(aLoads[i].hLdrMod, aLoads[i].pvBits, (uintptr_t)aLoads[i].pvBits, testGetImport, NULL);
+ if (RT_FAILURE(rc))
+ {
+- RTPrintf("tstLdr-4: Failed to get bits for '%s'/%d, rc=%Rrc. aborting test\n", pszFilename, i, rc);
+- cErrors++;
++ RTTestIFailed("Failed to get bits for '%s'/%d, rc=%Rrc. aborting test", pszFilename, i, rc);
+ break;
+ }
+ }
+@@ -193,7 +244,7 @@ static int testLdrOne(const char *pszFil
+ /*
+ * Execute the code.
+ */
+- if (!cErrors)
++ if (!RTTestSubErrorCount(g_hTest))
+ {
+ for (i = 0; i < RT_ELEMENTS(aLoads); i += 1)
+ {
+@@ -209,22 +260,18 @@ static int testLdrOne(const char *pszFil
+ UINT32_MAX, "_DisasmTest1", &Value);
+ if (RT_FAILURE(rc))
+ {
+- RTPrintf("tstLdr-4: Failed to get symbol \"DisasmTest1\" from load #%d: %Rrc\n", i, rc);
+- cErrors++;
++ RTTestIFailed("Failed to get symbol \"DisasmTest1\" from load #%d: %Rrc", i, rc);
+ break;
+ }
+ DECLCALLBACKPTR(int, pfnDisasmTest1)(void) = (DECLCALLBACKPTR(int, RT_NOTHING)(void))(uintptr_t)Value; /* eeeh. */
+- RTPrintf("tstLdr-4: pfnDisasmTest1=%p / add-symbol-file %s %#x\n", pfnDisasmTest1, pszFilename, aLoads[i].pvBits);
++ RTPrintf("tstLdr-4: pfnDisasmTest1=%p / add-symbol-file %s %#p\n", pfnDisasmTest1, pszFilename, aLoads[i].pvBits);
+ uint32_t iSeg = 0;
+ RTLdrEnumSegments(aLoads[i].hLdrMod, testEnumSegment, &iSeg);
+
+ /* call the test function. */
+ rc = pfnDisasmTest1();
+ if (rc)
+- {
+- RTPrintf("tstLdr-4: load #%d Test1 -> %#x\n", i, rc);
+- cErrors++;
+- }
++ RTTestIFailed("load #%d Test1 -> %#x", i, rc);
+
+ /* While we're here, check a couple of RTLdrQueryProp calls too */
+ void *pvBits = aLoads[i].pvBits;
+@@ -255,56 +302,42 @@ static int testLdrOne(const char *pszFil
+ {
+ rc = RTLdrClose(aLoads[i].hLdrMod);
+ if (RT_FAILURE(rc))
+- {
+- RTPrintf("tstLdr-4: Failed to close '%s' i=%d, rc=%Rrc.\n", pszFilename, i, rc);
+- cErrors++;
+- }
++ RTTestIFailed("Failed to close '%s' i=%d, rc=%Rrc.", pszFilename, i, rc);
+ }
+ }
+
+- return cErrors;
+ }
+
+
+
+-int main(int argc, char **argv)
++int main()
+ {
+- int cErrors = 0;
+- RTR3InitExe(argc, &argv, 0);
++ RTEXITCODE rcExit = RTTestInitAndCreate("tstLdr-4", &g_hTest);
++ if (rcExit != RTEXITCODE_SUCCESS)
++ return rcExit;
+
+ /*
+ * Sanity check.
+ */
+ int rc = DisasmTest1();
+- if (rc)
++ if (rc == 0)
+ {
+- RTPrintf("tstLdr-4: FATAL ERROR - DisasmTest1 is buggy: rc=%#x\n", rc);
+- return 1;
+- }
++ /*
++ * Execute the test.
++ */
++ char szPath[RTPATH_MAX];
++ rc = RTPathExecDir(szPath, sizeof(szPath) - sizeof("/tstLdrObjR0.r0"));
++ if (RT_SUCCESS(rc))
++ {
++ strcat(szPath, "/tstLdrObjR0.r0");
+
+- /*
+- * Execute the test.
+- */
+- char szPath[RTPATH_MAX];
+- rc = RTPathExecDir(szPath, sizeof(szPath) - sizeof("/tstLdrObjR0.r0"));
+- if (RT_SUCCESS(rc))
+- {
+- strcat(szPath, "/tstLdrObjR0.r0");
+- RTPrintf("tstLdr-4: TESTING '%s'...\n", szPath);
+- cErrors += testLdrOne(szPath);
++ testLdrOne(szPath);
++ }
++ else
++ RTTestIFailed("RTPathExecDir -> %Rrc", rc);
+ }
+ else
+- {
+- RTPrintf("tstLdr-4: RTPathExecDir -> %Rrc\n", rc);
+- cErrors++;
+- }
++ RTTestIFailed("FATAL ERROR - DisasmTest1 is buggy: rc=%#x", rc);
+
+- /*
+- * Test result summary.
+- */
+- if (!cErrors)
+- RTPrintf("tstLdr-4: SUCCESS\n");
+- else
+- RTPrintf("tstLdr-4: FAILURE - %d errors\n", cErrors);
+- return !!cErrors;
++ return RTTestSummaryAndDestroy(g_hTest);
+ }
+--- a/include/iprt/formats/elf-common.h
++++ b/include/iprt/formats/elf-common.h
+@@ -198,6 +198,12 @@ typedef struct {
+ #define PT_LOPROC 0x70000000 /* First processor-specific type. */
+ #define PT_HIPROC 0x7fffffff /* Last processor-specific type. */
+
++#define PT_GNU_EH_FRAME 0x6474e550 /**< GNU/Linux -> .eh_frame_hdr */
++#define PT_GNU_STACK 0x6474e551 /**< GNU/Linux -> stack prot (RWX or RW) */
++#define PT_GNU_RELRO 0x6474e552 /**< GNU/Linux -> make RO after relocations */
++#define PT_GNU_PROPERTY 0x6474e553 /**< GNU/Linux -> .note.gnu.property */
++
++
+ /* Values for p_flags. */
+ #define PF_X 0x1 /* Executable. */
+ #define PF_W 0x2 /* Writable. */
+--- a/src/VBox/Runtime/common/ldr/ldrELF.cpp
++++ b/src/VBox/Runtime/common/ldr/ldrELF.cpp
+@@ -51,9 +51,11 @@
+ * Defined Constants And Macros *
+ *********************************************************************************************************************************/
+ /** Finds an ELF symbol table string. */
+-#define ELF_STR(pHdrs, iStr) ((pHdrs)->pStr + (iStr))
++#define ELF_STR(pHdrs, iStr) ((pHdrs)->Rel.pStr + (iStr))
++/** Finds an ELF symbol table string. */
++#define ELF_DYN_STR(pHdrs, iStr) ((pHdrs)->Dyn.pStr + (iStr))
+ /** Finds an ELF section header string. */
+-#define ELF_SH_STR(pHdrs, iStr) ((pHdrs)->pShStr + (iStr))
++#define ELF_SH_STR(pHdrs, iStr) ((pHdrs)->pShStr + (iStr))
+
+
+
+@@ -62,6 +64,7 @@
+ *********************************************************************************************************************************/
+ #ifdef LOG_ENABLED
+ static const char *rtldrElfGetShdrType(uint32_t iType);
++static const char *rtldrElfGetPhdrType(uint32_t iType);
+ #endif
+
+
+@@ -81,6 +84,7 @@ static const char *rtldrElfGetShdrType(u
+
+
+ #ifdef LOG_ENABLED
++
+ /**
+ * Gets the section type.
+ *
+@@ -91,23 +95,51 @@ static const char *rtldrElfGetShdrType(u
+ {
+ switch (iType)
+ {
+- case SHT_NULL: return "SHT_NULL";
+- case SHT_PROGBITS: return "SHT_PROGBITS";
+- case SHT_SYMTAB: return "SHT_SYMTAB";
+- case SHT_STRTAB: return "SHT_STRTAB";
+- case SHT_RELA: return "SHT_RELA";
+- case SHT_HASH: return "SHT_HASH";
+- case SHT_DYNAMIC: return "SHT_DYNAMIC";
+- case SHT_NOTE: return "SHT_NOTE";
+- case SHT_NOBITS: return "SHT_NOBITS";
+- case SHT_REL: return "SHT_REL";
+- case SHT_SHLIB: return "SHT_SHLIB";
+- case SHT_DYNSYM: return "SHT_DYNSYM";
++ RT_CASE_RET_STR(SHT_NULL);
++ RT_CASE_RET_STR(SHT_PROGBITS);
++ RT_CASE_RET_STR(SHT_SYMTAB);
++ RT_CASE_RET_STR(SHT_STRTAB);
++ RT_CASE_RET_STR(SHT_RELA);
++ RT_CASE_RET_STR(SHT_HASH);
++ RT_CASE_RET_STR(SHT_DYNAMIC);
++ RT_CASE_RET_STR(SHT_NOTE);
++ RT_CASE_RET_STR(SHT_NOBITS);
++ RT_CASE_RET_STR(SHT_REL);
++ RT_CASE_RET_STR(SHT_SHLIB);
++ RT_CASE_RET_STR(SHT_DYNSYM);
+ default:
+ return "";
+ }
+ }
+-#endif
++
++/**
++ * Gets the program header type.
++ *
++ * @returns Pointer to read only string.
++ * @param iType The section type index.
++ */
++static const char *rtldrElfGetPhdrType(uint32_t iType)
++{
++ switch (iType)
++ {
++ RT_CASE_RET_STR(PT_NULL);
++ RT_CASE_RET_STR(PT_LOAD);
++ RT_CASE_RET_STR(PT_DYNAMIC);
++ RT_CASE_RET_STR(PT_INTERP);
++ RT_CASE_RET_STR(PT_NOTE);
++ RT_CASE_RET_STR(PT_SHLIB);
++ RT_CASE_RET_STR(PT_PHDR);
++ RT_CASE_RET_STR(PT_TLS);
++ RT_CASE_RET_STR(PT_GNU_EH_FRAME);
++ RT_CASE_RET_STR(PT_GNU_STACK);
++ RT_CASE_RET_STR(PT_GNU_RELRO);
++ RT_CASE_RET_STR(PT_GNU_PROPERTY);
++ default:
++ return "";
++ }
++}
++
++#endif /* LOG_ENABLED*/
+
+
+ /**
+@@ -124,8 +156,6 @@ DECLHIDDEN(int) rtldrELFOpen(PRTLDRREADE
+ {
+ const char *pszLogName = pReader->pfnLogName(pReader); NOREF(pszLogName);
+
+- RT_NOREF_PV(pErrInfo); /** @todo implement */
+-
+ /*
+ * Read the ident to decide if this is 32-bit or 64-bit
+ * and worth dealing with.
+@@ -134,6 +164,7 @@ DECLHIDDEN(int) rtldrELFOpen(PRTLDRREADE
+ int rc = pReader->pfnRead(pReader, &e_ident, sizeof(e_ident), 0);
+ if (RT_FAILURE(rc))
+ return rc;
++
+ if ( e_ident[EI_MAG0] != ELFMAG0
+ || e_ident[EI_MAG1] != ELFMAG1
+ || e_ident[EI_MAG2] != ELFMAG2
+@@ -141,19 +172,17 @@ DECLHIDDEN(int) rtldrELFOpen(PRTLDRREADE
+ || ( e_ident[EI_CLASS] != ELFCLASS32
+ && e_ident[EI_CLASS] != ELFCLASS64)
+ )
+- {
+- Log(("RTLdrELF: %s: Unsupported/invalid ident %.*Rhxs\n", pszLogName, sizeof(e_ident), e_ident));
+- return VERR_BAD_EXE_FORMAT;
+- }
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: Unsupported/invalid ident %.*Rhxs", pszLogName, sizeof(e_ident), e_ident);
++
+ if (e_ident[EI_DATA] != ELFDATA2LSB)
+- {
+- Log(("RTLdrELF: %s: ELF endian %x is unsupported\n", pszLogName, e_ident[EI_DATA]));
+- return VERR_LDRELF_ODD_ENDIAN;
+- }
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_LDRELF_ODD_ENDIAN,
++ "%s: ELF endian %x is unsupported", pszLogName, e_ident[EI_DATA]);
++
+ if (e_ident[EI_CLASS] == ELFCLASS32)
+- rc = rtldrELF32Open(pReader, fFlags, enmArch, phLdrMod);
++ rc = rtldrELF32Open(pReader, fFlags, enmArch, phLdrMod, pErrInfo);
+ else
+- rc = rtldrELF64Open(pReader, fFlags, enmArch, phLdrMod);
++ rc = rtldrELF64Open(pReader, fFlags, enmArch, phLdrMod, pErrInfo);
+ return rc;
+ }
+
+--- a/src/VBox/Runtime/common/ldr/ldrELFRelocatable.cpp.h
++++ b/src/VBox/Runtime/common/ldr/ldrELFRelocatable.cpp.h
+@@ -29,31 +29,37 @@
+ * Defined Constants And Macros *
+ *******************************************************************************/
+ #if ELF_MODE == 32
+-#define RTLDRELF_NAME(name) rtldrELF32##name
+-#define RTLDRELF_SUFF(name) name##32
+-#define RTLDRELF_MID(pre,suff) pre##32##suff
+-#define FMT_ELF_ADDR "%08RX32"
+-#define FMT_ELF_HALF "%04RX16"
+-#define FMT_ELF_OFF "%08RX32"
+-#define FMT_ELF_SIZE "%08RX32"
+-#define FMT_ELF_SWORD "%RI32"
+-#define FMT_ELF_WORD "%08RX32"
+-#define FMT_ELF_XWORD "%08RX32"
+-#define FMT_ELF_SXWORD "%RI32"
++# define RTLDRELF_NAME(name) rtldrELF32##name
++# define RTLDRELF_SUFF(name) name##32
++# define RTLDRELF_MID(pre,suff) pre##32##suff
++# define FMT_ELF_ADDR "%08RX32"
++# define FMT_ELF_ADDR7 "%07RX32"
++# define FMT_ELF_HALF "%04RX16"
++# define FMT_ELF_OFF "%08RX32"
++# define FMT_ELF_SIZE "%08RX32"
++# define FMT_ELF_SWORD "%RI32"
++# define FMT_ELF_WORD "%08RX32"
++# define FMT_ELF_XWORD "%08RX32"
++# define FMT_ELF_SXWORD "%RI32"
++# define Elf_Xword Elf32_Word
++# define Elf_Sxword Elf32_Sword
+
+ #elif ELF_MODE == 64
+-#define RTLDRELF_NAME(name) rtldrELF64##name
+-#define RTLDRELF_SUFF(name) name##64
+-#define RTLDRELF_MID(pre,suff) pre##64##suff
+-#define FMT_ELF_ADDR "%016RX64"
+-#define FMT_ELF_HALF "%04RX16"
+-#define FMT_ELF_SHALF "%RI16"
+-#define FMT_ELF_OFF "%016RX64"
+-#define FMT_ELF_SIZE "%016RX64"
+-#define FMT_ELF_SWORD "%RI32"
+-#define FMT_ELF_WORD "%08RX32"
+-#define FMT_ELF_XWORD "%016RX64"
+-#define FMT_ELF_SXWORD "%RI64"
++# define RTLDRELF_NAME(name) rtldrELF64##name
++# define RTLDRELF_SUFF(name) name##64
++# define RTLDRELF_MID(pre,suff) pre##64##suff
++# define FMT_ELF_ADDR "%016RX64"
++# define FMT_ELF_ADDR7 "%08RX64"
++# define FMT_ELF_HALF "%04RX16"
++# define FMT_ELF_SHALF "%RI16"
++# define FMT_ELF_OFF "%016RX64"
++# define FMT_ELF_SIZE "%016RX64"
++# define FMT_ELF_SWORD "%RI32"
++# define FMT_ELF_WORD "%08RX32"
++# define FMT_ELF_XWORD "%016RX64"
++# define FMT_ELF_SXWORD "%RI64"
++# define Elf_Xword Elf64_Xword
++# define Elf_Sxword Elf64_Sxword
+ #endif
+
+ #define Elf_Ehdr RTLDRELF_MID(Elf,_Ehdr)
+@@ -74,6 +80,9 @@
+ #define RTLDRMODELF RTLDRELF_MID(RTLDRMODELF,RT_NOTHING)
+ #define PRTLDRMODELF RTLDRELF_MID(PRTLDRMODELF,RT_NOTHING)
+
++#define RTLDRMODELFSHX RTLDRELF_MID(RTLDRMODELFSHX,RT_NOTHING)
++#define PRTLDRMODELFSHX RTLDRELF_MID(PRTLDRMODELFSHX,RT_NOTHING)
++
+ #define ELF_R_SYM(info) RTLDRELF_MID(ELF,_R_SYM)(info)
+ #define ELF_R_TYPE(info) RTLDRELF_MID(ELF,_R_TYPE)(info)
+ #define ELF_R_INFO(sym, type) RTLDRELF_MID(ELF,_R_INFO)(sym, type)
+@@ -86,6 +95,20 @@
+ * Structures and Typedefs *
+ *******************************************************************************/
+ /**
++ * Extra section info.
++ */
++typedef struct RTLDRMODELFSHX
++{
++ /** The corresponding program header. */
++ uint16_t idxPhdr;
++ /** The corresponding dynamic section entry (address). */
++ uint16_t idxDt;
++ /** The DT tag. */
++ uint32_t uDtTag;
++} RTLDRMODELFSHX;
++typedef RTLDRMODELFSHX *PRTLDRMODELFSHX;
++
++/**
+ * The ELF loader structure.
+ */
+ typedef struct RTLDRMODELF
+@@ -105,36 +128,82 @@ typedef struct RTLDRMODELF
+ /** Unmodified section headers (allocated after paShdrs, so no need to free).
+ * Not valid if the image is DONE. */
+ Elf_Shdr const *paOrgShdrs;
++ /** Runs parallel to paShdrs and is part of the same allocation. */
++ PRTLDRMODELFSHX paShdrExtras;
++ /** Base section number, either 1 or zero depending on whether we've
++ * re-used the NULL entry for .elf.headers in ET_EXEC/ET_DYN. */
++ unsigned iFirstSect;
++ /** Set if the SHF_ALLOC section headers are in order of sh_addr. */
++ bool fShdrInOrder;
+ /** The size of the loaded image. */
+ size_t cbImage;
+
+ /** The image base address if it's an EXEC or DYN image. */
+ Elf_Addr LinkAddress;
+
+- /** The symbol section index. */
+- unsigned iSymSh;
+- /** Number of symbols in the table. */
+- unsigned cSyms;
+- /** Pointer to symbol table within RTLDRMODELF::pvBits. */
+- const Elf_Sym *paSyms;
+-
+- /** The string section index. */
+- unsigned iStrSh;
+- /** Size of the string table. */
+- unsigned cbStr;
+- /** Pointer to string table within RTLDRMODELF::pvBits. */
+- const char *pStr;
++ struct
++ {
++ /** The symbol section index. */
++ unsigned iSymSh;
++ /** Number of symbols in the table. */
++ unsigned cSyms;
++ /** Pointer to symbol table within RTLDRMODELF::pvBits. */
++ const Elf_Sym *paSyms;
++
++ /** The string section index. */
++ unsigned iStrSh;
++ /** Size of the string table. */
++ unsigned cbStr;
++ /** Pointer to string table within RTLDRMODELF::pvBits. */
++ const char *pStr;
++ } Rel /**< Regular symbols and strings. */
++ , Dyn /**< Dynamic symbols and strings. */;
+
+- /** Size of the section header string table. */
+- unsigned cbShStr;
+ /** Pointer to section header string table within RTLDRMODELF::pvBits. */
+ const char *pShStr;
++ /** Size of the section header string table. */
++ unsigned cbShStr;
+
+ /** The '.eh_frame' section index. Zero if not searched for, ~0U if not found. */
+ unsigned iShEhFrame;
+ /** The '.eh_frame_hdr' section index. Zero if not searched for, ~0U if not found. */
+ unsigned iShEhFrameHdr;
+-} RTLDRMODELF, *PRTLDRMODELF;
++
++ /** The '.dynamic' / SHT_DYNAMIC section index. ~0U if not present. */
++ unsigned iShDynamic;
++ /** Number of entries in paDynamic. */
++ unsigned cDynamic;
++ /** The dynamic section (NULL for ET_REL). */
++ Elf_Dyn *paDynamic;
++ /** Program headers (NULL for ET_REL). */
++ Elf_Phdr *paPhdrs;
++
++ /** Info extracted from PT_DYNAMIC and the program headers. */
++ struct
++ {
++ /** DT_RELA/DT_REL. */
++ Elf_Addr uPtrRelocs;
++ /** DT_RELASZ/DT_RELSZ. */
++ Elf_Xword cbRelocs;
++ /** Non-zero if we've seen DT_RELAENT/DT_RELENT. */
++ unsigned cbRelocEntry;
++ /** DT_RELA or DT_REL. */
++ unsigned uRelocType;
++ /** The index of the section header matching DT_RELA/DT_REL. */
++ unsigned idxShRelocs;
++
++ /** DT_JMPREL. */
++ Elf_Addr uPtrJmpRelocs;
++ /** DT_PLTRELSZ. */
++ Elf_Xword cbJmpRelocs;
++ /** DT_RELA or DT_REL (if we've seen DT_PLTREL). */
++ unsigned uJmpRelocType;
++ /** The index of the section header matching DT_JMPREL. */
++ unsigned idxShJmpRelocs;
++ } DynInfo;
++} RTLDRMODELF;
++/** Pointer to an ELF module instance. */
++typedef RTLDRMODELF *PRTLDRMODELF;
+
+
+ /**
+@@ -154,11 +223,15 @@ static int RTLDRELF_NAME(MapBits)(PRTLDR
+ if (RT_SUCCESS(rc))
+ {
+ const uint8_t *pu8 = (const uint8_t *)pModElf->pvBits;
+- if (pModElf->iSymSh != ~0U)
+- pModElf->paSyms = (const Elf_Sym *)(pu8 + pModElf->paShdrs[pModElf->iSymSh].sh_offset);
+- if (pModElf->iStrSh != ~0U)
+- pModElf->pStr = (const char *)(pu8 + pModElf->paShdrs[pModElf->iStrSh].sh_offset);
+- pModElf->pShStr = (const char *)(pu8 + pModElf->paShdrs[pModElf->Ehdr.e_shstrndx].sh_offset);
++ if (pModElf->Rel.iSymSh != ~0U)
++ pModElf->Rel.paSyms = (const Elf_Sym *)(pu8 + pModElf->paShdrs[pModElf->Rel.iSymSh].sh_offset);
++ if (pModElf->Rel.iStrSh != ~0U)
++ pModElf->Rel.pStr = (const char *)(pu8 + pModElf->paShdrs[pModElf->Rel.iStrSh].sh_offset);
++ if (pModElf->Dyn.iSymSh != ~0U)
++ pModElf->Dyn.paSyms = (const Elf_Sym *)(pu8 + pModElf->paShdrs[pModElf->Dyn.iSymSh].sh_offset);
++ if (pModElf->Dyn.iStrSh != ~0U)
++ pModElf->Dyn.pStr = (const char *)(pu8 + pModElf->paShdrs[pModElf->Dyn.iStrSh].sh_offset);
++ pModElf->pShStr = (const char *)(pu8 + pModElf->paShdrs[pModElf->Ehdr.e_shstrndx].sh_offset);
+
+ /*
+ * Verify that the ends of the string tables have a zero terminator
+@@ -167,8 +240,12 @@ static int RTLDRELF_NAME(MapBits)(PRTLDR
+ * sh_offset and sh_size were verfied in RTLDRELF_NAME(ValidateSectionHeader)() already so they
+ * are safe to use.
+ */
+- AssertMsgStmt( pModElf->iStrSh == ~0U
+- || pModElf->pStr[pModElf->paShdrs[pModElf->iStrSh].sh_size - 1] == '\0',
++ AssertMsgStmt( pModElf->Rel.iStrSh == ~0U
++ || pModElf->Rel.pStr[pModElf->paShdrs[pModElf->Rel.iStrSh].sh_size - 1] == '\0',
++ ("The string table is not zero terminated!\n"),
++ rc = VERR_LDRELF_UNTERMINATED_STRING_TAB);
++ AssertMsgStmt( pModElf->Dyn.iStrSh == ~0U
++ || pModElf->Dyn.pStr[pModElf->paShdrs[pModElf->Dyn.iStrSh].sh_size - 1] == '\0',
+ ("The string table is not zero terminated!\n"),
+ rc = VERR_LDRELF_UNTERMINATED_STRING_TAB);
+ AssertMsgStmt(pModElf->pShStr[pModElf->paShdrs[pModElf->Ehdr.e_shstrndx].sh_size - 1] == '\0',
+@@ -180,10 +257,12 @@ static int RTLDRELF_NAME(MapBits)(PRTLDR
+ /* Unmap. */
+ int rc2 = pModElf->Core.pReader->pfnUnmap(pModElf->Core.pReader, pModElf->pvBits);
+ AssertRC(rc2);
+- pModElf->pvBits = NULL;
+- pModElf->paSyms = NULL;
+- pModElf->pStr = NULL;
+- pModElf->pShStr = NULL;
++ pModElf->pvBits = NULL;
++ pModElf->Rel.paSyms = NULL;
++ pModElf->Rel.pStr = NULL;
++ pModElf->Dyn.paSyms = NULL;
++ pModElf->Dyn.pStr = NULL;
++ pModElf->pShStr = NULL;
+ }
+ }
+ return rc;
+@@ -200,6 +279,101 @@ static int RTLDRELF_NAME(MapBits)(PRTLDR
+ *
+ */
+
++/**
++ * Get the symbol and symbol value.
++ *
++ * @returns iprt status code.
++ * @param pModElf The ELF loader module instance data.
++ * @param BaseAddr The base address which the module is being fixedup to.
++ * @param pfnGetImport The callback function to use to resolve imports (aka unresolved externals).
++ * @param pvUser User argument to pass to the callback.
++ * @param iSym The symbol to get.
++ * @param ppSym Where to store the symbol pointer on success. (read only)
++ * @param pSymValue Where to store the symbol value on success.
++ */
++static int RTLDRELF_NAME(SymbolExecDyn)(PRTLDRMODELF pModElf, Elf_Addr BaseAddr, PFNRTLDRIMPORT pfnGetImport, void *pvUser,
++ Elf_Size iSym, const Elf_Sym **ppSym, Elf_Addr *pSymValue)
++{
++ /*
++ * Validate and find the symbol.
++ */
++ AssertMsgReturn(iSym < pModElf->Dyn.cSyms, ("iSym=%d is an invalid symbol index!\n", iSym), VERR_LDRELF_INVALID_SYMBOL_INDEX);
++ const Elf_Sym *pSym = &pModElf->Dyn.paSyms[iSym];
++ *ppSym = pSym;
++
++ AssertMsgReturn(pSym->st_name < pModElf->Dyn.cbStr,
++ ("iSym=%d st_name=%d str sh_size=%d\n", iSym, pSym->st_name, pModElf->Dyn.cbStr),
++ VERR_LDRELF_INVALID_SYMBOL_NAME_OFFSET);
++ const char * const pszName = pModElf->Dyn.pStr + pSym->st_name;
++
++ /*
++ * Determine the symbol value.
++ *
++ * Symbols needs different treatment depending on which section their are in.
++ * Undefined and absolute symbols goes into special non-existing sections.
++ */
++ switch (pSym->st_shndx)
++ {
++ /*
++ * Undefined symbol, needs resolving.
++ *
++ * Since ELF has no generic concept of importing from specific module (the OS/2 ELF format
++ * has but that's an OS extension and only applies to programs and dlls), we'll have to ask
++ * the resolver callback to do a global search.
++ */
++ case SHN_UNDEF:
++ {
++ /* Try to resolve the symbol. */
++ RTUINTPTR Value;
++ int rc = pfnGetImport(&pModElf->Core, "", pszName, ~0U, &Value, pvUser);
++ AssertMsgRCReturn(rc, ("Failed to resolve '%s' (iSym=" FMT_ELF_SIZE " rc=%Rrc\n", pszName, iSym, rc), rc);
++
++ *pSymValue = (Elf_Addr)Value;
++ AssertMsgReturn((RTUINTPTR)*pSymValue == Value,
++ ("Symbol value overflowed! '%s' (iSym=" FMT_ELF_SIZE "\n", pszName, iSym), VERR_SYMBOL_VALUE_TOO_BIG);
++
++ Log2(("rtldrELF: #%-3d - UNDEF " FMT_ELF_ADDR " '%s'\n", iSym, *pSymValue, pszName));
++ break;
++ }
++
++ /*
++ * Absolute symbols needs no fixing since they are, well, absolute.
++ */
++ case SHN_ABS:
++ *pSymValue = pSym->st_value;
++ Log2(("rtldrELF: #%-3d - ABS " FMT_ELF_ADDR " '%s'\n", iSym, *pSymValue, pszName));
++ break;
++
++ /*
++ * All other symbols are addressed relative the image base in DYN and EXEC binaries.
++ */
++ default:
++ AssertMsgReturn(pSym->st_shndx < pModElf->Ehdr.e_shnum,
++ ("iSym=%d st_shndx=%d e_shnum=%d pszName=%s\n", iSym, pSym->st_shndx, pModElf->Ehdr.e_shnum, pszName),
++ VERR_BAD_EXE_FORMAT);
++ *pSymValue = pSym->st_value + BaseAddr;
++ Log2(("rtldrELF: #%-3d - %5d " FMT_ELF_ADDR " '%s'\n", iSym, pSym->st_shndx, *pSymValue, pszName));
++ break;
++ }
++
++ return VINF_SUCCESS;
++}
++
++
++#if ELF_MODE == 32
++/** Helper for RelocateSectionExecDyn. */
++DECLINLINE(const Elf_Shdr *) RTLDRELF_NAME(RvaToSectionHeader)(PRTLDRMODELF pModElf, Elf_Addr uRva)
++{
++ const Elf_Shdr * const pShdrFirst = pModElf->paShdrs;
++ const Elf_Shdr *pShdr = pShdrFirst + pModElf->Ehdr.e_shnum;
++ while (--pShdr != pShdrFirst)
++ if (uRva - pShdr->sh_addr /*rva*/ < pShdr->sh_size)
++ return pShdr;
++ AssertFailed();
++ return pShdr;
++}
++#endif
++
+
+ /**
+ * Applies the fixups for a section in an executable image.
+@@ -230,84 +404,106 @@ static int RTLDRELF_NAME(RelocateSection
+ * Iterate the relocations.
+ * The relocations are stored in an array of Elf32_Rel records and covers the entire relocation section.
+ */
++#if ELF_MODE == 32
++ const Elf_Shdr *pShdr = pModElf->paShdrs;
+ const Elf_Addr offDelta = BaseAddr - pModElf->LinkAddress;
++#endif
+ const Elf_Reloc *paRels = (const Elf_Reloc *)pvRelocs;
+- const unsigned iRelMax = (unsigned)(cbRelocs / sizeof(paRels[0]));
++ const unsigned iRelMax = (unsigned)(cbRelocs / sizeof(paRels[0]));
+ AssertMsgReturn(iRelMax == cbRelocs / sizeof(paRels[0]), (FMT_ELF_SIZE "\n", cbRelocs / sizeof(paRels[0])),
+ VERR_IMAGE_TOO_BIG);
+ for (unsigned iRel = 0; iRel < iRelMax; iRel++)
+ {
+ /*
+- * Skip R_XXX_NONE entries early to avoid confusion in the symbol
+- * getter code.
++ * Apply fixups not taking a symbol (will 'continue' rather than 'break').
+ */
++ AssertMsgReturn(paRels[iRel].r_offset < cbSec, (FMT_ELF_ADDR " " FMT_ELF_SIZE "\n", paRels[iRel].r_offset, cbSec),
++ VERR_LDRELF_INVALID_RELOCATION_OFFSET);
+ #if ELF_MODE == 32
+- if (ELF_R_TYPE(paRels[iRel].r_info) == R_386_NONE)
+- continue;
+-#elif ELF_MODE == 64
+- if (ELF_R_TYPE(paRels[iRel].r_info) == R_X86_64_NONE)
+- continue;
++ if (paRels[iRel].r_offset - pShdr->sh_addr /*rva*/ >= pShdr->sh_size)
++ pShdr = RTLDRELF_NAME(RvaToSectionHeader)(pModElf, paRels[iRel].r_offset);
++ static const Elf_Addr s_uZero = 0;
++ const Elf_Addr *pAddrR = RT_LIKELY(pShdr->sh_type != SHT_NOBITS) /* Where to read the addend. */
++ ? (const Elf_Addr *)(pu8SecBaseR + paRels[iRel].r_offset - pShdr->sh_addr /*rva*/
++ + pShdr->sh_offset)
++ : &s_uZero;
+ #endif
+-
+- /*
+- * Validate and find the symbol, resolve undefined ones.
+- */
+- Elf_Size iSym = ELF_R_SYM(paRels[iRel].r_info);
+- if (iSym >= pModElf->cSyms)
+- {
+- AssertMsgFailed(("iSym=%d is an invalid symbol index!\n", iSym));
+- return VERR_LDRELF_INVALID_SYMBOL_INDEX;
+- }
+- const Elf_Sym *pSym = &pModElf->paSyms[iSym];
+- if (pSym->st_name >= pModElf->cbStr)
++ Elf_Addr *pAddrW = (Elf_Addr *)(pu8SecBaseW + paRels[iRel].r_offset); /* Where to write the fixup. */
++ switch (ELF_R_TYPE(paRels[iRel].r_info))
+ {
+- AssertMsgFailed(("iSym=%d st_name=%d str sh_size=%d\n", iSym, pSym->st_name, pModElf->cbStr));
+- return VERR_LDRELF_INVALID_SYMBOL_NAME_OFFSET;
+- }
++ /*
++ * Image relative (addend + base).
++ */
++#if ELF_MODE == 32
++ case R_386_RELATIVE:
++ {
++ const Elf_Addr Value = *pAddrR + BaseAddr;
++ *(uint32_t *)pAddrW = Value;
++ Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_386_RELATIVE Value=" FMT_ELF_ADDR "\n",
++ SecAddr + paRels[iRel].r_offset + BaseAddr, paRels[iRel].r_offset, Value));
++ AssertCompile(sizeof(Value) == sizeof(uint32_t));
++ continue;
++ }
++#elif ELF_MODE == 64
++ case R_X86_64_RELATIVE:
++ {
++ const Elf_Addr Value = paRels[iRel].r_addend + BaseAddr;
++ *(uint64_t *)pAddrW = (uint64_t)Value;
++ Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_X86_64_RELATIVE Value=" FMT_ELF_ADDR "\n",
++ SecAddr + paRels[iRel].r_offset + BaseAddr, paRels[iRel].r_offset, Value));
++ AssertCompile(sizeof(Value) == sizeof(uint64_t));
++ continue;
++ }
++#endif
+
+- Elf_Addr SymValue = 0;
+- if (pSym->st_shndx == SHN_UNDEF)
+- {
+- /* Try to resolve the symbol. */
+- const char *pszName = ELF_STR(pModElf, pSym->st_name);
+- RTUINTPTR ExtValue;
+- int rc = pfnGetImport(&pModElf->Core, "", pszName, ~0U, &ExtValue, pvUser);
+- AssertMsgRCReturn(rc, ("Failed to resolve '%s' rc=%Rrc\n", pszName, rc), rc);
+- SymValue = (Elf_Addr)ExtValue;
+- AssertMsgReturn((RTUINTPTR)SymValue == ExtValue, ("Symbol value overflowed! '%s'\n", pszName),
+- VERR_SYMBOL_VALUE_TOO_BIG);
+- Log2(("rtldrELF: #%-3d - UNDEF " FMT_ELF_ADDR " '%s'\n", iSym, SymValue, pszName));
+- }
+- else
+- {
+- AssertMsgReturn(pSym->st_shndx < pModElf->Ehdr.e_shnum || pSym->st_shndx == SHN_ABS, ("%#x\n", pSym->st_shndx),
+- VERR_LDRELF_INVALID_RELOCATION_OFFSET);
+-#if ELF_MODE == 64
+- SymValue = pSym->st_value;
++ /*
++ * R_XXX_NONE.
++ */
++#if ELF_MODE == 32
++ case R_386_NONE:
++#elif ELF_MODE == 64
++ case R_X86_64_NONE:
+ #endif
++ continue;
+ }
+
+-#if ELF_MODE == 64
+- /* Calc the value (indexes checked above; assumes SHN_UNDEF == 0). */
+- Elf_Addr Value;
+- if (pSym->st_shndx < pModElf->Ehdr.e_shnum)
+- Value = SymValue + offDelta;
+- else /* SHN_ABS: */
+- Value = SymValue + paRels[iRel].r_addend;
+-#endif
++ /*
++ * Validate and find the symbol, resolve undefined ones.
++ */
++ const Elf_Sym *pSym = NULL; /* shut up gcc */
++ Elf_Addr SymValue = 0; /* shut up gcc-4 */
++ int rc = RTLDRELF_NAME(SymbolExecDyn)(pModElf, BaseAddr, pfnGetImport, pvUser, ELF_R_SYM(paRels[iRel].r_info), &pSym, &SymValue);
++ if (RT_FAILURE(rc))
++ return rc;
+
+ /*
+ * Apply the fixup.
+ */
+- AssertMsgReturn(paRels[iRel].r_offset < cbSec, (FMT_ELF_ADDR " " FMT_ELF_SIZE "\n", paRels[iRel].r_offset, cbSec), VERR_LDRELF_INVALID_RELOCATION_OFFSET);
+-#if ELF_MODE == 32
+- const Elf_Addr *pAddrR = (const Elf_Addr *)(pu8SecBaseR + paRels[iRel].r_offset); /* Where to read the addend. */
+-#endif
+- Elf_Addr *pAddrW = (Elf_Addr *)(pu8SecBaseW + paRels[iRel].r_offset); /* Where to write the fixup. */
+ switch (ELF_R_TYPE(paRels[iRel].r_info))
+ {
+ #if ELF_MODE == 32
+ /*
++ * GOT/PLT.
++ */
++ case R_386_GLOB_DAT:
++ {
++ *(uint32_t *)pAddrW = (uint32_t)SymValue;
++ Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_386_GLOB_DAT Value=" FMT_ELF_ADDR "\n",
++ SecAddr + paRels[iRel].r_offset + BaseAddr, paRels[iRel].r_offset, SymValue));
++ AssertCompile(sizeof(SymValue) == sizeof(uint32_t));
++ break;
++ }
++
++ case R_386_JMP_SLOT:
++ {
++ *(uint32_t *)pAddrW = (uint32_t)SymValue;
++ Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_386_JMP_SLOT Value=" FMT_ELF_ADDR "\n",
++ SecAddr + paRels[iRel].r_offset + BaseAddr, paRels[iRel].r_offset, SymValue));
++ AssertCompile(sizeof(SymValue) == sizeof(uint32_t));
++ break;
++ }
++
++ /*
+ * Absolute addressing.
+ */
+ case R_386_32:
+@@ -322,7 +518,8 @@ static int RTLDRELF_NAME(RelocateSection
+ else
+ AssertFailedReturn(VERR_LDR_GENERAL_FAILURE); /** @todo SHN_COMMON */
+ *(uint32_t *)pAddrW = Value;
+- Log4((FMT_ELF_ADDR": R_386_32 Value=" FMT_ELF_ADDR "\n", SecAddr + paRels[iRel].r_offset + BaseAddr, Value));
++ Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_386_32 Value=" FMT_ELF_ADDR "\n",
++ SecAddr + paRels[iRel].r_offset + BaseAddr, paRels[iRel].r_offset, Value));
+ break;
+ }
+
+@@ -344,20 +541,42 @@ static int RTLDRELF_NAME(RelocateSection
+ }
+ else
+ AssertFailedReturn(VERR_LDR_GENERAL_FAILURE); /** @todo SHN_COMMON */
+- Log4((FMT_ELF_ADDR": R_386_PC32 Value=" FMT_ELF_ADDR "\n", SecAddr + paRels[iRel].r_offset + BaseAddr, Value));
++ Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_386_PC32 Value=" FMT_ELF_ADDR "\n",
++ SecAddr + paRels[iRel].r_offset + BaseAddr, paRels[iRel].r_offset, Value));
+ break;
+ }
+
+ #elif ELF_MODE == 64
++ /*
++ * GOT/PLT.
++ */
++ case R_X86_64_GLOB_DAT:
++ {
++ *(uint64_t *)pAddrW = (uint64_t)SymValue;
++ Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_X86_64_GLOB_DAT Value=" FMT_ELF_ADDR "\n",
++ SecAddr + paRels[iRel].r_offset + BaseAddr, paRels[iRel].r_offset, SymValue));
++ AssertCompile(sizeof(SymValue) == sizeof(uint64_t));
++ break;
++ }
++
++ case R_X86_64_JMP_SLOT:
++ {
++ *(uint64_t *)pAddrW = (uint64_t)SymValue;
++ Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_X86_64_JMP_SLOT Value=" FMT_ELF_ADDR "\n",
++ SecAddr + paRels[iRel].r_offset + BaseAddr, paRels[iRel].r_offset, SymValue));
++ AssertCompile(sizeof(SymValue) == sizeof(uint64_t));
++ break;
++ }
+
+ /*
+- * Absolute addressing
++ * Absolute addressing.
+ */
+ case R_X86_64_64:
+ {
++ const Elf_Addr Value = SymValue + paRels[iRel].r_addend;
+ *(uint64_t *)pAddrW = Value;
+- Log4((FMT_ELF_ADDR": R_X86_64_64 Value=" FMT_ELF_ADDR " SymValue=" FMT_ELF_ADDR "\n",
+- SecAddr + paRels[iRel].r_offset + BaseAddr, Value, SymValue));
++ Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_X86_64_64 Value=" FMT_ELF_ADDR " SymValue=" FMT_ELF_ADDR "\n",
++ SecAddr + paRels[iRel].r_offset + BaseAddr, paRels[iRel].r_offset, Value, SymValue));
+ break;
+ }
+
+@@ -366,9 +585,10 @@ static int RTLDRELF_NAME(RelocateSection
+ */
+ case R_X86_64_32:
+ {
++ const Elf_Addr Value = SymValue + paRels[iRel].r_addend;
+ *(uint32_t *)pAddrW = (uint32_t)Value;
+- Log4((FMT_ELF_ADDR": R_X86_64_32 Value=" FMT_ELF_ADDR " SymValue=" FMT_ELF_ADDR "\n",
+- SecAddr + paRels[iRel].r_offset + BaseAddr, Value, SymValue));
++ Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_X86_64_32 Value=" FMT_ELF_ADDR " SymValue=" FMT_ELF_ADDR "\n",
++ SecAddr + paRels[iRel].r_offset + BaseAddr, paRels[iRel].r_offset, Value, SymValue));
+ AssertMsgReturn((Elf_Addr)*(uint32_t *)pAddrW == SymValue, ("Value=" FMT_ELF_ADDR "\n", SymValue),
+ VERR_SYMBOL_VALUE_TOO_BIG);
+ break;
+@@ -379,9 +599,10 @@ static int RTLDRELF_NAME(RelocateSection
+ */
+ case R_X86_64_32S:
+ {
++ const Elf_Addr Value = SymValue + paRels[iRel].r_addend;
+ *(int32_t *)pAddrW = (int32_t)Value;
+- Log4((FMT_ELF_ADDR": R_X86_64_32S Value=" FMT_ELF_ADDR " SymValue=" FMT_ELF_ADDR "\n",
+- SecAddr + paRels[iRel].r_offset + BaseAddr, Value, SymValue));
++ Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_X86_64_32S Value=" FMT_ELF_ADDR " SymValue=" FMT_ELF_ADDR "\n",
++ SecAddr + paRels[iRel].r_offset + BaseAddr, paRels[iRel].r_offset, Value, SymValue));
+ AssertMsgReturn((Elf_Addr)*(int32_t *)pAddrW == Value, ("Value=" FMT_ELF_ADDR "\n", Value), VERR_SYMBOL_VALUE_TOO_BIG); /** @todo check the sign-extending here. */
+ break;
+ }
+@@ -390,18 +611,17 @@ static int RTLDRELF_NAME(RelocateSection
+ * PC relative addressing.
+ */
+ case R_X86_64_PC32:
+- case R_X86_64_PLT32: /* binutils commit 451875b4f976a527395e9303224c7881b65e12ed feature/regression. */
+ {
+- const Elf_Addr SourceAddr = SecAddr + paRels[iRel].r_offset + BaseAddr; /* Where the source really is. */
+- Value -= SourceAddr;
++ const Elf_Addr SourceAddr = SecAddr + paRels[iRel].r_offset + BaseAddr; /* Where the source really is. */
++ const Elf_Addr Value = SymValue + paRels[iRel].r_addend - SourceAddr;
+ *(int32_t *)pAddrW = (int32_t)Value;
+- Log4((FMT_ELF_ADDR": R_X86_64_PC32 Value=" FMT_ELF_ADDR " SymValue=" FMT_ELF_ADDR "\n",
+- SourceAddr, Value, SymValue));
++ Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_X86_64_PC32 Value=" FMT_ELF_ADDR " SymValue=" FMT_ELF_ADDR "\n",
++ SourceAddr, paRels[iRel].r_offset, Value, SymValue));
+ AssertMsgReturn((Elf_Addr)*(int32_t *)pAddrW == Value, ("Value=" FMT_ELF_ADDR "\n", Value), VERR_SYMBOL_VALUE_TOO_BIG); /** @todo check the sign-extending here. */
+ break;
+ }
+-#endif
+
++#endif
+ default:
+ AssertMsgFailed(("Unknown relocation type: %d (iRel=%d iRelMax=%d)\n",
+ ELF_R_TYPE(paRels[iRel].r_info), iRel, iRelMax));
+@@ -442,19 +662,13 @@ static int RTLDRELF_NAME(Symbol)(PRTLDRM
+ /*
+ * Validate and find the symbol.
+ */
+- if (iSym >= pModElf->cSyms)
+- {
+- AssertMsgFailed(("iSym=%d is an invalid symbol index!\n", iSym));
+- return VERR_LDRELF_INVALID_SYMBOL_INDEX;
+- }
+- const Elf_Sym *pSym = &pModElf->paSyms[iSym];
++ AssertMsgReturn(iSym < pModElf->Rel.cSyms, ("iSym=%d is an invalid symbol index!\n", iSym), VERR_LDRELF_INVALID_SYMBOL_INDEX);
++ const Elf_Sym *pSym = &pModElf->Rel.paSyms[iSym];
+ *ppSym = pSym;
+
+- if (pSym->st_name >= pModElf->cbStr)
+- {
+- AssertMsgFailed(("iSym=%d st_name=%d str sh_size=%d\n", iSym, pSym->st_name, pModElf->cbStr));
+- return VERR_LDRELF_INVALID_SYMBOL_NAME_OFFSET;
+- }
++ AssertMsgReturn(pSym->st_name < pModElf->Rel.cbStr,
++ ("iSym=%d st_name=%d str sh_size=%d\n", iSym, pSym->st_name, pModElf->Rel.cbStr),
++ VERR_LDRELF_INVALID_SYMBOL_NAME_OFFSET);
+ const char *pszName = ELF_STR(pModElf, pSym->st_name);
+
+ /*
+@@ -469,7 +683,7 @@ static int RTLDRELF_NAME(Symbol)(PRTLDRM
+ * Undefined symbol, needs resolving.
+ *
+ * Since ELF has no generic concept of importing from specific module (the OS/2 ELF format
+- * has but that's a OS extension and only applies to programs and dlls), we'll have to ask
++ * has but that's an OS extension and only applies to programs and dlls), we'll have to ask
+ * the resolver callback to do a global search.
+ */
+ case SHN_UNDEF:
+@@ -477,17 +691,12 @@ static int RTLDRELF_NAME(Symbol)(PRTLDRM
+ /* Try to resolve the symbol. */
+ RTUINTPTR Value;
+ int rc = pfnGetImport(&pModElf->Core, "", pszName, ~0U, &Value, pvUser);
+- if (RT_FAILURE(rc))
+- {
+- AssertMsgFailed(("Failed to resolve '%s' rc=%Rrc\n", pszName, rc));
+- return rc;
+- }
++ AssertMsgRCReturn(rc, ("Failed to resolve '%s' (iSym=" FMT_ELF_SIZE " rc=%Rrc\n", pszName, iSym, rc), rc);
+ *pSymValue = (Elf_Addr)Value;
+- if ((RTUINTPTR)*pSymValue != Value)
+- {
+- AssertMsgFailed(("Symbol value overflowed! '%s'\n", pszName));
+- return VERR_SYMBOL_VALUE_TOO_BIG;
+- }
++
++ AssertMsgReturn((RTUINTPTR)*pSymValue == Value,
++ ("Symbol value overflowed! '%s' (iSym=" FMT_ELF_SIZE ")\n", pszName, iSym),
++ VERR_SYMBOL_VALUE_TOO_BIG);
+
+ Log2(("rtldrELF: #%-3d - UNDEF " FMT_ELF_ADDR " '%s'\n", iSym, *pSymValue, pszName));
+ break;
+@@ -536,9 +745,9 @@ static int RTLDRELF_NAME(Symbol)(PRTLDRM
+ * @param pvRelocs Pointer to where we read the relocations from.
+ * @param cbRelocs Size of the relocations.
+ */
+-static int RTLDRELF_NAME(RelocateSection)(PRTLDRMODELF pModElf, Elf_Addr BaseAddr, PFNRTLDRIMPORT pfnGetImport, void *pvUser,
+- const Elf_Addr SecAddr, Elf_Size cbSec, const uint8_t *pu8SecBaseR, uint8_t *pu8SecBaseW,
+- const void *pvRelocs, Elf_Size cbRelocs)
++static int RTLDRELF_NAME(RelocateSectionRel)(PRTLDRMODELF pModElf, Elf_Addr BaseAddr, PFNRTLDRIMPORT pfnGetImport, void *pvUser,
++ const Elf_Addr SecAddr, Elf_Size cbSec, const uint8_t *pu8SecBaseR,
++ uint8_t *pu8SecBaseW, const void *pvRelocs, Elf_Size cbRelocs)
+ {
+ #if ELF_MODE != 32
+ NOREF(pu8SecBaseR);
+@@ -702,6 +911,18 @@ static DECLCALLBACK(int) RTLDRELF_NAME(C
+ pModElf->paShdrs = NULL;
+ }
+
++ if (pModElf->paPhdrs)
++ {
++ RTMemFree(pModElf->paPhdrs);
++ pModElf->paPhdrs = NULL;
++ }
++
++ if (pModElf->paDynamic)
++ {
++ RTMemFree(pModElf->paDynamic);
++ pModElf->paDynamic = NULL;
++ }
++
+ if (pModElf->pvBits)
+ {
+ pModElf->Core.pReader->pfnUnmap(pModElf->Core.pReader, pModElf->pvBits);
+@@ -721,9 +942,9 @@ static DECLCALLBACK(int) RTLDRELF_NAME(D
+ }
+
+
+-/** @copydoc RTLDROPS::EnumSymbols */
+-static DECLCALLBACK(int) RTLDRELF_NAME(EnumSymbols)(PRTLDRMODINTERNAL pMod, unsigned fFlags, const void *pvBits, RTUINTPTR BaseAddress,
+- PFNRTLDRENUMSYMS pfnCallback, void *pvUser)
++/** @copydoc RTLDROPS::pfnEnumSymbols */
++static DECLCALLBACK(int) RTLDRELF_NAME(EnumSymbols)(PRTLDRMODINTERNAL pMod, unsigned fFlags, const void *pvBits,
++ RTUINTPTR BaseAddress, PFNRTLDRENUMSYMS pfnCallback, void *pvUser)
+ {
+ PRTLDRMODELF pModElf = (PRTLDRMODELF)pMod;
+ NOREF(pvBits);
+@@ -744,8 +965,20 @@ static DECLCALLBACK(int) RTLDRELF_NAME(E
+ /*
+ * Enumerate the symbol table.
+ */
+- const Elf_Sym *paSyms = pModElf->paSyms;
+- unsigned cSyms = pModElf->cSyms;
++ const Elf_Sym *paSyms = pModElf->Rel.paSyms;
++ unsigned cSyms = pModElf->Rel.cSyms;
++ const char *pszzStr = pModElf->Rel.pStr;
++ unsigned cbStr = pModElf->Rel.cbStr;
++ if ( ( !(fFlags & RTLDR_ENUM_SYMBOL_FLAGS_ALL)
++ && pModElf->Dyn.cSyms > 0)
++ || cSyms == 0)
++ {
++ paSyms = pModElf->Dyn.paSyms;
++ cSyms = pModElf->Dyn.cSyms;
++ pszzStr = pModElf->Dyn.pStr;
++ cbStr = pModElf->Dyn.cbStr;
++ }
++
+ for (unsigned iSym = 1; iSym < cSyms; iSym++)
+ {
+ /*
+@@ -774,22 +1007,21 @@ static DECLCALLBACK(int) RTLDRELF_NAME(E
+ return VERR_BAD_EXE_FORMAT;
+ }
+
+- AssertMsgReturn(paSyms[iSym].st_name < pModElf->cbStr,
++ AssertMsgReturn(paSyms[iSym].st_name < cbStr,
+ ("String outside string table! iSym=%d paSyms[iSym].st_name=%#x\n", iSym, paSyms[iSym].st_name),
+ VERR_LDRELF_INVALID_SYMBOL_NAME_OFFSET);
++ const char * const pszName = pszzStr + paSyms[iSym].st_name;
+
+- const char *pszName = ELF_STR(pModElf, paSyms[iSym].st_name);
+ /* String termination was already checked when the string table was mapped. */
+- if ( (pszName && *pszName)
++ if ( *pszName != '\0'
+ && ( (fFlags & RTLDR_ENUM_SYMBOL_FLAGS_ALL)
+- || ELF_ST_BIND(paSyms[iSym].st_info) == STB_GLOBAL)
+- )
++ || ELF_ST_BIND(paSyms[iSym].st_info) == STB_GLOBAL) )
+ {
+ /*
+ * Call back.
+ */
+ AssertMsgReturn(Value == (RTUINTPTR)Value, (FMT_ELF_ADDR "\n", Value), VERR_SYMBOL_VALUE_TOO_BIG);
+- rc = pfnCallback(pMod, pszName, ~0U, (RTUINTPTR)Value, pvUser);
++ rc = pfnCallback(pMod, pszName, iSym, (RTUINTPTR)Value, pvUser);
+ if (rc)
+ return rc;
+ }
+@@ -820,13 +1052,11 @@ static DECLCALLBACK(int) RTLDRELF_NAME(G
+ switch (pModElf->Ehdr.e_type)
+ {
+ case ET_REL:
++ case ET_DYN:
+ break;
+ case ET_EXEC:
+ Log(("RTLdrELF: %s: Executable images are not supported yet!\n", pModElf->Core.pReader->pfnLogName(pModElf->Core.pReader)));
+ return VERR_LDRELF_EXEC;
+- case ET_DYN:
+- Log(("RTLdrELF: %s: Dynamic images are not supported yet!\n", pModElf->Core.pReader->pfnLogName(pModElf->Core.pReader)));
+- return VERR_LDRELF_DYN;
+ default: AssertFailedReturn(VERR_BAD_EXE_FORMAT);
+ }
+
+@@ -885,13 +1115,11 @@ static DECLCALLBACK(int) RTLDRELF_NAME(R
+ switch (pModElf->Ehdr.e_type)
+ {
+ case ET_REL:
++ case ET_DYN:
+ break;
+ case ET_EXEC:
+ Log(("RTLdrELF: %s: Executable images are not supported yet!\n", pszLogName));
+ return VERR_LDRELF_EXEC;
+- case ET_DYN:
+- Log(("RTLdrELF: %s: Dynamic images are not supported yet!\n", pszLogName));
+- return VERR_LDRELF_DYN;
+ default: AssertFailedReturn(VERR_BAD_EXE_FORMAT);
+ }
+
+@@ -910,8 +1138,9 @@ static DECLCALLBACK(int) RTLDRELF_NAME(R
+
+ /*
+ * Iterate the sections looking for interesting SHT_REL[A] sections.
+- * SHT_REL[A] sections have the section index of the section they contain fixups
+- * for in the sh_info member.
++ *
++ * In ET_REL files the SHT_REL[A] sections have the section index of
++ * the section they contain fixups for in the sh_info member.
+ */
+ const Elf_Shdr *paShdrs = pModElf->paShdrs;
+ Log2(("rtLdrElf: %s: Fixing up image\n", pszLogName));
+@@ -928,36 +1157,37 @@ static DECLCALLBACK(int) RTLDRELF_NAME(R
+ if (pShdrRel->sh_type != SHT_RELA)
+ #endif
+ continue;
+- if (pShdrRel->sh_info >= pModElf->Ehdr.e_shnum)
+- continue;
+- const Elf_Shdr *pShdr = &paShdrs[pShdrRel->sh_info]; /* the section to fixup. */
+- if (!(pShdr->sh_flags & SHF_ALLOC))
+- continue;
+-
+- /*
+- * Relocate the section.
+- */
+- Log2(("rtldrELF: %s: Relocation records for #%d [%s] (sh_info=%d sh_link=%d) found in #%d [%s] (sh_info=%d sh_link=%d)\n",
+- pszLogName, (int)pShdrRel->sh_info, ELF_SH_STR(pModElf, pShdr->sh_name), (int)pShdr->sh_info, (int)pShdr->sh_link,
+- iShdr, ELF_SH_STR(pModElf, pShdrRel->sh_name), (int)pShdrRel->sh_info, (int)pShdrRel->sh_link));
+-
+- /** @todo Make RelocateSection a function pointer so we can select the one corresponding to the machine when opening the image. */
+ if (pModElf->Ehdr.e_type == ET_REL)
+- rc = RTLDRELF_NAME(RelocateSection)(pModElf, BaseAddr, pfnGetImport, pvUser,
+- pShdr->sh_addr,
+- pShdr->sh_size,
+- (const uint8_t *)pModElf->pvBits + pShdr->sh_offset,
+- (uint8_t *)pvBits + pShdr->sh_addr,
+- (const uint8_t *)pModElf->pvBits + pShdrRel->sh_offset,
+- pShdrRel->sh_size);
++ {
++ if (pShdrRel->sh_info >= pModElf->Ehdr.e_shnum)
++ continue;
++ const Elf_Shdr *pShdr = &paShdrs[pShdrRel->sh_info]; /* the section to fixup. */
++ if (!(pShdr->sh_flags & SHF_ALLOC))
++ continue;
++
++ /*
++ * Relocate the section.
++ */
++ Log2(("rtldrELF: %s: Relocation records for #%d [%s] (sh_info=%d sh_link=%d) found in #%d [%s] (sh_info=%d sh_link=%d)\n",
++ pszLogName, (int)pShdrRel->sh_info, ELF_SH_STR(pModElf, pShdr->sh_name), (int)pShdr->sh_info, (int)pShdr->sh_link,
++ iShdr, ELF_SH_STR(pModElf, pShdrRel->sh_name), (int)pShdrRel->sh_info, (int)pShdrRel->sh_link));
++
++ rc = RTLDRELF_NAME(RelocateSectionRel)(pModElf, BaseAddr, pfnGetImport, pvUser,
++ pShdr->sh_addr,
++ pShdr->sh_size,
++ (const uint8_t *)pModElf->pvBits + pShdr->sh_offset,
++ (uint8_t *)pvBits + pShdr->sh_addr,
++ (const uint8_t *)pModElf->pvBits + pShdrRel->sh_offset,
++ pShdrRel->sh_size);
++ }
+ else
+ rc = RTLDRELF_NAME(RelocateSectionExecDyn)(pModElf, BaseAddr, pfnGetImport, pvUser,
+- pShdr->sh_addr,
+- pShdr->sh_size,
+- (const uint8_t *)pModElf->pvBits + pShdr->sh_offset,
+- (uint8_t *)pvBits + pShdr->sh_addr,
++ 0, (Elf_Size)pModElf->cbImage,
++ (const uint8_t *)pModElf->pvBits /** @todo file offset ?? */,
++ (uint8_t *)pvBits,
+ (const uint8_t *)pModElf->pvBits + pShdrRel->sh_offset,
+ pShdrRel->sh_size);
++
+ if (RT_FAILURE(rc))
+ return rc;
+ }
+@@ -1016,11 +1246,20 @@ static DECLCALLBACK(int) RTLDRELF_NAME(G
+ /*
+ * Calc all kinds of pointers before we start iterating the symbol table.
+ */
+- const Elf_Sym *paSyms = pModElf->paSyms;
+- unsigned cSyms = pModElf->cSyms;
++ const Elf_Sym *paSyms = pModElf->Rel.paSyms;
++ unsigned cSyms = pModElf->Rel.cSyms;
++ const char *pszzStr = pModElf->Rel.pStr;
++ unsigned cbStr = pModElf->Rel.cbStr;
++ if (pModElf->Dyn.cSyms > 0)
++ {
++ paSyms = pModElf->Dyn.paSyms;
++ cSyms = pModElf->Dyn.cSyms;
++ pszzStr = pModElf->Dyn.pStr;
++ cbStr = pModElf->Dyn.cbStr;
++ }
++
+ if (iOrdinal == UINT32_MAX)
+ {
+- const char *pStr = pModElf->pStr;
+ for (unsigned iSym = 1; iSym < cSyms; iSym++)
+ {
+ /* Undefined symbols are not exports, they are imports. */
+@@ -1029,18 +1268,13 @@ static DECLCALLBACK(int) RTLDRELF_NAME(G
+ || ELF_ST_BIND(paSyms[iSym].st_info) == STB_WEAK))
+ {
+ /* Validate the name string and try match with it. */
+- if (paSyms[iSym].st_name < pModElf->cbStr)
+- {
+- if (!strcmp(pszSymbol, pStr + paSyms[iSym].st_name))
+- {
+- /* matched! */
+- return RTLDRELF_NAME(ReturnSymbol)(pModElf, &paSyms[iSym], uBaseAddr, pValue);
+- }
+- }
+- else
++ AssertMsgReturn(paSyms[iSym].st_name < cbStr,
++ ("String outside string table! iSym=%d paSyms[iSym].st_name=%#x\n", iSym, paSyms[iSym].st_name),
++ VERR_LDRELF_INVALID_SYMBOL_NAME_OFFSET);
++ if (!strcmp(pszSymbol, pszzStr + paSyms[iSym].st_name))
+ {
+- AssertMsgFailed(("String outside string table! iSym=%d paSyms[iSym].st_name=%#x\n", iSym, paSyms[iSym].st_name));
+- return VERR_LDRELF_INVALID_SYMBOL_NAME_OFFSET;
++ /* matched! */
++ return RTLDRELF_NAME(ReturnSymbol)(pModElf, &paSyms[iSym], uBaseAddr, pValue);
+ }
+ }
+ }
+@@ -1127,23 +1361,47 @@ static DECLCALLBACK(int) RTLDRELF_NAME(E
+
+
+ /**
+- * Helper that locates the first allocated section.
++ * Locate the next allocated section by RVA (sh_addr).
++ *
++ * This is a helper for EnumSegments and SegOffsetToRva.
+ *
+ * @returns Pointer to the section header if found, NULL if none.
+- * @param pShdr The section header to start searching at.
+- * @param cLeft The number of section headers left to search. Can be 0.
++ * @param pModElf The module instance.
++ * @param iShdrCur The current section header.
+ */
+-static const Elf_Shdr *RTLDRELF_NAME(GetFirstAllocatedSection)(const Elf_Shdr *pShdr, unsigned cLeft)
++static const Elf_Shdr *RTLDRELF_NAME(GetNextAllocatedSection)(PRTLDRMODELF pModElf, unsigned iShdrCur)
+ {
+- while (cLeft-- > 0)
++ unsigned const cShdrs = pModElf->Ehdr.e_shnum;
++ const Elf_Shdr * const paShdrs = pModElf->paShdrs;
++ if (pModElf->fShdrInOrder)
++ {
++ for (unsigned iShdr = iShdrCur + 1; iShdr < cShdrs; iShdr++)
++ if (paShdrs[iShdr].sh_flags & SHF_ALLOC)
++ return &paShdrs[iShdr];
++ }
++ else
+ {
+- if (pShdr->sh_flags & SHF_ALLOC)
+- return pShdr;
+- pShdr++;
++ Elf_Addr const uEndCur = paShdrs[iShdrCur].sh_addr + paShdrs[iShdrCur].sh_size;
++ Elf_Addr offBest = ~(Elf_Addr)0;
++ unsigned iBest = cShdrs;
++ for (unsigned iShdr = pModElf->iFirstSect; iShdr < cShdrs; iShdr++)
++ if ((paShdrs[iShdr].sh_flags & SHF_ALLOC) && iShdr != iShdrCur)
++ {
++ Elf_Addr const offDelta = paShdrs[iShdr].sh_addr - uEndCur;
++ if ( offDelta < offBest
++ && paShdrs[iShdr].sh_addr >= uEndCur)
++ {
++ offBest = offDelta;
++ iBest = iShdr;
++ }
++ }
++ if (iBest < cShdrs)
++ return &paShdrs[iBest];
+ }
+ return NULL;
+ }
+
++
+ /** @copydoc RTLDROPS::pfnEnumSegments. */
+ static DECLCALLBACK(int) RTLDRELF_NAME(EnumSegments)(PRTLDRMODINTERNAL pMod, PFNRTLDRENUMSEGS pfnCallback, void *pvUser)
+ {
+@@ -1163,15 +1421,23 @@ static DECLCALLBACK(int) RTLDRELF_NAME(E
+ Elf_Addr uPrevMappedRva = 0;
+ const Elf_Shdr *paShdrs = pModElf->paShdrs;
+ const Elf_Shdr *paOrgShdrs = pModElf->paOrgShdrs;
+- for (unsigned iShdr = 1; iShdr < pModElf->Ehdr.e_shnum; iShdr++)
++ for (unsigned iShdr = pModElf->iFirstSect; iShdr < pModElf->Ehdr.e_shnum; iShdr++)
+ {
+ RTLDRSEG Seg;
+- Seg.pszName = ELF_SH_STR(pModElf, paShdrs[iShdr].sh_name);
+- Seg.cchName = (uint32_t)strlen(Seg.pszName);
+- if (Seg.cchName == 0)
++ if (iShdr != 0)
++ {
++ Seg.pszName = ELF_SH_STR(pModElf, paShdrs[iShdr].sh_name);
++ Seg.cchName = (uint32_t)strlen(Seg.pszName);
++ if (Seg.cchName == 0)
++ {
++ Seg.pszName = szName;
++ Seg.cchName = (uint32_t)RTStrPrintf(szName, sizeof(szName), "UnamedSect%02u", iShdr);
++ }
++ }
++ else
+ {
+- Seg.pszName = szName;
+- Seg.cchName = (uint32_t)RTStrPrintf(szName, sizeof(szName), "UnamedSect%02u", iShdr);
++ Seg.pszName = ".elf.headers";
++ Seg.cchName = 12;
+ }
+ Seg.SelFlat = 0;
+ Seg.Sel16bit = 0;
+@@ -1187,14 +1453,11 @@ static DECLCALLBACK(int) RTLDRELF_NAME(E
+ {
+ Seg.LinkAddress = paOrgShdrs[iShdr].sh_addr;
+ Seg.RVA = paShdrs[iShdr].sh_addr;
+- const Elf_Shdr *pShdr2 = RTLDRELF_NAME(GetFirstAllocatedSection)(&paShdrs[iShdr + 1],
+- pModElf->Ehdr.e_shnum - iShdr - 1);
+- if ( pShdr2
+- && pShdr2->sh_addr >= paShdrs[iShdr].sh_addr
+- && Seg.RVA >= uPrevMappedRva)
++ const Elf_Shdr *pShdr2 = RTLDRELF_NAME(GetNextAllocatedSection)(pModElf, iShdr);
++ if (pShdr2)
+ Seg.cbMapped = pShdr2->sh_addr - paShdrs[iShdr].sh_addr;
+ else
+- Seg.cbMapped = RT_MAX(paShdrs[iShdr].sh_size, paShdrs[iShdr].sh_addralign);
++ Seg.cbMapped = pModElf->cbImage - paShdrs[iShdr].sh_addr;
+ uPrevMappedRva = Seg.RVA;
+ }
+ else
+@@ -1230,10 +1493,11 @@ static DECLCALLBACK(int) RTLDRELF_NAME(L
+ PRTLDRMODELF pModElf = (PRTLDRMODELF)pMod;
+
+ const Elf_Shdr *pShdrEnd = NULL;
+- unsigned cLeft = pModElf->Ehdr.e_shnum - 1;
+- const Elf_Shdr *pShdr = &pModElf->paOrgShdrs[cLeft];
++ unsigned cLeft = pModElf->Ehdr.e_shnum - pModElf->iFirstSect;
++ const Elf_Shdr *pShdr = &pModElf->paOrgShdrs[pModElf->Ehdr.e_shnum];
+ while (cLeft-- > 0)
+ {
++ pShdr--;
+ if (pShdr->sh_flags & SHF_ALLOC)
+ {
+ RTLDRADDR offSeg = LinkAddress - pShdr->sh_addr;
+@@ -1246,13 +1510,12 @@ static DECLCALLBACK(int) RTLDRELF_NAME(L
+ if (offSeg == pShdr->sh_size)
+ pShdrEnd = pShdr;
+ }
+- pShdr--;
+ }
+
+ if (pShdrEnd)
+ {
+ *poffSeg = pShdrEnd->sh_size;
+- *piSeg = pShdrEnd - pModElf->paOrgShdrs - 1;
++ *piSeg = pShdrEnd - pModElf->paOrgShdrs - pModElf->iFirstSect;
+ return VINF_SUCCESS;
+ }
+
+@@ -1268,7 +1531,7 @@ static DECLCALLBACK(int) RTLDRELF_NAME(L
+ RTLDRADDR offSeg;
+ int rc = RTLDRELF_NAME(LinkAddressToSegOffset)(pMod, LinkAddress, &iSeg, &offSeg);
+ if (RT_SUCCESS(rc))
+- *pRva = pModElf->paShdrs[iSeg + 1].sh_addr + offSeg;
++ *pRva = pModElf->paShdrs[iSeg + pModElf->iFirstSect].sh_addr + offSeg;
+ return rc;
+ }
+
+@@ -1278,14 +1541,13 @@ static DECLCALLBACK(int) RTLDRELF_NAME(S
+ PRTLDRADDR pRva)
+ {
+ PRTLDRMODELF pModElf = (PRTLDRMODELF)pMod;
+- if (iSeg >= pModElf->Ehdr.e_shnum - 1U)
++ if (iSeg >= pModElf->Ehdr.e_shnum - pModElf->iFirstSect)
+ return VERR_LDR_INVALID_SEG_OFFSET;
+
+- iSeg++; /* skip section 0 */
++ iSeg += pModElf->iFirstSect; /* skip section 0 if not used */
+ if (offSeg > pModElf->paShdrs[iSeg].sh_size)
+ {
+- const Elf_Shdr *pShdr2 = RTLDRELF_NAME(GetFirstAllocatedSection)(&pModElf->paShdrs[iSeg + 1],
+- pModElf->Ehdr.e_shnum - iSeg - 1);
++ const Elf_Shdr *pShdr2 = RTLDRELF_NAME(GetNextAllocatedSection)(pModElf, iSeg);
+ if ( !pShdr2
+ || offSeg > (pShdr2->sh_addr - pModElf->paShdrs[iSeg].sh_addr))
+ return VERR_LDR_INVALID_SEG_OFFSET;
+@@ -1303,13 +1565,13 @@ static DECLCALLBACK(int) RTLDRELF_NAME(S
+ static DECLCALLBACK(int) RTLDRELF_NAME(RvaToSegOffset)(PRTLDRMODINTERNAL pMod, RTLDRADDR Rva,
+ uint32_t *piSeg, PRTLDRADDR poffSeg)
+ {
+- PRTLDRMODELF pModElf = (PRTLDRMODELF)pMod;
+-
++ PRTLDRMODELF pModElf = (PRTLDRMODELF)pMod;
+ Elf_Addr PrevAddr = 0;
+- unsigned cLeft = pModElf->Ehdr.e_shnum - 1;
+- const Elf_Shdr *pShdr = &pModElf->paShdrs[cLeft];
++ unsigned cLeft = pModElf->Ehdr.e_shnum - pModElf->iFirstSect;
++ const Elf_Shdr *pShdr = &pModElf->paShdrs[pModElf->Ehdr.e_shnum];
+ while (cLeft-- > 0)
+ {
++ pShdr--;
+ if (pShdr->sh_flags & SHF_ALLOC)
+ {
+ Elf_Addr cbSeg = PrevAddr ? PrevAddr - pShdr->sh_addr : pShdr->sh_size;
+@@ -1322,7 +1584,6 @@ static DECLCALLBACK(int) RTLDRELF_NAME(R
+ }
+ PrevAddr = pShdr->sh_addr;
+ }
+- pShdr--;
+ }
+
+ return VERR_LDR_INVALID_RVA;
+@@ -1413,14 +1674,14 @@ static DECLCALLBACK(int) RTLDRELF_NAME(R
+ * Apply the relocations.
+ */
+ if (pThis->Ehdr.e_type == ET_REL)
+- rc = RTLDRELF_NAME(RelocateSection)(pThis, pThis->LinkAddress,
+- RTLDRELF_NAME(GetImportStubCallback), NULL /*pvUser*/,
+- pThis->paShdrs[iDbgInfo].sh_addr,
+- pThis->paShdrs[iDbgInfo].sh_size,
+- (const uint8_t *)pvBuf,
+- (uint8_t *)pvBuf,
+- pbRelocs,
+- pThis->paShdrs[iRelocs].sh_size);
++ rc = RTLDRELF_NAME(RelocateSectionRel)(pThis, pThis->LinkAddress,
++ RTLDRELF_NAME(GetImportStubCallback), NULL /*pvUser*/,
++ pThis->paShdrs[iDbgInfo].sh_addr,
++ pThis->paShdrs[iDbgInfo].sh_size,
++ (const uint8_t *)pvBuf,
++ (uint8_t *)pvBuf,
++ pbRelocs,
++ pThis->paShdrs[iRelocs].sh_size);
+ else
+ rc = RTLDRELF_NAME(RelocateSectionExecDyn)(pThis, pThis->LinkAddress,
+ RTLDRELF_NAME(GetImportStubCallback), NULL /*pvUser*/,
+@@ -1562,11 +1823,13 @@ static RTLDROPS RTLDRELF_MID(s_rtldrElf,
+ *
+ * @returns iprt status code.
+ * @param pEhdr Pointer to the ELF header.
+- * @param pszLogName The log name.
+ * @param cbRawImage The size of the raw image.
++ * @param pszLogName The log name.
++ * @param penmArch Where to return the architecture.
++ * @param pErrInfo Where to return extended error info. Optional.
+ */
+-static int RTLDRELF_NAME(ValidateElfHeader)(const Elf_Ehdr *pEhdr, const char *pszLogName, uint64_t cbRawImage,
+- PRTLDRARCH penmArch)
++static int RTLDRELF_NAME(ValidateElfHeader)(const Elf_Ehdr *pEhdr, uint64_t cbRawImage, const char *pszLogName,
++ PRTLDRARCH penmArch, PRTERRINFO pErrInfo)
+ {
+ Log3(("RTLdrELF: e_ident: %.*Rhxs\n"
+ "RTLdrELF: e_type: " FMT_ELF_HALF "\n"
+@@ -1588,48 +1851,31 @@ static int RTLDRELF_NAME(ValidateElfHead
+ if ( pEhdr->e_ident[EI_MAG0] != ELFMAG0
+ || pEhdr->e_ident[EI_MAG1] != ELFMAG1
+ || pEhdr->e_ident[EI_MAG2] != ELFMAG2
+- || pEhdr->e_ident[EI_MAG3] != ELFMAG3
+- )
+- {
+- Log(("RTLdrELF: %s: Invalid ELF magic (%.*Rhxs)\n", pszLogName, sizeof(pEhdr->e_ident), pEhdr->e_ident)); NOREF(pszLogName);
+- return VERR_BAD_EXE_FORMAT;
+- }
++ || pEhdr->e_ident[EI_MAG3] != ELFMAG3)
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: Invalid ELF magic (%.*Rhxs)", pszLogName, sizeof(pEhdr->e_ident), pEhdr->e_ident);
+ if (pEhdr->e_ident[EI_CLASS] != RTLDRELF_SUFF(ELFCLASS))
+- {
+- Log(("RTLdrELF: %s: Invalid ELF class (%.*Rhxs)\n", pszLogName, sizeof(pEhdr->e_ident), pEhdr->e_ident));
+- return VERR_BAD_EXE_FORMAT;
+- }
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: Invalid ELF class (%.*Rhxs)", pszLogName, sizeof(pEhdr->e_ident), pEhdr->e_ident);
+ if (pEhdr->e_ident[EI_DATA] != ELFDATA2LSB)
+- {
+- Log(("RTLdrELF: %s: ELF endian %x is unsupported\n", pszLogName, pEhdr->e_ident[EI_DATA]));
+- return VERR_LDRELF_ODD_ENDIAN;
+- }
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_LDRELF_ODD_ENDIAN,
++ "%s: ELF endian %x is unsupported", pszLogName, pEhdr->e_ident[EI_DATA]);
+ if (pEhdr->e_version != EV_CURRENT)
+- {
+- Log(("RTLdrELF: %s: ELF version %x is unsupported\n", pszLogName, pEhdr->e_version));
+- return VERR_LDRELF_VERSION;
+- }
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_LDRELF_VERSION,
++ "%s: ELF version %x is unsupported", pszLogName, pEhdr->e_version);
+
+ if (sizeof(Elf_Ehdr) != pEhdr->e_ehsize)
+- {
+- Log(("RTLdrELF: %s: Elf header e_ehsize is %d expected %d!\n",
+- pszLogName, pEhdr->e_ehsize, sizeof(Elf_Ehdr)));
+- return VERR_BAD_EXE_FORMAT;
+- }
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: Elf header e_ehsize is %d expected %d!", pszLogName, pEhdr->e_ehsize, sizeof(Elf_Ehdr));
+ if ( sizeof(Elf_Phdr) != pEhdr->e_phentsize
+- && ( pEhdr->e_phnum != 0
+- || pEhdr->e_type == ET_DYN))
+- {
+- Log(("RTLdrELF: %s: Elf header e_phentsize is %d expected %d!\n",
+- pszLogName, pEhdr->e_phentsize, sizeof(Elf_Phdr)));
+- return VERR_BAD_EXE_FORMAT;
+- }
++ && ( pEhdr->e_phnum != 0
++ || pEhdr->e_type == ET_DYN
++ || pEhdr->e_type == ET_EXEC))
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: Elf header e_phentsize is %d expected %d!",
++ pszLogName, pEhdr->e_phentsize, sizeof(Elf_Phdr));
+ if (sizeof(Elf_Shdr) != pEhdr->e_shentsize)
+- {
+- Log(("RTLdrELF: %s: Elf header e_shentsize is %d expected %d!\n",
+- pszLogName, pEhdr->e_shentsize, sizeof(Elf_Shdr)));
+- return VERR_BAD_EXE_FORMAT;
+- }
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: Elf header e_shentsize is %d expected %d!",
++ pszLogName, pEhdr->e_shentsize, sizeof(Elf_Shdr));
+
+ switch (pEhdr->e_type)
+ {
+@@ -1638,8 +1884,8 @@ static int RTLDRELF_NAME(ValidateElfHead
+ case ET_DYN:
+ break;
+ default:
+- Log(("RTLdrELF: %s: image type %#x is not supported!\n", pszLogName, pEhdr->e_type));
+- return VERR_BAD_EXE_FORMAT;
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: image type %#x is not supported!",
++ pszLogName, pEhdr->e_type);
+ }
+
+ switch (pEhdr->e_machine)
+@@ -1655,52 +1901,43 @@ static int RTLDRELF_NAME(ValidateElfHead
+ break;
+ #endif
+ default:
+- Log(("RTLdrELF: %s: machine type %u is not supported!\n", pszLogName, pEhdr->e_machine));
+- return VERR_LDRELF_MACHINE;
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_LDRELF_MACHINE,
++ "%s: machine type %u is not supported!", pszLogName, pEhdr->e_machine);
+ }
+
+ if ( pEhdr->e_phoff < pEhdr->e_ehsize
+ && !(pEhdr->e_phoff && pEhdr->e_phnum)
+ && pEhdr->e_phnum)
+- {
+- Log(("RTLdrELF: %s: The program headers overlap with the ELF header! e_phoff=" FMT_ELF_OFF "\n",
+- pszLogName, pEhdr->e_phoff));
+- return VERR_BAD_EXE_FORMAT;
+- }
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: The program headers overlap with the ELF header! e_phoff=" FMT_ELF_OFF,
++ pszLogName, pEhdr->e_phoff);
+ if ( pEhdr->e_phoff + pEhdr->e_phnum * pEhdr->e_phentsize > cbRawImage
+ || pEhdr->e_phoff + pEhdr->e_phnum * pEhdr->e_phentsize < pEhdr->e_phoff)
+- {
+- Log(("RTLdrELF: %s: The program headers extends beyond the file! e_phoff=" FMT_ELF_OFF " e_phnum=" FMT_ELF_HALF "\n",
+- pszLogName, pEhdr->e_phoff, pEhdr->e_phnum));
+- return VERR_BAD_EXE_FORMAT;
+- }
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: The program headers extends beyond the file! e_phoff=" FMT_ELF_OFF " e_phnum=" FMT_ELF_HALF,
++ pszLogName, pEhdr->e_phoff, pEhdr->e_phnum);
+
+
+ if ( pEhdr->e_shoff < pEhdr->e_ehsize
+ && !(pEhdr->e_shoff && pEhdr->e_shnum))
+- {
+- Log(("RTLdrELF: %s: The section headers overlap with the ELF header! e_shoff=" FMT_ELF_OFF "\n",
+- pszLogName, pEhdr->e_shoff));
+- return VERR_BAD_EXE_FORMAT;
+- }
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: The section headers overlap with the ELF header! e_shoff=" FMT_ELF_OFF,
++ pszLogName, pEhdr->e_shoff);
+ if ( pEhdr->e_shoff + pEhdr->e_shnum * pEhdr->e_shentsize > cbRawImage
+ || pEhdr->e_shoff + pEhdr->e_shnum * pEhdr->e_shentsize < pEhdr->e_shoff)
+- {
+- Log(("RTLdrELF: %s: The section headers extends beyond the file! e_shoff=" FMT_ELF_OFF " e_shnum=" FMT_ELF_HALF "\n",
+- pszLogName, pEhdr->e_shoff, pEhdr->e_shnum));
+- return VERR_BAD_EXE_FORMAT;
+- }
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: The section headers extends beyond the file! e_shoff=" FMT_ELF_OFF " e_shnum=" FMT_ELF_HALF,
++ pszLogName, pEhdr->e_shoff, pEhdr->e_shnum);
+
+ if (pEhdr->e_shstrndx == 0 || pEhdr->e_shstrndx > pEhdr->e_shnum)
+- {
+- Log(("RTLdrELF: %s: The section headers string table is out of bounds! e_shstrndx=" FMT_ELF_HALF " e_shnum=" FMT_ELF_HALF "\n",
+- pszLogName, pEhdr->e_shstrndx, pEhdr->e_shnum));
+- return VERR_BAD_EXE_FORMAT;
+- }
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: The section headers string table is out of bounds! e_shstrndx=" FMT_ELF_HALF " e_shnum=" FMT_ELF_HALF,
++ pszLogName, pEhdr->e_shstrndx, pEhdr->e_shnum);
+
+ return VINF_SUCCESS;
+ }
+
++
+ /**
+ * Gets the section header name.
+ *
+@@ -1741,10 +1978,12 @@ const char *RTLDRELF_NAME(GetSHdrName)(P
+ * @param pModElf Pointer to the module structure.
+ * @param iShdr The index of section header which should be validated.
+ * The section headers are found in the pModElf->paShdrs array.
+- * @param pszLogName The log name.
+ * @param cbRawImage The size of the raw image.
++ * @param pszLogName The log name.
++ * @param pErrInfo Where to return extended error info. Optional.
+ */
+-static int RTLDRELF_NAME(ValidateSectionHeader)(PRTLDRMODELF pModElf, unsigned iShdr, const char *pszLogName, uint64_t cbRawImage)
++static int RTLDRELF_NAME(ValidateSectionHeader)(PRTLDRMODELF pModElf, unsigned iShdr, uint64_t cbRawImage,
++ const char *pszLogName, PRTERRINFO pErrInfo)
+ {
+ const Elf_Shdr *pShdr = &pModElf->paShdrs[iShdr];
+ char szSectionName[80]; NOREF(szSectionName);
+@@ -1776,37 +2015,29 @@ static int RTLDRELF_NAME(ValidateSection
+ || pShdr->sh_link != SHN_UNDEF
+ || pShdr->sh_addralign != 0
+ || pShdr->sh_entsize != 0 )
+- {
+- Log(("RTLdrELF: %s: Bad #0 section: %.*Rhxs\n", pszLogName, sizeof(*pShdr), pShdr ));
+- return VERR_BAD_EXE_FORMAT;
+- }
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: Bad #0 section: %.*Rhxs", pszLogName, sizeof(*pShdr), pShdr);
+ return VINF_SUCCESS;
+ }
+
+ if (pShdr->sh_name >= pModElf->cbShStr)
+- {
+- Log(("RTLdrELF: %s: Shdr #%d: sh_name (%d) is beyond the end of the section header string table (%d)!\n",
+- pszLogName, iShdr, pShdr->sh_name, pModElf->cbShStr)); NOREF(pszLogName);
+- return VERR_BAD_EXE_FORMAT;
+- }
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: Shdr #%d: sh_name (%d) is beyond the end of the section header string table (%d)!",
++ pszLogName, iShdr, pShdr->sh_name, pModElf->cbShStr);
+
+ if (pShdr->sh_link >= pModElf->Ehdr.e_shnum)
+- {
+- Log(("RTLdrELF: %s: Shdr #%d: sh_link (%d) is beyond the end of the section table (%d)!\n",
+- pszLogName, iShdr, pShdr->sh_link, pModElf->Ehdr.e_shnum)); NOREF(pszLogName);
+- return VERR_BAD_EXE_FORMAT;
+- }
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: Shdr #%d: sh_link (%d) is beyond the end of the section table (%d)!",
++ pszLogName, iShdr, pShdr->sh_link, pModElf->Ehdr.e_shnum);
+
+ switch (pShdr->sh_type)
+ {
+ /** @todo find specs and check up which sh_info fields indicates section table entries */
+ case 12301230:
+ if (pShdr->sh_info >= pModElf->Ehdr.e_shnum)
+- {
+- Log(("RTLdrELF: %s: Shdr #%d: sh_info (%d) is beyond the end of the section table (%d)!\n",
+- pszLogName, iShdr, pShdr->sh_link, pModElf->Ehdr.e_shnum));
+- return VERR_BAD_EXE_FORMAT;
+- }
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: Shdr #%d: sh_info (%d) is beyond the end of the section table (%d)!",
++ pszLogName, iShdr, pShdr->sh_link, pModElf->Ehdr.e_shnum);
+ break;
+
+ case SHT_NULL:
+@@ -1840,18 +2071,740 @@ static int RTLDRELF_NAME(ValidateSection
+ uint64_t offEnd = pShdr->sh_offset + pShdr->sh_size;
+ if ( offEnd > cbRawImage
+ || offEnd < (uint64_t)pShdr->sh_offset)
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: Shdr #%d: sh_offset (" FMT_ELF_OFF ") + sh_size (" FMT_ELF_XWORD " = %RX64) is beyond the end of the file (%RX64)!",
++ pszLogName, iShdr, pShdr->sh_offset, pShdr->sh_size, offEnd, cbRawImage);
++ if (pShdr->sh_offset < sizeof(Elf_Ehdr))
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: Shdr #%d: sh_offset (" FMT_ELF_OFF ") + sh_size (" FMT_ELF_XWORD ") is starting in the ELF header!",
++ pszLogName, iShdr, pShdr->sh_offset, pShdr->sh_size);
++ }
++
++ return VINF_SUCCESS;
++}
++
++
++/**
++ * Process the section headers.
++ *
++ * @returns iprt status code.
++ * @param pModElf Pointer to the module structure.
++ * @param paShdrs The section headers.
++ * @param cbRawImage The size of the raw image.
++ * @param pszLogName The log name.
++ * @param pErrInfo Where to return extended error info. Optional.
++ */
++static int RTLDRELF_NAME(ValidateAndProcessSectionHeaders)(PRTLDRMODELF pModElf, Elf_Shdr *paShdrs, uint64_t cbRawImage,
++ const char *pszLogName, PRTERRINFO pErrInfo)
++{
++ Elf_Addr uNextAddr = 0;
++ for (unsigned i = 0; i < pModElf->Ehdr.e_shnum; i++)
++ {
++ int rc = RTLDRELF_NAME(ValidateSectionHeader)(pModElf, i, cbRawImage, pszLogName, pErrInfo);
++ if (RT_FAILURE(rc))
++ return rc;
++
++ /*
++ * We're looking for symbol tables.
++ */
++ if (paShdrs[i].sh_type == SHT_SYMTAB)
+ {
+- Log(("RTLdrELF: %s: Shdr #%d: sh_offset (" FMT_ELF_OFF ") + sh_size (" FMT_ELF_XWORD " = %RX64) is beyond the end of the file (%RX64)!\n",
+- pszLogName, iShdr, pShdr->sh_offset, pShdr->sh_size, offEnd, cbRawImage));
+- return VERR_BAD_EXE_FORMAT;
++ if (pModElf->Rel.iSymSh != ~0U)
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_LDRELF_MULTIPLE_SYMTABS,
++ "%s: Multiple symbol tabs! iSymSh=%d i=%d", pszLogName, pModElf->Rel.iSymSh, i);
++ pModElf->Rel.iSymSh = i;
++ pModElf->Rel.cSyms = (unsigned)(paShdrs[i].sh_size / sizeof(Elf_Sym));
++ AssertBreakStmt(pModElf->Rel.cSyms == paShdrs[i].sh_size / sizeof(Elf_Sym), rc = VERR_IMAGE_TOO_BIG);
++ pModElf->Rel.iStrSh = paShdrs[i].sh_link;
++ pModElf->Rel.cbStr = (unsigned)paShdrs[pModElf->Rel.iStrSh].sh_size;
++ AssertBreakStmt(pModElf->Rel.cbStr == paShdrs[pModElf->Rel.iStrSh].sh_size, rc = VERR_IMAGE_TOO_BIG);
++ }
++ else if (paShdrs[i].sh_type == SHT_DYNSYM)
++ {
++ if (pModElf->Dyn.iSymSh != ~0U)
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_LDRELF_MULTIPLE_SYMTABS,
++ "%s: Multiple dynamic symbol tabs! iSymSh=%d i=%d", pszLogName, pModElf->Dyn.iSymSh, i);
++ if (pModElf->Ehdr.e_type != ET_DYN && pModElf->Ehdr.e_type != ET_EXEC)
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: Unexpected SHT_DYNSYM (i=%d) for e_type=%d", pszLogName, i, pModElf->Ehdr.e_type);
++ pModElf->Dyn.iSymSh = i;
++ pModElf->Dyn.cSyms = (unsigned)(paShdrs[i].sh_size / sizeof(Elf_Sym));
++ AssertBreakStmt(pModElf->Dyn.cSyms == paShdrs[i].sh_size / sizeof(Elf_Sym), rc = VERR_IMAGE_TOO_BIG);
++ pModElf->Dyn.iStrSh = paShdrs[i].sh_link;
++ pModElf->Dyn.cbStr = (unsigned)paShdrs[pModElf->Dyn.iStrSh].sh_size;
++ AssertBreakStmt(pModElf->Dyn.cbStr == paShdrs[pModElf->Dyn.iStrSh].sh_size, rc = VERR_IMAGE_TOO_BIG);
+ }
+- if (pShdr->sh_offset < sizeof(Elf_Ehdr))
++ /*
++ * We're also look for the dynamic section.
++ */
++ else if (paShdrs[i].sh_type == SHT_DYNAMIC)
++ {
++ if (pModElf->iShDynamic != ~0U)
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: Multiple dynamic sections! iShDynamic=%d i=%d",
++ pszLogName, pModElf->iShDynamic, i);
++ if (pModElf->Ehdr.e_type != ET_DYN && pModElf->Ehdr.e_type != ET_EXEC)
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: Unexpected SHT_DYNAMIC (i=%d) for e_type=%d", pszLogName, i, pModElf->Ehdr.e_type);
++ if (paShdrs[i].sh_entsize != sizeof(Elf_Dyn))
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: SHT_DYNAMIC (i=%d) sh_entsize=" FMT_ELF_XWORD ", expected %#zx",
++ pszLogName, i, paShdrs[i].sh_entsize, sizeof(Elf_Dyn));
++ pModElf->iShDynamic = i;
++ Elf_Xword const cDynamic = paShdrs[i].sh_size / sizeof(Elf_Dyn);
++ if (cDynamic > _64K || cDynamic < 2)
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: SHT_DYNAMIC (i=%d) sh_size=" FMT_ELF_XWORD " is out of range (2..64K)",
++ pszLogName, i, paShdrs[i].sh_size);
++ pModElf->cDynamic = (unsigned)cDynamic;
++ }
++
++ /*
++ * Special checks for the section string table.
++ */
++ if (i == pModElf->Ehdr.e_shstrndx)
+ {
+- Log(("RTLdrELF: %s: Shdr #%d: sh_offset (" FMT_ELF_OFF ") + sh_size (" FMT_ELF_XWORD ") is starting in the ELF header!\n",
+- pszLogName, iShdr, pShdr->sh_offset, pShdr->sh_size));
+- return VERR_BAD_EXE_FORMAT;
++ if (paShdrs[i].sh_type != SHT_STRTAB)
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: Section header string table is not a SHT_STRTAB: %#x",
++ pszLogName, paShdrs[i].sh_type);
++ if (paShdrs[i].sh_size == 0)
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: Section header string table is empty", pszLogName);
+ }
++
++ /*
++ * Kluge for the .data..percpu segment in 64-bit linux kernels.
++ */
++ if (paShdrs[i].sh_flags & SHF_ALLOC)
++ {
++ if ( paShdrs[i].sh_addr == 0
++ && paShdrs[i].sh_addr < uNextAddr)
++ {
++ Elf_Addr uAddr = RT_ALIGN_T(uNextAddr, paShdrs[i].sh_addralign, Elf_Addr);
++ Log(("RTLdrElf: Out of order section #%d; adjusting sh_addr from " FMT_ELF_ADDR " to " FMT_ELF_ADDR "\n",
++ i, paShdrs[i].sh_addr, uAddr));
++ paShdrs[i].sh_addr = uAddr;
++ }
++ uNextAddr = paShdrs[i].sh_addr + paShdrs[i].sh_size;
++ }
++ } /* for each section header */
++
++ return VINF_SUCCESS;
++}
++
++
++/**
++ * Process the section headers.
++ *
++ * @returns iprt status code.
++ * @param pModElf Pointer to the module structure.
++ * @param paShdrs The section headers.
++ * @param cbRawImage The size of the raw image.
++ * @param pszLogName The log name.
++ * @param pErrInfo Where to return extended error info. Optional.
++ */
++static int RTLDRELF_NAME(ValidateAndProcessDynamicInfo)(PRTLDRMODELF pModElf, uint64_t cbRawImage, uint32_t fFlags,
++ const char *pszLogName, PRTERRINFO pErrInfo)
++{
++ /*
++ * Check preconditions.
++ */
++ AssertReturn(pModElf->Ehdr.e_type == ET_DYN || pModElf->Ehdr.e_type == ET_EXEC, VERR_INTERNAL_ERROR_2);
++ if (pModElf->Ehdr.e_phnum <= 1 || pModElf->Ehdr.e_phnum >= _32K)
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: e_phnum=%u is out of bounds (2..32K)", pszLogName, pModElf->Ehdr.e_phnum);
++ if (pModElf->iShDynamic == ~0U)
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: no .dynamic section", pszLogName);
++ AssertReturn(pModElf->cDynamic > 1 && pModElf->cDynamic <= _64K, VERR_INTERNAL_ERROR_3);
++
++ /* ASSUME that the sections are ordered by address. That simplifies
++ validation code further down. */
++ AssertReturn(pModElf->Ehdr.e_shnum >= 2, VERR_INTERNAL_ERROR_4);
++ Elf_Shdr const *paShdrs = pModElf->paShdrs;
++ Elf_Addr uPrevEnd = paShdrs[1].sh_addr + paShdrs[1].sh_size;
++ for (unsigned i = 2; i < pModElf->Ehdr.e_shnum; i++)
++ if (paShdrs[i].sh_flags & SHF_ALLOC)
++ {
++ if (uPrevEnd > paShdrs[i].sh_addr)
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: section %u is out of order: uPrevEnd=" FMT_ELF_ADDR " sh_addr=" FMT_ELF_ADDR,
++ pszLogName, i, uPrevEnd, paShdrs[i].sh_addr);
++ uPrevEnd = paShdrs[i].sh_addr + paShdrs[i].sh_size;
++ }
++
++ /* Must have string and symbol tables. */
++ if (pModElf->Dyn.iStrSh == ~0U)
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: No dynamic string table section", pszLogName);
++ if (pModElf->Dyn.iSymSh == ~0U)
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: No dynamic symbol table section", pszLogName);
++
++ /*
++ * Load the program headers.
++ */
++ size_t const cbPhdrs = sizeof(pModElf->paPhdrs[0]) * pModElf->Ehdr.e_phnum;
++ Elf_Phdr *paPhdrs = (Elf_Phdr *)RTMemAllocZ(cbPhdrs);
++ pModElf->paPhdrs = paPhdrs;
++ AssertReturn(paPhdrs, VERR_NO_MEMORY);
++
++ int rc = pModElf->Core.pReader->pfnRead(pModElf->Core.pReader, paPhdrs, cbPhdrs, pModElf->Ehdr.e_phoff);
++ if (RT_FAILURE(rc))
++ return RTERRINFO_LOG_SET_F(pErrInfo, rc, "%s: pfnRead(,,%#zx, " FMT_ELF_OFF ") -> %Rrc",
++ pszLogName, cbPhdrs, pModElf->Ehdr.e_phoff, rc);
++
++ /*
++ * Validate them.
++ */
++ unsigned cbPage = _4K; /** @todo generalize architecture specific stuff using its own code template header. */
++ switch (pModElf->Core.enmArch)
++ {
++ case RTLDRARCH_AMD64:
++ case RTLDRARCH_X86_32:
++ break;
++ default:
++ AssertFailedBreak(/** @todo page size for got.plt hacks */);
+ }
++ unsigned iLoad = 0;
++ unsigned iLoadShdr = 1; /* ASSUMES ordered (checked above). */
++ unsigned cDynamic = 0;
++ Elf_Addr cbImage = 0;
++ Elf_Addr uLinkAddress = ~(Elf_Addr)0;
++ for (unsigned i = 0; i < pModElf->Ehdr.e_phnum; i++)
++ {
++ const Elf_Phdr * const pPhdr = &paPhdrs[i];
++ Log3(("RTLdrELF: Program Header #%d:\n"
++ "RTLdrELF: p_type: " FMT_ELF_WORD " (%s)\n"
++ "RTLdrELF: p_flags: " FMT_ELF_WORD "\n"
++ "RTLdrELF: p_offset: " FMT_ELF_OFF "\n"
++ "RTLdrELF: p_vaddr: " FMT_ELF_ADDR "\n"
++ "RTLdrELF: p_paddr: " FMT_ELF_ADDR "\n"
++ "RTLdrELF: p_filesz: " FMT_ELF_XWORD "\n"
++ "RTLdrELF: p_memsz: " FMT_ELF_XWORD "\n"
++ "RTLdrELF: p_align: " FMT_ELF_XWORD "\n",
++ i,
++ pPhdr->p_type, rtldrElfGetPhdrType(pPhdr->p_type), pPhdr->p_flags, pPhdr->p_offset,
++ pPhdr->p_vaddr, pPhdr->p_paddr, pPhdr->p_filesz, pPhdr->p_memsz, pPhdr->p_align));
++
++ if (pPhdr->p_type == DT_NULL)
++ continue;
++
++ if ( pPhdr->p_filesz != 0
++ && ( pPhdr->p_offset >= cbRawImage
++ || pPhdr->p_filesz > cbRawImage
++ || pPhdr->p_offset + pPhdr->p_filesz > cbRawImage))
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: Prog Hdr #%u: bogus p_offset=" FMT_ELF_OFF " & p_filesz=" FMT_ELF_XWORD " (file size %#RX64)",
++ pszLogName, i, pPhdr->p_offset, pPhdr->p_filesz, cbRawImage);
++
++ if (pPhdr->p_flags & ~(Elf64_Word)(PF_X | PF_R | PF_W))
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: Prog Hdr #%u: bogus p_flags=" FMT_ELF_WORD,
++ pszLogName, i, pPhdr->p_flags);
++
++ if (!RT_IS_POWER_OF_TWO(pPhdr->p_align))
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: Prog Hdr #%u: bogus p_align=" FMT_ELF_XWORD,
++ pszLogName, i, pPhdr->p_align);
++
++ if ( pPhdr->p_align > 1
++ && pPhdr->p_memsz > 0
++ && pPhdr->p_filesz > 0
++ && (pPhdr->p_offset & (pPhdr->p_align - 1)) != (pPhdr->p_vaddr & (pPhdr->p_align - 1)))
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: Prog Hdr #%u: misaligned p_offset=" FMT_ELF_OFF " p_vaddr=" FMT_ELF_ADDR " p_align=" FMT_ELF_XWORD,
++ pszLogName, i, pPhdr->p_offset, pPhdr->p_vaddr, pPhdr->p_align);
++
++ /* Do some type specfic checks: */
++ switch (pPhdr->p_type)
++ {
++ case PT_LOAD:
++ {
++ if (pPhdr->p_memsz < pPhdr->p_filesz)
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: Prog Hdr #%u/LOAD#%u: bogus p_memsz=" FMT_ELF_XWORD " or p_filesz=" FMT_ELF_XWORD,
++ pszLogName, i, iLoad, pPhdr->p_memsz, pPhdr->p_filesz);
++ cbImage = pPhdr->p_vaddr + pPhdr->p_memsz;
++ if (iLoad == 0)
++ uLinkAddress = pPhdr->p_vaddr;
++
++ /* Find the corresponding sections, checking their addresses and
++ file offsets since the rest of the code is still section based
++ rather than using program headers as it should... */
++ Elf_Off off = pPhdr->p_offset;
++ Elf_Addr uAddr = pPhdr->p_vaddr;
++ Elf_Xword cbMem = pPhdr->p_memsz;
++ Elf_Xword cbFile = pPhdr->p_filesz;
++ while (cbMem > 0)
++ {
++ if (iLoadShdr < pModElf->Ehdr.e_shnum)
++ { /* likely */ }
++ else if (iLoadShdr == pModElf->Ehdr.e_shnum)
++ {
++ /** @todo anything else to check here? */
++ iLoadShdr++;
++ break;
++ }
++ else
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: Prog Hdr #%u/LOAD#%u: Out of sections at " FMT_ELF_ADDR " LB " FMT_ELF_XWORD,
++ pszLogName, i, iLoad, uAddr, cbMem);
++ if (!(paShdrs[iLoadShdr].sh_flags & SHF_ALLOC))
++ {
++ if ( paShdrs[iLoadShdr].sh_type != SHT_NOBITS
++ && paShdrs[iLoadShdr].sh_size > 0
++ && off < paShdrs[iLoadShdr].sh_offset + paShdrs[iLoadShdr].sh_size
++ && paShdrs[iLoadShdr].sh_offset < off + cbMem)
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: Prog Hdr #%u/LOAD#%u: Overlaps with !SHF_ALLOC section at " FMT_ELF_OFF " LB " FMT_ELF_XWORD,
++ pszLogName, i, iLoad, paShdrs[iLoadShdr].sh_offset, paShdrs[iLoadShdr].sh_size);
++ pModElf->paShdrExtras[iLoadShdr].idxPhdr = UINT16_MAX;
++ iLoadShdr++;
++ continue;
++ }
++
++ if (uAddr != paShdrs[iLoadShdr].sh_addr)
++ {
++ /* Before the first section we expect headers to be loaded, so
++ that the file is simply mapped from file offset zero. */
++ if ( iLoadShdr == 1
++ && iLoad == 0
++ && paShdrs[1].sh_addr == paShdrs[1].sh_offset
++ && cbFile >= paShdrs[1].sh_offset
++ && cbMem >= paShdrs[1].sh_offset)
++ {
++ /* Modify paShdrs[0] to describe the gap. ".elf.headers" */
++ pModElf->iFirstSect = 0;
++ pModElf->paShdrs[0].sh_name = 0;
++ pModElf->paShdrs[0].sh_type = SHT_PROGBITS;
++ pModElf->paShdrs[0].sh_flags = SHF_ALLOC
++ | (pPhdr->p_flags & PF_W ? SHF_WRITE : 0)
++ | (pPhdr->p_flags & PF_X ? SHF_EXECINSTR : 0);
++ pModElf->paShdrs[0].sh_addr = uAddr;
++ pModElf->paShdrs[0].sh_offset = off;
++ pModElf->paShdrs[0].sh_size = paShdrs[1].sh_offset;
++ pModElf->paShdrs[0].sh_link = 0;
++ pModElf->paShdrs[0].sh_info = 0;
++ pModElf->paShdrs[0].sh_addralign = pPhdr->p_align;
++ pModElf->paShdrs[0].sh_entsize = 0;
++ *(Elf_Shdr *)pModElf->paOrgShdrs = pModElf->paShdrs[0]; /* (necessary for segment enumeration) */
++
++ uAddr += paShdrs[1].sh_offset;
++ cbMem -= paShdrs[1].sh_offset;
++ cbFile -= paShdrs[1].sh_offset;
++ off = paShdrs[1].sh_offset;
++ }
++ /* Alignment padding? Allow up to a page size. */
++ else if ( paShdrs[iLoadShdr].sh_addr > uAddr
++ && paShdrs[iLoadShdr].sh_addr - uAddr
++ < RT_MAX(paShdrs[iLoadShdr].sh_addralign, cbPage /*got.plt hack*/))
++ {
++ Elf_Xword cbAlignPadding = paShdrs[iLoadShdr].sh_addr - uAddr;
++ if (cbAlignPadding >= cbMem)
++ break;
++ cbMem -= cbAlignPadding;
++ uAddr += cbAlignPadding;
++ if (cbFile > cbAlignPadding)
++ {
++ off += cbAlignPadding;
++ cbFile -= cbAlignPadding;
++ }
++ else
++ {
++ off += cbFile;
++ cbFile = 0;
++ }
++ }
++ }
++
++ if ( uAddr == paShdrs[iLoadShdr].sh_addr
++ && cbMem >= paShdrs[iLoadShdr].sh_size
++ && ( paShdrs[iLoadShdr].sh_type != SHT_NOBITS
++ ? off == paShdrs[iLoadShdr].sh_offset
++ && cbFile >= paShdrs[iLoadShdr].sh_size /* this might be too strict... */
++ : cbFile == 0) )
++ {
++ if (paShdrs[iLoadShdr].sh_type != SHT_NOBITS)
++ {
++ off += paShdrs[iLoadShdr].sh_size;
++ cbFile -= paShdrs[iLoadShdr].sh_size;
++ }
++ uAddr += paShdrs[iLoadShdr].sh_size;
++ cbMem -= paShdrs[iLoadShdr].sh_size;
++ }
++ else
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: Prog Hdr #%u/LOAD#%u: Mismatch at " FMT_ELF_ADDR " LB " FMT_ELF_XWORD " (file " FMT_ELF_OFF " LB " FMT_ELF_XWORD ") with section #%u " FMT_ELF_ADDR " LB " FMT_ELF_XWORD " (file " FMT_ELF_OFF " sh_type=" FMT_ELF_WORD ")",
++ pszLogName, i, iLoad, uAddr, cbMem, off, cbFile,
++ iLoadShdr, paShdrs[iLoadShdr].sh_addr, paShdrs[iLoadShdr].sh_size,
++ paShdrs[iLoadShdr].sh_offset, paShdrs[iLoadShdr].sh_type);
++
++ pModElf->paShdrExtras[iLoadShdr].idxPhdr = iLoad;
++ iLoadShdr++;
++ } /* section loop */
++
++ iLoad++;
++ break;
++ }
++
++ case PT_DYNAMIC:
++ {
++ const Elf_Shdr *pShdr = &pModElf->paShdrs[pModElf->iShDynamic];
++ if (pPhdr->p_offset != pShdr->sh_offset)
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: Prog Hdr #%u/DYNAMIC: p_offset=" FMT_ELF_OFF " expected " FMT_ELF_OFF,
++ pszLogName, i, pPhdr->p_offset, pShdr->sh_offset);
++ if (RT_MAX(pPhdr->p_memsz, pPhdr->p_filesz) != pShdr->sh_size)
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: Prog Hdr #%u/DYNAMIC: expected " FMT_ELF_XWORD " for RT_MAX(p_memsz=" FMT_ELF_XWORD ", p_filesz=" FMT_ELF_XWORD ")",
++ pszLogName, i, pShdr->sh_size, pPhdr->p_memsz, pPhdr->p_filesz);
++ cDynamic++;
++ break;
++ }
++ }
++ }
++
++ if (iLoad == 0)
++ return RTERRINFO_LOG_SET_F(pErrInfo, rc, "%s: No PT_LOAD program headers", pszLogName);
++ if (cDynamic != 1)
++ return RTERRINFO_LOG_SET_F(pErrInfo, rc, "%s: No program header for the DYNAMIC section", pszLogName);
++
++ cbImage -= uLinkAddress;
++ pModElf->cbImage = (uint64_t)cbImage;
++ pModElf->LinkAddress = uLinkAddress;
++ AssertReturn(pModElf->cbImage == cbImage, VERR_INTERNAL_ERROR_5);
++ Log3(("RTLdrELF: LinkAddress=" FMT_ELF_ADDR " cbImage=" FMT_ELF_ADDR " (from PT_LOAD)\n", uLinkAddress, cbImage));
++
++ for (; iLoadShdr < pModElf->Ehdr.e_shnum; iLoadShdr++)
++ if ( !(paShdrs[iLoadShdr].sh_flags & SHF_ALLOC)
++ || paShdrs[iLoadShdr].sh_size == 0)
++ pModElf->paShdrExtras[iLoadShdr].idxPhdr = UINT16_MAX;
++ else
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: No PT_LOAD for section #%u " FMT_ELF_ADDR " LB " FMT_ELF_XWORD " (file " FMT_ELF_OFF " sh_type=" FMT_ELF_WORD ")",
++ pszLogName, iLoadShdr, paShdrs[iLoadShdr].sh_addr, paShdrs[iLoadShdr].sh_size,
++ paShdrs[iLoadShdr].sh_offset, paShdrs[iLoadShdr].sh_type);
++
++ /*
++ * Load and validate the dynamic table. We have got / will get most of the
++ * info we need from the section table, so we must make sure this matches up.
++ */
++ Log3(("RTLdrELF: Dynamic section - %u entries\n", pModElf->cDynamic));
++ size_t const cbDynamic = pModElf->cDynamic * sizeof(pModElf->paDynamic[0]);
++ Elf_Dyn * const paDynamic = (Elf_Dyn *)RTMemAlloc(cbDynamic);
++ AssertReturn(paDynamic, VERR_NO_MEMORY);
++ pModElf->paDynamic = paDynamic;
++
++ rc = pModElf->Core.pReader->pfnRead(pModElf->Core.pReader, paDynamic, cbDynamic, paShdrs[pModElf->iShDynamic].sh_offset);
++ if (RT_FAILURE(rc))
++ return RTERRINFO_LOG_SET_F(pErrInfo, rc, "%s: pfnRead(,,%#zx, " FMT_ELF_OFF ") -> %Rrc",
++ pszLogName, cbDynamic, paShdrs[pModElf->iShDynamic].sh_offset, rc);
++
++ for (uint32_t i = 0; i < pModElf->cDynamic; i++)
++ {
++#define LOG_VALIDATE_PTR_RET(szName) do { \
++ Log3(("RTLdrELF: DT[%u]: %16s " FMT_ELF_ADDR "\n", i, szName, paDynamic[i].d_un.d_ptr)); \
++ if ((uint64_t)paDynamic[i].d_un.d_ptr - uLinkAddress < cbImage) { /* likely */ } \
++ else return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT[%u]/" szName ": Invalid address " FMT_ELF_ADDR " (valid range: " FMT_ELF_ADDR " LB " FMT_ELF_ADDR ")", \
++ pszLogName, i, paDynamic[i].d_un.d_ptr, uLinkAddress, cbImage); \
++ } while (0)
++#define LOG_VALIDATE_PTR_VAL_RET(szName, uExpected) do { \
++ Log3(("RTLdrELF: DT[%u]: %16s " FMT_ELF_ADDR "\n", i, szName, (uint64_t)paDynamic[i].d_un.d_ptr)); \
++ if (paDynamic[i].d_un.d_ptr == (Elf_Addr)(uExpected)) { /* likely */ } \
++ else return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT[%u]/" szName ": " FMT_ELF_ADDR ", expected " FMT_ELF_ADDR, \
++ pszLogName, i, paDynamic[i].d_un.d_ptr, (Elf_Addr)(uExpected)); \
++ } while (0)
++#define LOG_VALIDATE_STR_RET(szName) do { \
++ Log3(("RTLdrELF: DT[%u]: %16s %#RX64\n", i, szName, (uint64_t)paDynamic[i].d_un.d_val)); \
++ if ((uint64_t)paDynamic[i].d_un.d_val < pModElf->Dyn.cbStr) { /* likely */ } \
++ else return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT[%u]/" szName ": Invalid string table offset %#RX64 (max %#x)", \
++ pszLogName, i, (uint64_t)paDynamic[i].d_un.d_val, pModElf->Dyn.cbStr); \
++ } while (0)
++#define LOG_VALIDATE_VAL_RET(szName, uExpected) do { \
++ Log3(("RTLdrELF: DT[%u]: %16s %#RX64\n", i, szName, (uint64_t)paDynamic[i].d_un.d_val)); \
++ if ((uint64_t)paDynamic[i].d_un.d_val == (uint64_t)(uExpected)) { /* likely */ } \
++ else return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT[%u]/" szName ": %#RX64, expected %#RX64", \
++ pszLogName, i, (uint64_t)paDynamic[i].d_un.d_val, (uint64_t)(uExpected)); \
++ } while (0)
++#define SET_RELOC_TYPE_RET(a_szName, a_uType) do { \
++ if (pModElf->DynInfo.uRelocType == 0 || pModElf->DynInfo.uRelocType == (a_uType)) \
++ pModElf->DynInfo.uRelocType = (a_uType); \
++ else return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT[%u]/" a_szName ": Mixing DT_RELA and DT_REL", pszLogName, i); \
++ } while (0)
++#define SET_INFO_FIELD_RET(a_szName, a_Field, a_Value, a_UnsetValue, a_szFmt) do { \
++ if ((a_Field) == (a_UnsetValue) && (a_Value) != (a_UnsetValue)) \
++ (a_Field) = (a_Value); /* likely */ \
++ else if ((a_Field) != (a_UnsetValue)) \
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT[%u]/" a_szName ": Multiple entries (first value " a_szFmt ", second " a_szFmt ")", pszLogName, i, (a_Field), (a_Value)); \
++ else if ((a_Value) != (a_UnsetValue)) \
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT[%u]/" a_szName ": Unexpected value " a_szFmt, pszLogName, i, (a_Value)); \
++ } while (0)
++#define FIND_MATCHING_SECTION_RET(a_szName, a_ExtraMatchExpr, a_idxShFieldToSet) do { \
++ unsigned iSh; \
++ for (iSh = 1; iSh < pModElf->Ehdr.e_shnum; iSh++) \
++ if ( paShdrs[iSh].sh_addr == paDynamic[i].d_un.d_ptr \
++ && (a_ExtraMatchExpr)) \
++ { \
++ (a_idxShFieldToSet) = iSh; \
++ if (pModElf->paShdrExtras[iSh].idxDt != UINT16_MAX) \
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, \
++ "%s: DT[%u]/" a_szName ": section #%u (" FMT_ELF_ADDR ") already referenced by DT[%u]", \
++ pszLogName, i, iSh, paShdrs[iSh].sh_addr, pModElf->paShdrExtras[iSh].idxDt); \
++ pModElf->paShdrExtras[iSh].idxDt = i; \
++ pModElf->paShdrExtras[iSh].uDtTag = (uint32_t)paDynamic[i].d_tag; \
++ break; \
++ } \
++ if (iSh < pModElf->Ehdr.e_shnum) { /* likely */ } \
++ else return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT[%u]/" a_szName ": No matching section for " FMT_ELF_ADDR, pszLogName, i, paDynamic[i].d_un.d_ptr); \
++ } while (0)
++#define ONLY_FOR_DEBUG_OR_VALIDATION_RET(a_szName) do { \
++ if (fFlags & (RTLDR_O_FOR_DEBUG | RTLDR_O_FOR_VALIDATION)) { /* likely */ } \
++ else return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT[%u]/" a_szName ": Not supported (" FMT_ELF_ADDR ")", pszLogName, i, paDynamic[i].d_un.d_ptr); \
++ } while (0)
++#define LOG_NON_VALUE_ENTRY(a_szName) Log3(("RTLdrELF: DT[%u]: %16s (%#RX64)\n", i, a_szName, (uint64_t)paDynamic[i].d_un.d_val))
++
++ switch (paDynamic[i].d_tag)
++ {
++ case DT_NULL:
++ LOG_NON_VALUE_ENTRY("DT_NULL");
++ for (unsigned iNull = i + 1; iNull < pModElf->cDynamic; iNull++)
++ if (paDynamic[i].d_tag == DT_NULL) /* Not technically a bug, but let's try being extremely strict for now */
++ LOG_NON_VALUE_ENTRY("DT_NULL");
++ else if (!(fFlags & (RTLDR_O_FOR_DEBUG | RTLDR_O_FOR_VALIDATION)))
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: DT[%u]/DT_NULL: Dynamic section isn't zero padded (extra #%u of #%u)",
++ pszLogName, i, iNull - i, pModElf->cDynamic - i);
++ i = pModElf->cDynamic;
++ break;
++ case DT_NEEDED:
++ LOG_VALIDATE_STR_RET("DT_NEEDED");
++ break;
++ case DT_PLTRELSZ:
++ Log3(("RTLdrELF: DT[%u]: %16s %#RX64 bytes\n", i, "DT_PLTRELSZ", (uint64_t)paDynamic[i].d_un.d_val));
++ SET_INFO_FIELD_RET("DT_PLTRELSZ", pModElf->DynInfo.cbJmpRelocs, (Elf_Xword)paDynamic[i].d_un.d_val, 0, FMT_ELF_XWORD);
++ break;
++ case DT_PLTGOT:
++ LOG_VALIDATE_PTR_RET("DT_PLTGOT");
++ break;
++ case DT_HASH:
++ LOG_VALIDATE_PTR_RET("DT_HASH");
++ break;
++ case DT_STRTAB:
++ LOG_VALIDATE_PTR_VAL_RET("DT_STRTAB", paShdrs[pModElf->Dyn.iStrSh].sh_addr);
++ pModElf->paShdrExtras[pModElf->Dyn.iStrSh].idxDt = i;
++ pModElf->paShdrExtras[pModElf->Dyn.iSymSh].uDtTag = DT_STRTAB;
++ break;
++ case DT_SYMTAB:
++ LOG_VALIDATE_PTR_VAL_RET("DT_SYMTAB", paShdrs[pModElf->Dyn.iSymSh].sh_addr);
++ pModElf->paShdrExtras[pModElf->Dyn.iSymSh].idxDt = i;
++ pModElf->paShdrExtras[pModElf->Dyn.iSymSh].uDtTag = DT_SYMTAB;
++ break;
++ case DT_RELA:
++ LOG_VALIDATE_PTR_RET("DT_RELA");
++ SET_RELOC_TYPE_RET("DT_RELA", DT_RELA);
++ SET_INFO_FIELD_RET("DT_RELA", pModElf->DynInfo.uPtrRelocs, paDynamic[i].d_un.d_ptr, ~(Elf_Addr)0, FMT_ELF_ADDR);
++ FIND_MATCHING_SECTION_RET("DT_RELA", paShdrs[iSh].sh_type == SHT_RELA, pModElf->DynInfo.idxShRelocs);
++ break;
++ case DT_RELASZ:
++ Log3(("RTLdrELF: DT[%u]: %16s %#RX64 bytes\n", i, "DT_RELASZ", (uint64_t)paDynamic[i].d_un.d_val));
++ SET_RELOC_TYPE_RET("DT_RELASZ", DT_RELA);
++ SET_INFO_FIELD_RET("DT_RELASZ", pModElf->DynInfo.cbRelocs, (Elf_Xword)paDynamic[i].d_un.d_val, 0, FMT_ELF_XWORD);
++ break;
++ case DT_RELAENT:
++ LOG_VALIDATE_VAL_RET("DT_RELAENT", sizeof(Elf_Rela));
++ SET_RELOC_TYPE_RET("DT_RELAENT", DT_RELA);
++ SET_INFO_FIELD_RET("DT_RELAENT", pModElf->DynInfo.cbRelocEntry, (unsigned)sizeof(Elf_Rela), 0, "%u");
++ break;
++ case DT_STRSZ:
++ LOG_VALIDATE_VAL_RET("DT_STRSZ", pModElf->Dyn.cbStr);
++ break;
++ case DT_SYMENT:
++ LOG_VALIDATE_VAL_RET("DT_SYMENT", sizeof(Elf_Sym));
++ break;
++ case DT_INIT:
++ LOG_VALIDATE_PTR_RET("DT_INIT");
++ ONLY_FOR_DEBUG_OR_VALIDATION_RET("DT_INIT");
++ break;
++ case DT_FINI:
++ LOG_VALIDATE_PTR_RET("DT_FINI");
++ ONLY_FOR_DEBUG_OR_VALIDATION_RET("DT_FINI");
++ break;
++ case DT_SONAME:
++ LOG_VALIDATE_STR_RET("DT_SONAME");
++ break;
++ case DT_RPATH:
++ LOG_VALIDATE_STR_RET("DT_RPATH");
++ break;
++ case DT_SYMBOLIC:
++ LOG_NON_VALUE_ENTRY("DT_SYMBOLIC");
++ break;
++ case DT_REL:
++ LOG_VALIDATE_PTR_RET("DT_REL");
++ SET_RELOC_TYPE_RET("DT_REL", DT_REL);
++ SET_INFO_FIELD_RET("DT_REL", pModElf->DynInfo.uPtrRelocs, paDynamic[i].d_un.d_ptr, ~(Elf_Addr)0, FMT_ELF_ADDR);
++ FIND_MATCHING_SECTION_RET("DT_REL", paShdrs[iSh].sh_type == SHT_REL, pModElf->DynInfo.idxShRelocs);
++ break;
++ case DT_RELSZ:
++ Log3(("RTLdrELF: DT[%u]: %16s %#RX64 bytes\n", i, "DT_RELSZ", (uint64_t)paDynamic[i].d_un.d_val));
++ SET_RELOC_TYPE_RET("DT_RELSZ", DT_REL);
++ SET_INFO_FIELD_RET("DT_RELSZ", pModElf->DynInfo.cbRelocs, (Elf_Xword)paDynamic[i].d_un.d_val, 0, FMT_ELF_XWORD);
++ break;
++ case DT_RELENT:
++ LOG_VALIDATE_VAL_RET("DT_RELENT", sizeof(Elf_Rel));
++ SET_RELOC_TYPE_RET("DT_RELENT", DT_REL);
++ SET_INFO_FIELD_RET("DT_RELENT", pModElf->DynInfo.cbRelocEntry, (unsigned)sizeof(Elf_Rel), 0, "%u");
++ break;
++ case DT_PLTREL:
++ if (paDynamic[i].d_un.d_val != DT_RELA && paDynamic[i].d_un.d_val != DT_REL)
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT[%u]/DT_PLTREL: Invalid value %#RX64",
++ pszLogName, i, (uint64_t)paDynamic[i].d_un.d_val);
++ Log3(("RTLdrELF: DT[%u]: %16s DT_REL%s\n", i, "DT_PLTREL", paDynamic[i].d_un.d_val == DT_RELA ? "A" : ""));
++ SET_INFO_FIELD_RET("DT_PLTREL", pModElf->DynInfo.uJmpRelocType, (unsigned)paDynamic[i].d_un.d_val, 0, "%u");
++ break;
++ case DT_DEBUG:
++ LOG_VALIDATE_PTR_RET("DT_DEBUG");
++ break;
++ case DT_TEXTREL:
++ LOG_NON_VALUE_ENTRY("DT_TEXTREL");
++ break;
++ case DT_JMPREL:
++ LOG_VALIDATE_PTR_RET("DT_JMPREL");
++ SET_INFO_FIELD_RET("DT_JMPREL", pModElf->DynInfo.uPtrJmpRelocs, paDynamic[i].d_un.d_ptr, ~(Elf_Addr)0, FMT_ELF_ADDR);
++ FIND_MATCHING_SECTION_RET("DT_JMPREL", 1, pModElf->DynInfo.idxShJmpRelocs);
++ break;
++ case DT_BIND_NOW:
++ LOG_NON_VALUE_ENTRY("DT_BIND_NOW");
++ break;
++ case DT_INIT_ARRAY:
++ LOG_VALIDATE_PTR_RET("DT_INIT_ARRAY");
++ ONLY_FOR_DEBUG_OR_VALIDATION_RET("DT_INIT_ARRAY");
++ break;
++ case DT_FINI_ARRAY:
++ LOG_VALIDATE_PTR_RET("DT_FINI_ARRAY");
++ ONLY_FOR_DEBUG_OR_VALIDATION_RET("DT_FINI_ARRAY");
++ break;
++ case DT_INIT_ARRAYSZ:
++ Log3(("RTLdrELF: DT[%u]: %16s %#RX64 bytes\n", i, "DT_INIT_ARRAYSZ", (uint64_t)paDynamic[i].d_un.d_val));
++ ONLY_FOR_DEBUG_OR_VALIDATION_RET("DT_INIT_ARRAYSZ");
++ break;
++ case DT_FINI_ARRAYSZ:
++ Log3(("RTLdrELF: DT[%u]: %16s %#RX64 bytes\n", i, "DT_FINI_ARRAYSZ", (uint64_t)paDynamic[i].d_un.d_val));
++ ONLY_FOR_DEBUG_OR_VALIDATION_RET("DT_FINI_ARRAYSZ");
++ break;
++ case DT_RUNPATH:
++ LOG_VALIDATE_STR_RET("DT_RUNPATH");
++ break;
++ case DT_FLAGS:
++ Log3(("RTLdrELF: DT[%u]: %16s %#RX64\n", i, "DT_FLAGS", (uint64_t)paDynamic[i].d_un.d_val));
++ break;
++ case DT_PREINIT_ARRAY:
++ LOG_VALIDATE_PTR_RET("DT_PREINIT_ARRAY");
++ ONLY_FOR_DEBUG_OR_VALIDATION_RET("DT_PREINIT_ARRAY");
++ break;
++ case DT_PREINIT_ARRAYSZ:
++ Log3(("RTLdrELF: DT[%u]: %16s %#RX64 bytes\n", i, "DT_PREINIT_ARRAYSZ", (uint64_t)paDynamic[i].d_un.d_val));
++ ONLY_FOR_DEBUG_OR_VALIDATION_RET("DT_PREINIT_ARRAYSZ");
++ break;
++ default:
++ if ( paDynamic[i].d_un.d_val < DT_ENCODING
++ || (paDynamic[i].d_un.d_val & 1))
++ Log3(("RTLdrELF: DT[%u]: %#010RX64 %#RX64%s\n", i, (uint64_t)paDynamic[i].d_tag,
++ (uint64_t)paDynamic[i].d_un.d_val, paDynamic[i].d_un.d_val >= DT_ENCODING ? " (val)" : ""));
++ else
++ {
++ Log3(("RTLdrELF: DT[%u]: %#010RX64 " FMT_ELF_ADDR " (addr)\n",
++ i, (uint64_t)paDynamic[i].d_tag, paDynamic[i].d_un.d_ptr));
++ if ((uint64_t)paDynamic[i].d_un.d_ptr - uLinkAddress >= cbImage)
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: DT[%u]/%#RX64: Invalid address " FMT_ELF_ADDR " (valid range: " FMT_ELF_ADDR " LB " FMT_ELF_ADDR ")",
++ pszLogName, i, (uint64_t)paDynamic[i].d_tag,
++ paDynamic[i].d_un.d_ptr, uLinkAddress, cbImage);
++ }
++ break;
++ }
++#undef LOG_VALIDATE_VAL_RET
++#undef LOG_VALIDATE_STR_RET
++#undef LOG_VALIDATE_PTR_VAL_RET
++#undef LOG_VALIDATE_PTR_RET
++#undef SET_RELOC_TYPE_RET
++#undef SET_INFO_FIELD_RET
++#undef FIND_MATCHING_SECTION_RET
++#undef ONLY_FOR_DEBUG_OR_VALIDATION_RET
++ }
++
++ /*
++ * Validate the relocation information we've gathered.
++ */
++ Elf_Word uShTypeArch = SHT_RELA; /** @todo generalize architecture specific stuff using its own code template header. */
++ switch (pModElf->Core.enmArch)
++ {
++ case RTLDRARCH_AMD64:
++ break;
++ case RTLDRARCH_X86_32:
++ uShTypeArch = SHT_REL;
++ break;
++ default:
++ AssertFailedBreak(/** @todo page size for got.plt hacks */);
++
++ }
++
++ if (pModElf->DynInfo.uRelocType != 0)
++ {
++ const char * const pszModifier = pModElf->DynInfo.uRelocType == DT_RELA ? "A" : "";
++ if (pModElf->DynInfo.uPtrRelocs == ~(Elf_Addr)0)
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: Missing DT_REL%s", pszLogName, pszModifier);
++ if (pModElf->DynInfo.cbRelocs == 0)
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: Missing DT_REL%sSZ", pszLogName, pszModifier);
++ if (pModElf->DynInfo.cbRelocEntry == 0)
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: Missing DT_REL%sENT", pszLogName, pszModifier);
++ Elf_Shdr const *pShdrRelocs = &paShdrs[pModElf->DynInfo.idxShRelocs];
++ Elf_Word const uShType = pModElf->DynInfo.uJmpRelocType == DT_RELA ? SHT_RELA : SHT_REL;
++ if (pShdrRelocs->sh_type != uShType)
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT_REL%s* does not match section type: %u vs %u",
++ pszLogName, pszModifier, pShdrRelocs->sh_type, uShType);
++ if (pShdrRelocs->sh_size != pModElf->DynInfo.cbRelocs)
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT_REL%sSZ does not match section size: %u vs %u",
++ pszLogName, pszModifier, pShdrRelocs->sh_size, pModElf->DynInfo.cbRelocs);
++ if (uShType != uShTypeArch)
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT_REL%s* does not match architecture: %u, arch wants %u",
++ pszLogName, pszModifier, uShType, uShTypeArch);
++ }
++
++ if ( pModElf->DynInfo.uPtrJmpRelocs != ~(Elf_Addr)0
++ || pModElf->DynInfo.cbJmpRelocs != 0
++ || pModElf->DynInfo.uJmpRelocType != 0)
++ {
++ if (pModElf->DynInfo.uPtrJmpRelocs == ~(Elf_Addr)0)
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: Missing DT_JMPREL", pszLogName);
++ if (pModElf->DynInfo.cbJmpRelocs == 0)
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: Missing DT_PLTRELSZ", pszLogName);
++ if (pModElf->DynInfo.uJmpRelocType == 0)
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: Missing DT_PLTREL", pszLogName);
++ Elf_Shdr const *pShdrRelocs = &paShdrs[pModElf->DynInfo.idxShJmpRelocs];
++ Elf_Word const uShType = pModElf->DynInfo.uJmpRelocType == DT_RELA ? SHT_RELA : SHT_REL;
++ if (pShdrRelocs->sh_type != uShType)
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT_PLTREL does not match section type: %u vs %u",
++ pszLogName, pShdrRelocs->sh_type, uShType);
++ if (pShdrRelocs->sh_size != pModElf->DynInfo.cbJmpRelocs)
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT_PLTRELSZ does not match section size: %u vs %u",
++ pszLogName, pShdrRelocs->sh_size, pModElf->DynInfo.cbJmpRelocs);
++ if (uShType != uShTypeArch)
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT_PLTREL does not match architecture: %u, arch wants %u",
++ pszLogName, uShType, uShTypeArch);
++ }
++
++ /*
++ * Check that there aren't any other relocations hiding in the section table.
++ */
++ for (uint32_t i = 1; i < pModElf->Ehdr.e_shnum; i++)
++ if ( (paShdrs[i].sh_type == SHT_REL || paShdrs[i].sh_type == SHT_RELA)
++ && pModElf->paShdrExtras[i].uDtTag != DT_REL
++ && pModElf->paShdrExtras[i].uDtTag != DT_RELA
++ && pModElf->paShdrExtras[i].uDtTag != DT_JMPREL)
++ {
++ char szSecHdrNm[80];
++ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
++ "%s: section header #%u (%s type=" FMT_ELF_WORD " size=" FMT_ELF_XWORD ") contains relocations not referenced by the dynamic section",
++ pszLogName, i,
++ RTLDRELF_NAME(GetSHdrName)(pModElf, paShdrs[i].sh_name, szSecHdrNm, sizeof(szSecHdrNm)),
++ paShdrs[i].sh_type, paShdrs[i].sh_size);
++ }
+
+ return VINF_SUCCESS;
+ }
+@@ -1866,8 +2819,9 @@ static int RTLDRELF_NAME(ValidateSection
+ * @param fFlags Reserved, MBZ.
+ * @param enmArch Architecture specifier.
+ * @param phLdrMod Where to store the handle.
++ * @param pErrInfo Where to return extended error info. Optional.
+ */
+-static int RTLDRELF_NAME(Open)(PRTLDRREADER pReader, uint32_t fFlags, RTLDRARCH enmArch, PRTLDRMOD phLdrMod)
++static int RTLDRELF_NAME(Open)(PRTLDRREADER pReader, uint32_t fFlags, RTLDRARCH enmArch, PRTLDRMOD phLdrMod, PRTERRINFO pErrInfo)
+ {
+ const char *pszLogName = pReader->pfnLogName(pReader);
+ uint64_t cbRawImage = pReader->pfnSize(pReader);
+@@ -1891,21 +2845,42 @@ static int RTLDRELF_NAME(Open)(PRTLDRREA
+ #else
+ pModElf->Core.enmArch = RTLDRARCH_AMD64;
+ #endif
+- //pModElf->pvBits = NULL;
+- //pModElf->Ehdr = {0};
+- //pModElf->paShdrs = NULL;
+- //pModElf->paSyms = NULL;
+- pModElf->iSymSh = ~0U;
+- //pModElf->cSyms = 0;
+- pModElf->iStrSh = ~0U;
+- //pModElf->cbStr = 0;
+- //pModElf->cbImage = 0;
+- //pModElf->LinkAddress = 0;
+- //pModElf->pStr = NULL;
+- //pModElf->cbShStr = 0;
+- //pModElf->pShStr = NULL;
+- //pModElf->iShEhFrame = 0;
+- //pModElf->iShEhFrameHdr = 0;
++ //pModElf->pvBits = NULL;
++ //pModElf->Ehdr = {0};
++ //pModElf->paShdrs = NULL;
++ //pModElf->Rel.paSyms = NULL;
++ pModElf->Rel.iSymSh = ~0U;
++ //pModElf->Rel.cSyms = 0;
++ pModElf->Rel.iStrSh = ~0U;
++ //pModElf->Rel.cbStr = 0;
++ //pModElf->Rel.pStr = NULL;
++ //pModElf->Dyn.paSyms = NULL;
++ pModElf->Dyn.iSymSh = ~0U;
++ //pModElf->Dyn.cSyms = 0;
++ pModElf->Dyn.iStrSh = ~0U;
++ //pModElf->Dyn.cbStr = 0;
++ //pModElf->Dyn.pStr = NULL;
++ pModElf->iFirstSect = 1;
++ //pModElf->fShdrInOrder = false;
++ //pModElf->cbImage = 0;
++ pModElf->LinkAddress = ~(Elf_Addr)0;
++ //pModElf->cbShStr = 0;
++ //pModElf->pShStr = NULL;
++ //pModElf->iShEhFrame = 0;
++ //pModElf->iShEhFrameHdr= 0;
++ pModElf->iShDynamic = ~0U;
++ //pModElf->cDynamic = 0;
++ //pModElf->paDynamic = NULL;
++ //pModElf->paPhdrs = NULL;
++ pModElf->DynInfo.uPtrRelocs = ~(Elf_Addr)0;
++ //pModElf->DynInfo.cbRelocs = 0;
++ //pModElf->DynInfo.cbRelocEntry = 0;
++ //pModElf->DynInfo.uRelocType = 0;
++ //pModElf->DynInfo.idxShRelocs = 0;
++ pModElf->DynInfo.uPtrJmpRelocs = ~(Elf_Addr)0;
++ //pModElf->DynInfo.cbJmpRelocs = 0;
++ //pModElf->DynInfo.uJmpRelocType = 0;
++ //pModElf->DynInfo.idxShJmpRelocs = 0;
+
+ /*
+ * Read and validate the ELF header and match up the CPU architecture.
+@@ -1914,7 +2889,7 @@ static int RTLDRELF_NAME(Open)(PRTLDRREA
+ if (RT_SUCCESS(rc))
+ {
+ RTLDRARCH enmArchImage = RTLDRARCH_INVALID; /* shut up gcc */
+- rc = RTLDRELF_NAME(ValidateElfHeader)(&pModElf->Ehdr, pszLogName, cbRawImage, &enmArchImage);
++ rc = RTLDRELF_NAME(ValidateElfHeader)(&pModElf->Ehdr, cbRawImage, pszLogName, &enmArchImage, pErrInfo);
+ if (RT_SUCCESS(rc))
+ {
+ if ( enmArch != RTLDRARCH_WHATEVER
+@@ -1929,7 +2904,7 @@ static int RTLDRELF_NAME(Open)(PRTLDRREA
+ * introspection methods.
+ */
+ size_t const cbShdrs = pModElf->Ehdr.e_shnum * sizeof(Elf_Shdr);
+- Elf_Shdr *paShdrs = (Elf_Shdr *)RTMemAlloc(cbShdrs * 2);
++ Elf_Shdr *paShdrs = (Elf_Shdr *)RTMemAlloc(cbShdrs * 2 + sizeof(RTLDRMODELFSHX) * pModElf->Ehdr.e_shnum);
+ if (paShdrs)
+ {
+ pModElf->paShdrs = paShdrs;
+@@ -1939,111 +2914,77 @@ static int RTLDRELF_NAME(Open)(PRTLDRREA
+ memcpy(&paShdrs[pModElf->Ehdr.e_shnum], paShdrs, cbShdrs);
+ pModElf->paOrgShdrs = &paShdrs[pModElf->Ehdr.e_shnum];
+
++ pModElf->paShdrExtras = (PRTLDRMODELFSHX)&pModElf->paOrgShdrs[pModElf->Ehdr.e_shnum];
++ memset(pModElf->paShdrExtras, 0xff, sizeof(RTLDRMODELFSHX) * pModElf->Ehdr.e_shnum);
++
+ pModElf->cbShStr = paShdrs[pModElf->Ehdr.e_shstrndx].sh_size;
+
+ /*
+ * Validate the section headers and find relevant sections.
+ */
+- Elf_Addr uNextAddr = 0;
+- for (unsigned i = 0; i < pModElf->Ehdr.e_shnum; i++)
+- {
+- rc = RTLDRELF_NAME(ValidateSectionHeader)(pModElf, i, pszLogName, cbRawImage);
+- if (RT_FAILURE(rc))
+- break;
+-
+- /* We're looking for symbol tables. */
+- if (paShdrs[i].sh_type == SHT_SYMTAB)
+- {
+- if (pModElf->iSymSh != ~0U)
+- {
+- Log(("RTLdrElf: %s: Multiple symbol tabs! iSymSh=%d i=%d\n", pszLogName, pModElf->iSymSh, i));
+- rc = VERR_LDRELF_MULTIPLE_SYMTABS;
+- break;
+- }
+- pModElf->iSymSh = i;
+- pModElf->cSyms = (unsigned)(paShdrs[i].sh_size / sizeof(Elf_Sym));
+- AssertBreakStmt(pModElf->cSyms == paShdrs[i].sh_size / sizeof(Elf_Sym), rc = VERR_IMAGE_TOO_BIG);
+- pModElf->iStrSh = paShdrs[i].sh_link;
+- pModElf->cbStr = (unsigned)paShdrs[pModElf->iStrSh].sh_size;
+- AssertBreakStmt(pModElf->cbStr == paShdrs[pModElf->iStrSh].sh_size, rc = VERR_IMAGE_TOO_BIG);
+- }
+-
+- /* Special checks for the section string table. */
+- if (i == pModElf->Ehdr.e_shstrndx)
+- {
+- if (paShdrs[i].sh_type != SHT_STRTAB)
+- {
+- Log(("RTLdrElf: Section header string table is not a SHT_STRTAB: %#x\n", paShdrs[i].sh_type));
+- rc = VERR_BAD_EXE_FORMAT;
+- break;
+- }
+- if (paShdrs[i].sh_size == 0)
+- {
+- Log(("RTLdrElf: Section header string table is empty\n"));
+- rc = VERR_BAD_EXE_FORMAT;
+- break;
+- }
+- }
++ rc = RTLDRELF_NAME(ValidateAndProcessSectionHeaders)(pModElf, paShdrs, cbRawImage, pszLogName, pErrInfo);
+
+- /* Kluge for the .data..percpu segment in 64-bit linux kernels. */
+- if (paShdrs[i].sh_flags & SHF_ALLOC)
+- {
+- if ( paShdrs[i].sh_addr == 0
+- && paShdrs[i].sh_addr < uNextAddr)
+- {
+- Elf_Addr uAddr = RT_ALIGN_T(uNextAddr, paShdrs[i].sh_addralign, Elf_Addr);
+- Log(("RTLdrElf: Out of order section #%d; adjusting sh_addr from " FMT_ELF_ADDR " to " FMT_ELF_ADDR "\n",
+- i, paShdrs[i].sh_addr, uAddr));
+- paShdrs[i].sh_addr = uAddr;
+- }
+- uNextAddr = paShdrs[i].sh_addr + paShdrs[i].sh_size;
+- }
+- } /* for each section header */
++ /*
++ * Read validate and process program headers if ET_DYN or ET_EXEC.
++ */
++ if (RT_SUCCESS(rc) && (pModElf->Ehdr.e_type == ET_DYN || pModElf->Ehdr.e_type == ET_EXEC))
++ rc = RTLDRELF_NAME(ValidateAndProcessDynamicInfo)(pModElf, cbRawImage, fFlags, pszLogName, pErrInfo);
+
+ /*
+- * Calculate the image base address if the image isn't relocatable.
++ * Massage the section headers.
+ */
+- if (RT_SUCCESS(rc) && pModElf->Ehdr.e_type != ET_REL)
++ if (RT_SUCCESS(rc))
+ {
+- pModElf->LinkAddress = ~(Elf_Addr)0;
+- for (unsigned i = 0; i < pModElf->Ehdr.e_shnum; i++)
+- if ( (paShdrs[i].sh_flags & SHF_ALLOC)
+- && paShdrs[i].sh_addr < pModElf->LinkAddress)
+- pModElf->LinkAddress = paShdrs[i].sh_addr;
+- if (pModElf->LinkAddress == ~(Elf_Addr)0)
++ if (pModElf->Ehdr.e_type == ET_REL)
+ {
+- AssertFailed();
+- rc = VERR_LDR_GENERAL_FAILURE;
+- }
+- if (pModElf->Ehdr.e_type == ET_DYN && pModElf->LinkAddress < 0x1000)
++ /* Do allocations and figure the image size: */
+ pModElf->LinkAddress = 0;
++ for (unsigned i = 1; i < pModElf->Ehdr.e_shnum; i++)
++ if (paShdrs[i].sh_flags & SHF_ALLOC)
++ {
++ paShdrs[i].sh_addr = paShdrs[i].sh_addralign
++ ? RT_ALIGN_T(pModElf->cbImage, paShdrs[i].sh_addralign, Elf_Addr)
++ : (Elf_Addr)pModElf->cbImage;
++ Elf_Addr EndAddr = paShdrs[i].sh_addr + paShdrs[i].sh_size;
++ if (pModElf->cbImage < EndAddr)
++ {
++ pModElf->cbImage = (size_t)EndAddr;
++ AssertMsgBreakStmt(pModElf->cbImage == EndAddr, (FMT_ELF_ADDR "\n", EndAddr), rc = VERR_IMAGE_TOO_BIG);
++ }
++ Log2(("RTLdrElf: %s: Assigned " FMT_ELF_ADDR " to section #%d\n", pszLogName, paShdrs[i].sh_addr, i));
++ }
++ }
++ else
++ {
++ /* Convert sh_addr to RVA: */
++ Assert(pModElf->LinkAddress != ~(Elf_Addr)0);
++ for (unsigned i = 0 /*!*/; i < pModElf->Ehdr.e_shnum; i++)
++ if (paShdrs[i].sh_flags & SHF_ALLOC)
++ paShdrs[i].sh_addr -= pModElf->LinkAddress;
++ }
+ }
+
+ /*
+- * Perform allocations / RVA calculations, determine the image size.
++ * Check if the sections are in order by address, as that will simplify
++ * enumeration and address translation.
+ */
+- if (RT_SUCCESS(rc))
+- for (unsigned i = 0; i < pModElf->Ehdr.e_shnum; i++)
+- if (paShdrs[i].sh_flags & SHF_ALLOC)
++ pModElf->fShdrInOrder = true;
++ Elf_Addr uEndAddr = 0;
++ for (unsigned i = pModElf->iFirstSect; i < pModElf->Ehdr.e_shnum; i++)
++ if (paShdrs[i].sh_flags & SHF_ALLOC)
++ {
++ if (uEndAddr <= paShdrs[i].sh_addr)
++ uEndAddr = paShdrs[i].sh_addr + paShdrs[i].sh_size;
++ else
+ {
+- if (pModElf->Ehdr.e_type == ET_REL)
+- paShdrs[i].sh_addr = paShdrs[i].sh_addralign
+- ? RT_ALIGN_T(pModElf->cbImage, paShdrs[i].sh_addralign, Elf_Addr)
+- : (Elf_Addr)pModElf->cbImage;
+- else
+- paShdrs[i].sh_addr -= pModElf->LinkAddress;
+- Elf_Addr EndAddr = paShdrs[i].sh_addr + paShdrs[i].sh_size;
+- if (pModElf->cbImage < EndAddr)
+- {
+- pModElf->cbImage = (size_t)EndAddr;
+- AssertMsgBreakStmt(pModElf->cbImage == EndAddr, (FMT_ELF_ADDR "\n", EndAddr), rc = VERR_IMAGE_TOO_BIG);
+- }
+- Log2(("RTLdrElf: %s: Assigned " FMT_ELF_ADDR " to section #%d\n", pszLogName, paShdrs[i].sh_addr, i));
++ pModElf->fShdrInOrder = false;
++ break;
+ }
++ }
+
+- Log2(("RTLdrElf: iSymSh=%u cSyms=%u iStrSh=%u cbStr=%u rc=%Rrc cbImage=%#zx LinkAddress=" FMT_ELF_ADDR "\n",
+- pModElf->iSymSh, pModElf->cSyms, pModElf->iStrSh, pModElf->cbStr, rc,
+- pModElf->cbImage, pModElf->LinkAddress));
++ Log2(("RTLdrElf: iSymSh=%u cSyms=%u iStrSh=%u cbStr=%u rc=%Rrc cbImage=%#zx LinkAddress=" FMT_ELF_ADDR " fShdrInOrder=%RTbool\n",
++ pModElf->Rel.iSymSh, pModElf->Rel.cSyms, pModElf->Rel.iStrSh, pModElf->Rel.cbStr, rc,
++ pModElf->cbImage, pModElf->LinkAddress, pModElf->fShdrInOrder));
+ if (RT_SUCCESS(rc))
+ {
+ pModElf->Core.pOps = &RTLDRELF_MID(s_rtldrElf,Ops);
+@@ -2077,6 +3018,7 @@ static int RTLDRELF_NAME(Open)(PRTLDRREA
+ #undef RTLDRELF_MID
+
+ #undef FMT_ELF_ADDR
++#undef FMT_ELF_ADDR7
+ #undef FMT_ELF_HALF
+ #undef FMT_ELF_SHALF
+ #undef FMT_ELF_OFF
+@@ -2102,6 +3044,8 @@ static int RTLDRELF_NAME(Open)(PRTLDRREA
+ #undef Elf_Size
+ #undef Elf_Sword
+ #undef Elf_Word
++#undef Elf_Xword
++#undef Elf_Sxword
+
+ #undef RTLDRMODELF
+ #undef PRTLDRMODELF
+--- a/include/iprt/memobj.h
++++ b/include/iprt/memobj.h
+@@ -127,7 +127,10 @@ RTR0DECL(int) RTR0MemObjFree(RTR0MEMOBJ
+ * @returns IPRT status code.
+ * @param pMemObj Where to store the ring-0 memory object handle.
+ * @param cb Number of bytes to allocate. This is rounded up to nearest page.
+- * @param fExecutable Flag indicating whether it should be permitted to executed code in the memory object.
++ * @param fExecutable Flag indicating whether it should be permitted to
++ * executed code in the memory object. The user must
++ * use RTR0MemObjProtect after initialization the
++ * allocation to actually make it executable.
+ */
+ #define RTR0MemObjAllocPage(pMemObj, cb, fExecutable) \
+ RTR0MemObjAllocPageTag((pMemObj), (cb), (fExecutable), RTMEM_TAG)
+@@ -140,7 +143,10 @@ RTR0DECL(int) RTR0MemObjFree(RTR0MEMOBJ
+ * @returns IPRT status code.
+ * @param pMemObj Where to store the ring-0 memory object handle.
+ * @param cb Number of bytes to allocate. This is rounded up to nearest page.
+- * @param fExecutable Flag indicating whether it should be permitted to executed code in the memory object.
++ * @param fExecutable Flag indicating whether it should be permitted to
++ * executed code in the memory object. The user must
++ * use RTR0MemObjProtect after initialization the
++ * allocation to actually make it executable.
+ * @param pszTag Allocation tag used for statistics and such.
+ */
+ RTR0DECL(int) RTR0MemObjAllocPageTag(PRTR0MEMOBJ pMemObj, size_t cb, bool fExecutable, const char *pszTag);
+@@ -154,7 +160,10 @@ RTR0DECL(int) RTR0MemObjAllocPageTag(PRT
+ * @returns IPRT status code.
+ * @param pMemObj Where to store the ring-0 memory object handle.
+ * @param cb Number of bytes to allocate. This is rounded up to nearest page.
+- * @param fExecutable Flag indicating whether it should be permitted to executed code in the memory object.
++ * @param fExecutable Flag indicating whether it should be permitted to
++ * executed code in the memory object. The user must
++ * use RTR0MemObjProtect after initialization the
++ * allocation to actually make it executable.
+ */
+ #define RTR0MemObjAllocLow(pMemObj, cb, fExecutable) \
+ RTR0MemObjAllocLowTag((pMemObj), (cb), (fExecutable), RTMEM_TAG)
+@@ -168,7 +177,10 @@ RTR0DECL(int) RTR0MemObjAllocPageTag(PRT
+ * @returns IPRT status code.
+ * @param pMemObj Where to store the ring-0 memory object handle.
+ * @param cb Number of bytes to allocate. This is rounded up to nearest page.
+- * @param fExecutable Flag indicating whether it should be permitted to executed code in the memory object.
++ * @param fExecutable Flag indicating whether it should be permitted to
++ * executed code in the memory object. The user must
++ * use RTR0MemObjProtect after initialization the
++ * allocation to actually make it executable.
+ * @param pszTag Allocation tag used for statistics and such.
+ */
+ RTR0DECL(int) RTR0MemObjAllocLowTag(PRTR0MEMOBJ pMemObj, size_t cb, bool fExecutable, const char *pszTag);
+@@ -182,7 +194,10 @@ RTR0DECL(int) RTR0MemObjAllocLowTag(PRTR
+ * @returns IPRT status code.
+ * @param pMemObj Where to store the ring-0 memory object handle.
+ * @param cb Number of bytes to allocate. This is rounded up to nearest page.
+- * @param fExecutable Flag indicating whether it should be permitted to executed code in the memory object.
++ * @param fExecutable Flag indicating whether it should be permitted to
++ * executed code in the memory object. The user must
++ * use RTR0MemObjProtect after initialization the
++ * allocation to actually make it executable.
+ */
+ #define RTR0MemObjAllocCont(pMemObj, cb, fExecutable) \
+ RTR0MemObjAllocContTag((pMemObj), (cb), (fExecutable), RTMEM_TAG)
+@@ -196,7 +211,10 @@ RTR0DECL(int) RTR0MemObjAllocLowTag(PRTR
+ * @returns IPRT status code.
+ * @param pMemObj Where to store the ring-0 memory object handle.
+ * @param cb Number of bytes to allocate. This is rounded up to nearest page.
+- * @param fExecutable Flag indicating whether it should be permitted to executed code in the memory object.
++ * @param fExecutable Flag indicating whether it should be permitted to
++ * executed code in the memory object. The user must
++ * use RTR0MemObjProtect after initialization the
++ * allocation to actually make it executable.
+ * @param pszTag Allocation tag used for statistics and such.
+ */
+ RTR0DECL(int) RTR0MemObjAllocContTag(PRTR0MEMOBJ pMemObj, size_t cb, bool fExecutable, const char *pszTag);
+--- a/src/VBox/Runtime/r0drv/linux/alloc-r0drv-linux.c
++++ b/src/VBox/Runtime/r0drv/linux/alloc-r0drv-linux.c
+@@ -38,7 +38,7 @@
+
+
+ #if (defined(RT_ARCH_AMD64) || defined(DOXYGEN_RUNNING)) && !defined(RTMEMALLOC_EXEC_HEAP)
+-# if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 23)
++# if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 23) && LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
+ /**
+ * Starting with 2.6.23 we can use __get_vm_area and map_vm_area to allocate
+ * memory in the moduel range. This is preferrable to the exec heap below.
+--- a/include/VBox/sup.h
++++ b/include/VBox/sup.h
+@@ -1553,8 +1553,11 @@ SUPR3DECL(int) SUPR3GetSymbolR0(void *pv
+ *
+ * @returns VBox status code.
+ * @deprecated Use SUPR3LoadModule(pszFilename, "VMMR0.r0", &pvImageBase)
++ * @param pszFilename Full path to the VMMR0.r0 file (silly).
++ * @param pErrInfo Where to return extended error information.
++ * Optional.
+ */
+-SUPR3DECL(int) SUPR3LoadVMM(const char *pszFilename);
++SUPR3DECL(int) SUPR3LoadVMM(const char *pszFilename, PRTERRINFO pErrInfo);
+
+ /**
+ * Unloads R0 HC VMM code.
+--- a/src/VBox/Devices/Network/testcase/tstIntNet-1.cpp
++++ b/src/VBox/Devices/Network/testcase/tstIntNet-1.cpp
+@@ -846,7 +846,7 @@ extern "C" DECLEXPORT(int) TrustedMain(i
+ return 1;
+ }
+
+- rc = SUPR3LoadVMM(szAbsPath);
++ rc = SUPR3LoadVMM(szAbsPath, NULL);
+ if (RT_FAILURE(rc))
+ {
+ RTPrintf("tstIntNet-1: SUPR3LoadVMM(\"%s\") -> %Rrc\n", szAbsPath, rc);
+--- a/src/VBox/NetworkServices/Dhcpd/VBoxNetDhcpd.cpp
++++ b/src/VBox/NetworkServices/Dhcpd/VBoxNetDhcpd.cpp
+@@ -259,7 +259,7 @@ int VBoxNetDhcpd::vmmInit()
+ if (RT_SUCCESS(rc))
+ rc = RTPathAppend(szPathVMMR0, sizeof(szPathVMMR0), "VMMR0.r0");
+ if (RT_SUCCESS(rc))
+- rc = SUPR3LoadVMM(szPathVMMR0);
++ rc = SUPR3LoadVMM(szPathVMMR0, NULL /*pErrInfo*/);
+ return rc;
+ }
+
+--- a/src/VBox/NetworkServices/NetLib/VBoxNetBaseService.cpp
++++ b/src/VBox/NetworkServices/NetLib/VBoxNetBaseService.cpp
+@@ -383,7 +383,7 @@ int VBoxNetBaseService::tryGoOnline(void
+ return rc;
+ }
+
+- rc = SUPR3LoadVMM(strcat(szPath, "/VMMR0.r0"));
++ rc = SUPR3LoadVMM(strcat(szPath, "/VMMR0.r0"), NULL);
+ if (RT_FAILURE(rc))
+ {
+ LogRel(("VBoxNetBaseService: SUPR3LoadVMM(\"%s\") -> %Rrc\n", szPath, rc));
+--- a/src/VBox/VMM/testcase/tstGlobalConfig.cpp
++++ b/src/VBox/VMM/testcase/tstGlobalConfig.cpp
+@@ -102,7 +102,7 @@ extern "C" DECLEXPORT(int) TrustedMain(i
+ return 1;
+ }
+
+- rc = SUPR3LoadVMM("./VMMR0.r0");
++ rc = SUPR3LoadVMM("./VMMR0.r0", NULL /*pErrInfo*/);
+ if (RT_SUCCESS(rc))
+ {
+ Req.pSession = pSession;
+--- a/src/VBox/HostDrivers/Support/SUPLibLdr.cpp
++++ b/src/VBox/HostDrivers/Support/SUPLibLdr.cpp
+@@ -334,6 +334,372 @@ static DECLCALLBACK(int) supLoadModuleCr
+ }
+
+
++/** Argument package for supLoadModuleCompileSegmentsCB. */
++typedef struct SUPLDRCOMPSEGTABARGS
++{
++ uint32_t uStartRva;
++ uint32_t uEndRva;
++ uint32_t fProt;
++ uint32_t iSegs;
++ uint32_t cSegsAlloc;
++ PSUPLDRSEG paSegs;
++ PRTERRINFO pErrInfo;
++} SUPLDRCOMPSEGTABARGS, *PSUPLDRCOMPSEGTABARGS;
++
++/**
++ * @callback_method_impl{FNRTLDRENUMSEGS,
++ * Compile list of segments with the same memory protection.}
++ */
++static DECLCALLBACK(int) supLoadModuleCompileSegmentsCB(RTLDRMOD hLdrMod, PCRTLDRSEG pSeg, void *pvUser)
++{
++ PSUPLDRCOMPSEGTABARGS pArgs = (PSUPLDRCOMPSEGTABARGS)pvUser;
++ AssertCompile(RTMEM_PROT_READ == SUPLDR_PROT_READ);
++ AssertCompile(RTMEM_PROT_WRITE == SUPLDR_PROT_WRITE);
++ AssertCompile(RTMEM_PROT_EXEC == SUPLDR_PROT_EXEC);
++ RT_NOREF(hLdrMod);
++
++ Log2(("supLoadModuleCompileSegmentsCB: %RTptr/%RTptr LB %RTptr/%RTptr prot %#x %s\n",
++ pSeg->LinkAddress, pSeg->RVA, pSeg->cbMapped, pSeg->cb, pSeg->fProt, pSeg->pszName));
++
++ /* Ignore segments not part of the loaded image. */
++ if (pSeg->RVA == NIL_RTLDRADDR || pSeg->cbMapped == 0)
++ {
++ Log2(("supLoadModuleCompileSegmentsCB: -> skipped\n"));
++ return VINF_SUCCESS;
++ }
++
++ /* We currently ASSUME that all relevant segments are in ascending RVA order. */
++ AssertReturn(pSeg->RVA >= pArgs->uEndRva,
++ RTERRINFO_LOG_REL_SET_F(pArgs->pErrInfo, VERR_BAD_EXE_FORMAT, "Out of order segment: %p LB %#zx #%.*s",
++ pSeg->RVA, pSeg->cb, pSeg->cchName, pSeg->pszName));
++
++ /* We ASSUME the cbMapped field is implemented. */
++ AssertReturn(pSeg->cbMapped != NIL_RTLDRADDR, VERR_INTERNAL_ERROR_2);
++ AssertReturn(pSeg->cbMapped < _1G, VERR_INTERNAL_ERROR_4);
++ uint32_t cbMapped = (uint32_t)pSeg->cbMapped;
++ AssertReturn(pSeg->RVA < _1G, VERR_INTERNAL_ERROR_3);
++ uint32_t uRvaSeg = (uint32_t)pSeg->RVA;
++
++ /*
++ * If the protection is the same as the previous segment,
++ * just update uEndRva and continue.
++ */
++ uint32_t fProt = pSeg->fProt;
++#if defined(RT_ARCH_AMD64) || defined(RT_ARCH_X86)
++ if (fProt & RTMEM_PROT_EXEC)
++ fProt |= fProt & RTMEM_PROT_READ;
++#endif
++ if (pSeg->fProt == pArgs->fProt)
++ {
++ pArgs->uEndRva = uRvaSeg + cbMapped;
++ Log2(("supLoadModuleCompileSegmentsCB: -> merged, end %#x\n", pArgs->uEndRva));
++ return VINF_SUCCESS;
++ }
++
++ /*
++ * The protection differs, so commit current segment and start a new one.
++ * However, if the new segment and old segment share a page, this becomes
++ * a little more complicated...
++ */
++ if (pArgs->uStartRva < pArgs->uEndRva)
++ {
++ if (((pArgs->uEndRva - 1) >> PAGE_SHIFT) != (uRvaSeg >> PAGE_SHIFT))
++ {
++ /* No common page, so make the new segment start on a page boundrary. */
++ cbMapped += uRvaSeg & PAGE_OFFSET_MASK;
++ uRvaSeg &= ~(uint32_t)PAGE_OFFSET_MASK;
++ Assert(pArgs->uEndRva <= uRvaSeg);
++ Log2(("supLoadModuleCompileSegmentsCB: -> new, no common\n"));
++ }
++ else if ((fProt & pArgs->fProt) == fProt)
++ {
++ /* The current segment includes the memory protections of the
++ previous, so include the common page in it: */
++ uint32_t const cbCommon = PAGE_SIZE - (uRvaSeg & PAGE_OFFSET_MASK);
++ if (cbCommon >= cbMapped)
++ {
++ pArgs->uEndRva = uRvaSeg + cbMapped;
++ Log2(("supLoadModuleCompileSegmentsCB: -> merge, %#x common, upgrading prot to %#x, end %#x\n",
++ cbCommon, pArgs->fProt, pArgs->uEndRva));
++ return VINF_SUCCESS; /* New segment was smaller than a page. */
++ }
++ cbMapped -= cbCommon;
++ uRvaSeg += cbCommon;
++ Assert(pArgs->uEndRva <= uRvaSeg);
++ Log2(("supLoadModuleCompileSegmentsCB: -> new, %#x common into previous\n", cbCommon));
++ }
++ else if ((fProt & pArgs->fProt) == pArgs->fProt)
++ {
++ /* The new segment includes the memory protections of the
++ previous, so include the common page in it: */
++ cbMapped += uRvaSeg & PAGE_OFFSET_MASK;
++ uRvaSeg &= ~(uint32_t)PAGE_OFFSET_MASK;
++ if (uRvaSeg == pArgs->uStartRva)
++ {
++ pArgs->fProt = fProt;
++ pArgs->uEndRva = uRvaSeg + cbMapped;
++ Log2(("supLoadModuleCompileSegmentsCB: -> upgrade current protection, end %#x\n", pArgs->uEndRva));
++ return VINF_SUCCESS; /* Current segment was smaller than a page. */
++ }
++ Log2(("supLoadModuleCompileSegmentsCB: -> new, %#x common into new\n", (uint32_t)(pSeg->RVA & PAGE_OFFSET_MASK)));
++ }
++ else
++ {
++ /* Create a new segment for the common page with the combined protection. */
++ Log2(("supLoadModuleCompileSegmentsCB: -> it's complicated...\n"));
++ pArgs->uEndRva &= ~(uint32_t)PAGE_OFFSET_MASK;
++ if (pArgs->uEndRva > pArgs->uStartRva)
++ {
++ Log2(("supLoadModuleCompileSegmentsCB: SUP Seg #%u: %#x LB %#x prot %#x\n",
++ pArgs->iSegs, pArgs->uStartRva, pArgs->uEndRva - pArgs->uStartRva, pArgs->fProt));
++ if (pArgs->paSegs)
++ {
++ AssertReturn(pArgs->iSegs < pArgs->cSegsAlloc, VERR_INTERNAL_ERROR_5);
++ pArgs->paSegs[pArgs->iSegs].off = pArgs->uStartRva;
++ pArgs->paSegs[pArgs->iSegs].cb = pArgs->uEndRva - pArgs->uStartRva;
++ pArgs->paSegs[pArgs->iSegs].fProt = pArgs->fProt;
++ pArgs->paSegs[pArgs->iSegs].fUnused = 0;
++ }
++ pArgs->iSegs++;
++ pArgs->uStartRva = pArgs->uEndRva;
++ }
++ pArgs->fProt |= fProt;
++
++ uint32_t const cbCommon = PAGE_SIZE - (uRvaSeg & PAGE_OFFSET_MASK);
++ if (cbCommon >= cbMapped)
++ {
++ fProt |= pArgs->fProt;
++ pArgs->uEndRva = uRvaSeg + cbMapped;
++ return VINF_SUCCESS; /* New segment was smaller than a page. */
++ }
++ cbMapped -= cbCommon;
++ uRvaSeg += cbCommon;
++ Assert(uRvaSeg - pArgs->uStartRva == PAGE_SIZE);
++ }
++
++ /* The current segment should end where the new one starts, no gaps. */
++ pArgs->uEndRva = uRvaSeg;
++
++ /* Emit the current segment */
++ Log2(("supLoadModuleCompileSegmentsCB: SUP Seg #%u: %#x LB %#x prot %#x\n",
++ pArgs->iSegs, pArgs->uStartRva, pArgs->uEndRva - pArgs->uStartRva, pArgs->fProt));
++ if (pArgs->paSegs)
++ {
++ AssertReturn(pArgs->iSegs < pArgs->cSegsAlloc, VERR_INTERNAL_ERROR_5);
++ pArgs->paSegs[pArgs->iSegs].off = pArgs->uStartRva;
++ pArgs->paSegs[pArgs->iSegs].cb = pArgs->uEndRva - pArgs->uStartRva;
++ pArgs->paSegs[pArgs->iSegs].fProt = pArgs->fProt;
++ pArgs->paSegs[pArgs->iSegs].fUnused = 0;
++ }
++ pArgs->iSegs++;
++ }
++ /* else: current segment is empty */
++
++ /* Start the new segment. */
++ Assert(!(uRvaSeg & PAGE_OFFSET_MASK));
++ pArgs->fProt = fProt;
++ pArgs->uStartRva = uRvaSeg;
++ pArgs->uEndRva = uRvaSeg + cbMapped;
++ return VINF_SUCCESS;
++}
++
++
++/**
++ * Worker for supLoadModule().
++ */
++static int supLoadModuleInner(RTLDRMOD hLdrMod, PSUPLDRLOAD pLoadReq, uint32_t cbImageWithEverything,
++ RTR0PTR uImageBase, size_t cbImage, const char *pszModule, const char *pszFilename,
++ bool fNativeLoader, bool fIsVMMR0, const char *pszSrvReqHandler,
++ uint32_t offSymTab, uint32_t cSymbols,
++ uint32_t offStrTab, size_t cbStrTab,
++ uint32_t offSegTab, uint32_t cSegments,
++ PRTERRINFO pErrInfo)
++{
++ /*
++ * Get the image bits.
++ */
++ SUPLDRRESIMPARGS Args = { pszModule, pErrInfo };
++ int rc = RTLdrGetBits(hLdrMod, &pLoadReq->u.In.abImage[0], uImageBase, supLoadModuleResolveImport, &Args);
++ if (RT_FAILURE(rc))
++ {
++ LogRel(("SUP: RTLdrGetBits failed for %s (%s). rc=%Rrc\n", pszModule, pszFilename, rc));
++ if (!RTErrInfoIsSet(pErrInfo))
++ RTErrInfoSetF(pErrInfo, rc, "RTLdrGetBits failed");
++ return rc;
++ }
++
++ /*
++ * Get the entry points.
++ */
++ RTUINTPTR VMMR0EntryFast = 0;
++ RTUINTPTR VMMR0EntryEx = 0;
++ RTUINTPTR SrvReqHandler = 0;
++ RTUINTPTR ModuleInit = 0;
++ RTUINTPTR ModuleTerm = 0;
++ const char *pszEp = NULL;
++ if (fIsVMMR0)
++ {
++ rc = RTLdrGetSymbolEx(hLdrMod, &pLoadReq->u.In.abImage[0], uImageBase,
++ UINT32_MAX, pszEp = "VMMR0EntryFast", &VMMR0EntryFast);
++ if (RT_SUCCESS(rc))
++ rc = RTLdrGetSymbolEx(hLdrMod, &pLoadReq->u.In.abImage[0], uImageBase,
++ UINT32_MAX, pszEp = "VMMR0EntryEx", &VMMR0EntryEx);
++ }
++ else if (pszSrvReqHandler)
++ rc = RTLdrGetSymbolEx(hLdrMod, &pLoadReq->u.In.abImage[0], uImageBase,
++ UINT32_MAX, pszEp = pszSrvReqHandler, &SrvReqHandler);
++ if (RT_SUCCESS(rc))
++ {
++ int rc2 = RTLdrGetSymbolEx(hLdrMod, &pLoadReq->u.In.abImage[0], uImageBase,
++ UINT32_MAX, pszEp = "ModuleInit", &ModuleInit);
++ if (RT_FAILURE(rc2))
++ ModuleInit = 0;
++
++ rc2 = RTLdrGetSymbolEx(hLdrMod, &pLoadReq->u.In.abImage[0], uImageBase,
++ UINT32_MAX, pszEp = "ModuleTerm", &ModuleTerm);
++ if (RT_FAILURE(rc2))
++ ModuleTerm = 0;
++ }
++ if (RT_FAILURE(rc))
++ {
++ LogRel(("SUP: Failed to get entry point '%s' for %s (%s) rc=%Rrc\n", pszEp, pszModule, pszFilename, rc));
++ return RTErrInfoSetF(pErrInfo, rc, "Failed to resolve entry point '%s'", pszEp);
++ }
++
++ /*
++ * Create the symbol and string tables.
++ */
++ SUPLDRCREATETABSARGS CreateArgs;
++ CreateArgs.cbImage = cbImage;
++ CreateArgs.pSym = (PSUPLDRSYM)&pLoadReq->u.In.abImage[offSymTab];
++ CreateArgs.pszBase = (char *)&pLoadReq->u.In.abImage[offStrTab];
++ CreateArgs.psz = CreateArgs.pszBase;
++ rc = RTLdrEnumSymbols(hLdrMod, 0, NULL, 0, supLoadModuleCreateTabsCB, &CreateArgs);
++ if (RT_FAILURE(rc))
++ {
++ LogRel(("SUP: RTLdrEnumSymbols failed for %s (%s) rc=%Rrc\n", pszModule, pszFilename, rc));
++ return RTErrInfoSetF(pErrInfo, rc, "RTLdrEnumSymbols #2 failed");
++ }
++ AssertRelease((size_t)(CreateArgs.psz - CreateArgs.pszBase) <= cbStrTab);
++ AssertRelease((size_t)(CreateArgs.pSym - (PSUPLDRSYM)&pLoadReq->u.In.abImage[offSymTab]) <= cSymbols);
++
++ /*
++ * Create the segment table.
++ */
++ SUPLDRCOMPSEGTABARGS SegArgs;
++ SegArgs.uStartRva = 0;
++ SegArgs.uEndRva = 0;
++ SegArgs.fProt = RTMEM_PROT_READ;
++ SegArgs.iSegs = 0;
++ SegArgs.cSegsAlloc = cSegments;
++ SegArgs.paSegs = (PSUPLDRSEG)&pLoadReq->u.In.abImage[offSegTab];
++ SegArgs.pErrInfo = pErrInfo;
++ rc = RTLdrEnumSegments(hLdrMod, supLoadModuleCompileSegmentsCB, &SegArgs);
++ if (RT_FAILURE(rc))
++ {
++ LogRel(("SUP: RTLdrEnumSegments failed for %s (%s) rc=%Rrc\n", pszModule, pszFilename, rc));
++ return RTErrInfoSetF(pErrInfo, rc, "RTLdrEnumSegments #2 failed");
++ }
++ SegArgs.uEndRva = (uint32_t)cbImage;
++ AssertReturn(SegArgs.uEndRva == cbImage, VERR_OUT_OF_RANGE);
++ if (SegArgs.uEndRva > SegArgs.uStartRva)
++ {
++ SegArgs.paSegs[SegArgs.iSegs].off = SegArgs.uStartRva;
++ SegArgs.paSegs[SegArgs.iSegs].cb = SegArgs.uEndRva - SegArgs.uStartRva;
++ SegArgs.paSegs[SegArgs.iSegs].fProt = SegArgs.fProt;
++ SegArgs.paSegs[SegArgs.iSegs].fUnused = 0;
++ SegArgs.iSegs++;
++ }
++ for (uint32_t i = 0; i < SegArgs.iSegs; i++)
++ LogRel(("SUP: seg #%u: %c%c%c %#010RX32 LB %#010RX32\n", i, /** @todo LogRel2 */
++ SegArgs.paSegs[i].fProt & SUPLDR_PROT_READ ? 'R' : ' ',
++ SegArgs.paSegs[i].fProt & SUPLDR_PROT_WRITE ? 'W' : ' ',
++ SegArgs.paSegs[i].fProt & SUPLDR_PROT_EXEC ? 'X' : ' ',
++ SegArgs.paSegs[i].off, SegArgs.paSegs[i].cb));
++ AssertRelease(SegArgs.iSegs == cSegments);
++ AssertRelease(SegArgs.cSegsAlloc == cSegments);
++
++ /*
++ * Upload the image.
++ */
++ pLoadReq->Hdr.u32Cookie = g_u32Cookie;
++ pLoadReq->Hdr.u32SessionCookie = g_u32SessionCookie;
++ pLoadReq->Hdr.cbIn = SUP_IOCTL_LDR_LOAD_SIZE_IN(cbImageWithEverything);
++ pLoadReq->Hdr.cbOut = SUP_IOCTL_LDR_LOAD_SIZE_OUT;
++ pLoadReq->Hdr.fFlags = SUPREQHDR_FLAGS_MAGIC | SUPREQHDR_FLAGS_EXTRA_IN;
++ pLoadReq->Hdr.rc = VERR_INTERNAL_ERROR;
++
++ pLoadReq->u.In.pfnModuleInit = (RTR0PTR)ModuleInit;
++ pLoadReq->u.In.pfnModuleTerm = (RTR0PTR)ModuleTerm;
++ if (fIsVMMR0)
++ {
++ pLoadReq->u.In.eEPType = SUPLDRLOADEP_VMMR0;
++ pLoadReq->u.In.EP.VMMR0.pvVMMR0 = uImageBase;
++ pLoadReq->u.In.EP.VMMR0.pvVMMR0EntryFast= (RTR0PTR)VMMR0EntryFast;
++ pLoadReq->u.In.EP.VMMR0.pvVMMR0EntryEx = (RTR0PTR)VMMR0EntryEx;
++ }
++ else if (pszSrvReqHandler)
++ {
++ pLoadReq->u.In.eEPType = SUPLDRLOADEP_SERVICE;
++ pLoadReq->u.In.EP.Service.pfnServiceReq = (RTR0PTR)SrvReqHandler;
++ pLoadReq->u.In.EP.Service.apvReserved[0] = NIL_RTR0PTR;
++ pLoadReq->u.In.EP.Service.apvReserved[1] = NIL_RTR0PTR;
++ pLoadReq->u.In.EP.Service.apvReserved[2] = NIL_RTR0PTR;
++ }
++ else
++ pLoadReq->u.In.eEPType = SUPLDRLOADEP_NOTHING;
++ pLoadReq->u.In.offStrTab = offStrTab;
++ pLoadReq->u.In.cbStrTab = (uint32_t)cbStrTab;
++ AssertRelease(pLoadReq->u.In.cbStrTab == cbStrTab);
++ pLoadReq->u.In.cbImageBits = (uint32_t)cbImage;
++ pLoadReq->u.In.offSymbols = offSymTab;
++ pLoadReq->u.In.cSymbols = cSymbols;
++ pLoadReq->u.In.offSegments = offSegTab;
++ pLoadReq->u.In.cSegments = cSegments;
++ pLoadReq->u.In.cbImageWithEverything = cbImageWithEverything;
++ pLoadReq->u.In.pvImageBase = uImageBase;
++ if (!g_uSupFakeMode)
++ {
++ rc = suplibOsIOCtl(&g_supLibData, SUP_IOCTL_LDR_LOAD, pLoadReq, SUP_IOCTL_LDR_LOAD_SIZE(cbImageWithEverything));
++ if (RT_SUCCESS(rc))
++ rc = pLoadReq->Hdr.rc;
++ else
++ LogRel(("SUP: SUP_IOCTL_LDR_LOAD ioctl for %s (%s) failed rc=%Rrc\n", pszModule, pszFilename, rc));
++ }
++ else
++ rc = VINF_SUCCESS;
++ if ( RT_SUCCESS(rc)
++ || rc == VERR_ALREADY_LOADED /* A competing process. */
++ )
++ {
++ LogRel(("SUP: Loaded %s (%s) at %#RKv - ModuleInit at %RKv and ModuleTerm at %RKv%s\n",
++ pszModule, pszFilename, uImageBase, (RTR0PTR)ModuleInit, (RTR0PTR)ModuleTerm,
++ fNativeLoader ? " using the native ring-0 loader" : ""));
++ if (fIsVMMR0)
++ {
++ g_pvVMMR0 = uImageBase;
++ LogRel(("SUP: VMMR0EntryEx located at %RKv and VMMR0EntryFast at %RKv\n", (RTR0PTR)VMMR0EntryEx, (RTR0PTR)VMMR0EntryFast));
++ }
++#ifdef RT_OS_WINDOWS
++ LogRel(("SUP: windbg> .reload /f %s=%#RKv\n", pszFilename, uImageBase));
++#endif
++ return VINF_SUCCESS;
++ }
++
++ /*
++ * Failed, bail out.
++ */
++ LogRel(("SUP: Loading failed for %s (%s) rc=%Rrc\n", pszModule, pszFilename, rc));
++ if ( pLoadReq->u.Out.uErrorMagic == SUPLDRLOAD_ERROR_MAGIC
++ && pLoadReq->u.Out.szError[0] != '\0')
++ {
++ LogRel(("SUP: %s\n", pLoadReq->u.Out.szError));
++ return RTErrInfoSet(pErrInfo, rc, pLoadReq->u.Out.szError);
++ }
++ return RTErrInfoSet(pErrInfo, rc, "SUP_IOCTL_LDR_LOAD failed");
++}
++
++
+ /**
+ * Worker for SUPR3LoadModule().
+ *
+@@ -356,6 +722,7 @@ static int supLoadModule(const char *psz
+ AssertPtrReturn(pszFilename, VERR_INVALID_PARAMETER);
+ AssertPtrReturn(pszModule, VERR_INVALID_PARAMETER);
+ AssertPtrReturn(ppvImageBase, VERR_INVALID_PARAMETER);
++ /** @todo abspath it right into SUPLDROPEN */
+ AssertReturn(strlen(pszModule) < RT_SIZEOFMEMB(SUPLDROPEN, u.In.szName), VERR_FILENAME_TOO_LONG);
+ char szAbsFilename[RT_SIZEOFMEMB(SUPLDROPEN, u.In.szFilename)];
+ rc = RTPathAbs(pszFilename, szAbsFilename, sizeof(szAbsFilename));
+@@ -371,8 +738,8 @@ static int supLoadModule(const char *psz
+ * Open image file and figure its size.
+ */
+ RTLDRMOD hLdrMod;
+- rc = RTLdrOpen(pszFilename, 0, RTLDRARCH_HOST, &hLdrMod);
+- if (!RT_SUCCESS(rc))
++ rc = RTLdrOpenEx(pszFilename, 0 /*fFlags*/, RTLDRARCH_HOST, &hLdrMod, pErrInfo);
++ if (RT_FAILURE(rc))
+ {
+ LogRel(("SUP: RTLdrOpen failed for %s (%s) %Rrc\n", pszModule, pszFilename, rc));
+ return rc;
+@@ -385,230 +752,109 @@ static int supLoadModule(const char *psz
+ rc = RTLdrEnumSymbols(hLdrMod, 0, NULL, 0, supLoadModuleCalcSizeCB, &CalcArgs);
+ if (RT_SUCCESS(rc))
+ {
+- const uint32_t offSymTab = RT_ALIGN_32(CalcArgs.cbImage, 8);
+- const uint32_t offStrTab = offSymTab + CalcArgs.cSymbols * sizeof(SUPLDRSYM);
+- const uint32_t cbImageWithTabs = RT_ALIGN_32(offStrTab + CalcArgs.cbStrings, 8);
+-
+ /*
+- * Open the R0 image.
++ * Figure out the number of segments needed first.
+ */
+- SUPLDROPEN OpenReq;
+- OpenReq.Hdr.u32Cookie = g_u32Cookie;
+- OpenReq.Hdr.u32SessionCookie = g_u32SessionCookie;
+- OpenReq.Hdr.cbIn = SUP_IOCTL_LDR_OPEN_SIZE_IN;
+- OpenReq.Hdr.cbOut = SUP_IOCTL_LDR_OPEN_SIZE_OUT;
+- OpenReq.Hdr.fFlags = SUPREQHDR_FLAGS_DEFAULT;
+- OpenReq.Hdr.rc = VERR_INTERNAL_ERROR;
+- OpenReq.u.In.cbImageWithTabs = cbImageWithTabs;
+- OpenReq.u.In.cbImageBits = (uint32_t)CalcArgs.cbImage;
+- strcpy(OpenReq.u.In.szName, pszModule);
+- strcpy(OpenReq.u.In.szFilename, pszFilename);
+- if (!g_uSupFakeMode)
+- {
+- rc = suplibOsIOCtl(&g_supLibData, SUP_IOCTL_LDR_OPEN, &OpenReq, SUP_IOCTL_LDR_OPEN_SIZE);
+- if (RT_SUCCESS(rc))
+- rc = OpenReq.Hdr.rc;
+- }
+- else
+- {
+- OpenReq.u.Out.fNeedsLoading = true;
+- OpenReq.u.Out.pvImageBase = 0xef423420;
+- }
+- *ppvImageBase = (void *)OpenReq.u.Out.pvImageBase;
+- if ( RT_SUCCESS(rc)
+- && OpenReq.u.Out.fNeedsLoading)
++ SUPLDRCOMPSEGTABARGS SegArgs;
++ SegArgs.uStartRva = 0;
++ SegArgs.uEndRva = 0;
++ SegArgs.fProt = RTMEM_PROT_READ;
++ SegArgs.iSegs = 0;
++ SegArgs.cSegsAlloc = 0;
++ SegArgs.paSegs = NULL;
++ SegArgs.pErrInfo = pErrInfo;
++ rc = RTLdrEnumSegments(hLdrMod, supLoadModuleCompileSegmentsCB, &SegArgs);
++ if (RT_SUCCESS(rc))
+ {
++ Assert(SegArgs.uEndRva <= RTLdrSize(hLdrMod));
++ SegArgs.uEndRva = (uint32_t)CalcArgs.cbImage; /* overflow is checked later */
++ if (SegArgs.uEndRva > SegArgs.uStartRva)
++ {
++ Log2(("supLoadModule: SUP Seg #%u: %#x LB %#x prot %#x\n",
++ SegArgs.iSegs, SegArgs.uStartRva, SegArgs.uEndRva - SegArgs.uStartRva, SegArgs.fProt));
++ SegArgs.iSegs++;
++ }
++
++ const uint32_t offSymTab = RT_ALIGN_32(CalcArgs.cbImage, 8);
++ const uint32_t offStrTab = offSymTab + CalcArgs.cSymbols * sizeof(SUPLDRSYM);
++ const uint32_t offSegTab = RT_ALIGN_32(offStrTab + CalcArgs.cbStrings, 8);
++ const uint32_t cbImageWithEverything = RT_ALIGN_32(offSegTab + sizeof(SUPLDRSEG) * SegArgs.iSegs, 8);
++
+ /*
+- * We need to load it.
+- * Allocate memory for the image bits.
++ * Open the R0 image.
+ */
+- PSUPLDRLOAD pLoadReq = (PSUPLDRLOAD)RTMemTmpAlloc(SUP_IOCTL_LDR_LOAD_SIZE(cbImageWithTabs));
+- if (pLoadReq)
++ SUPLDROPEN OpenReq;
++ OpenReq.Hdr.u32Cookie = g_u32Cookie;
++ OpenReq.Hdr.u32SessionCookie = g_u32SessionCookie;
++ OpenReq.Hdr.cbIn = SUP_IOCTL_LDR_OPEN_SIZE_IN;
++ OpenReq.Hdr.cbOut = SUP_IOCTL_LDR_OPEN_SIZE_OUT;
++ OpenReq.Hdr.fFlags = SUPREQHDR_FLAGS_DEFAULT;
++ OpenReq.Hdr.rc = VERR_INTERNAL_ERROR;
++ OpenReq.u.In.cbImageWithEverything = cbImageWithEverything;
++ OpenReq.u.In.cbImageBits = (uint32_t)CalcArgs.cbImage;
++ strcpy(OpenReq.u.In.szName, pszModule);
++ strcpy(OpenReq.u.In.szFilename, pszFilename);
++ if (!g_uSupFakeMode)
++ {
++ rc = suplibOsIOCtl(&g_supLibData, SUP_IOCTL_LDR_OPEN, &OpenReq, SUP_IOCTL_LDR_OPEN_SIZE);
++ if (RT_SUCCESS(rc))
++ rc = OpenReq.Hdr.rc;
++ }
++ else
++ {
++ OpenReq.u.Out.fNeedsLoading = true;
++ OpenReq.u.Out.pvImageBase = 0xef423420;
++ }
++ *ppvImageBase = (void *)OpenReq.u.Out.pvImageBase;
++ if ( RT_SUCCESS(rc)
++ && OpenReq.u.Out.fNeedsLoading)
+ {
+ /*
+- * Get the image bits.
++ * We need to load it.
++ *
++ * Allocate the request and pass it to an inner work function
++ * that populates it and sends it off to the driver.
+ */
+-
+- SUPLDRRESIMPARGS Args = { pszModule, pErrInfo };
+- rc = RTLdrGetBits(hLdrMod, &pLoadReq->u.In.abImage[0], (uintptr_t)OpenReq.u.Out.pvImageBase,
+- supLoadModuleResolveImport, &Args);
+-
+- if (RT_SUCCESS(rc))
++ const uint32_t cbLoadReq = SUP_IOCTL_LDR_LOAD_SIZE(cbImageWithEverything);
++ PSUPLDRLOAD pLoadReq = (PSUPLDRLOAD)RTMemTmpAlloc(cbLoadReq);
++ if (pLoadReq)
+ {
+- /*
+- * Get the entry points.
+- */
+- RTUINTPTR VMMR0EntryFast = 0;
+- RTUINTPTR VMMR0EntryEx = 0;
+- RTUINTPTR SrvReqHandler = 0;
+- RTUINTPTR ModuleInit = 0;
+- RTUINTPTR ModuleTerm = 0;
+- const char *pszEp = NULL;
+- if (fIsVMMR0)
+- {
+- rc = RTLdrGetSymbolEx(hLdrMod, &pLoadReq->u.In.abImage[0], (uintptr_t)OpenReq.u.Out.pvImageBase,
+- UINT32_MAX, pszEp = "VMMR0EntryFast", &VMMR0EntryFast);
+- if (RT_SUCCESS(rc))
+- rc = RTLdrGetSymbolEx(hLdrMod, &pLoadReq->u.In.abImage[0], (uintptr_t)OpenReq.u.Out.pvImageBase,
+- UINT32_MAX, pszEp = "VMMR0EntryEx", &VMMR0EntryEx);
+- }
+- else if (pszSrvReqHandler)
+- rc = RTLdrGetSymbolEx(hLdrMod, &pLoadReq->u.In.abImage[0], (uintptr_t)OpenReq.u.Out.pvImageBase,
+- UINT32_MAX, pszEp = pszSrvReqHandler, &SrvReqHandler);
+- if (RT_SUCCESS(rc))
+- {
+- int rc2 = RTLdrGetSymbolEx(hLdrMod, &pLoadReq->u.In.abImage[0], (uintptr_t)OpenReq.u.Out.pvImageBase,
+- UINT32_MAX, pszEp = "ModuleInit", &ModuleInit);
+- if (RT_FAILURE(rc2))
+- ModuleInit = 0;
+-
+- rc2 = RTLdrGetSymbolEx(hLdrMod, &pLoadReq->u.In.abImage[0], (uintptr_t)OpenReq.u.Out.pvImageBase,
+- UINT32_MAX, pszEp = "ModuleTerm", &ModuleTerm);
+- if (RT_FAILURE(rc2))
+- ModuleTerm = 0;
+- }
+- if (RT_SUCCESS(rc))
+- {
+- /*
+- * Create the symbol and string tables.
+- */
+- SUPLDRCREATETABSARGS CreateArgs;
+- CreateArgs.cbImage = CalcArgs.cbImage;
+- CreateArgs.pSym = (PSUPLDRSYM)&pLoadReq->u.In.abImage[offSymTab];
+- CreateArgs.pszBase = (char *)&pLoadReq->u.In.abImage[offStrTab];
+- CreateArgs.psz = CreateArgs.pszBase;
+- rc = RTLdrEnumSymbols(hLdrMod, 0, NULL, 0, supLoadModuleCreateTabsCB, &CreateArgs);
+- if (RT_SUCCESS(rc))
+- {
+- AssertRelease((size_t)(CreateArgs.psz - CreateArgs.pszBase) <= CalcArgs.cbStrings);
+- AssertRelease((size_t)(CreateArgs.pSym - (PSUPLDRSYM)&pLoadReq->u.In.abImage[offSymTab]) <= CalcArgs.cSymbols);
+-
+- /*
+- * Upload the image.
+- */
+- pLoadReq->Hdr.u32Cookie = g_u32Cookie;
+- pLoadReq->Hdr.u32SessionCookie = g_u32SessionCookie;
+- pLoadReq->Hdr.cbIn = SUP_IOCTL_LDR_LOAD_SIZE_IN(cbImageWithTabs);
+- pLoadReq->Hdr.cbOut = SUP_IOCTL_LDR_LOAD_SIZE_OUT;
+- pLoadReq->Hdr.fFlags = SUPREQHDR_FLAGS_MAGIC | SUPREQHDR_FLAGS_EXTRA_IN;
+- pLoadReq->Hdr.rc = VERR_INTERNAL_ERROR;
+-
+- pLoadReq->u.In.pfnModuleInit = (RTR0PTR)ModuleInit;
+- pLoadReq->u.In.pfnModuleTerm = (RTR0PTR)ModuleTerm;
+- if (fIsVMMR0)
+- {
+- pLoadReq->u.In.eEPType = SUPLDRLOADEP_VMMR0;
+- pLoadReq->u.In.EP.VMMR0.pvVMMR0 = OpenReq.u.Out.pvImageBase;
+- pLoadReq->u.In.EP.VMMR0.pvVMMR0EntryFast= (RTR0PTR)VMMR0EntryFast;
+- pLoadReq->u.In.EP.VMMR0.pvVMMR0EntryEx = (RTR0PTR)VMMR0EntryEx;
+- }
+- else if (pszSrvReqHandler)
+- {
+- pLoadReq->u.In.eEPType = SUPLDRLOADEP_SERVICE;
+- pLoadReq->u.In.EP.Service.pfnServiceReq = (RTR0PTR)SrvReqHandler;
+- pLoadReq->u.In.EP.Service.apvReserved[0] = NIL_RTR0PTR;
+- pLoadReq->u.In.EP.Service.apvReserved[1] = NIL_RTR0PTR;
+- pLoadReq->u.In.EP.Service.apvReserved[2] = NIL_RTR0PTR;
+- }
+- else
+- pLoadReq->u.In.eEPType = SUPLDRLOADEP_NOTHING;
+- pLoadReq->u.In.offStrTab = offStrTab;
+- pLoadReq->u.In.cbStrTab = (uint32_t)CalcArgs.cbStrings;
+- AssertRelease(pLoadReq->u.In.cbStrTab == CalcArgs.cbStrings);
+- pLoadReq->u.In.cbImageBits = (uint32_t)CalcArgs.cbImage;
+- pLoadReq->u.In.offSymbols = offSymTab;
+- pLoadReq->u.In.cSymbols = CalcArgs.cSymbols;
+- pLoadReq->u.In.cbImageWithTabs = cbImageWithTabs;
+- pLoadReq->u.In.pvImageBase = OpenReq.u.Out.pvImageBase;
+- if (!g_uSupFakeMode)
+- {
+- rc = suplibOsIOCtl(&g_supLibData, SUP_IOCTL_LDR_LOAD, pLoadReq, SUP_IOCTL_LDR_LOAD_SIZE(cbImageWithTabs));
+- if (RT_SUCCESS(rc))
+- rc = pLoadReq->Hdr.rc;
+- else
+- LogRel(("SUP: SUP_IOCTL_LDR_LOAD ioctl for %s (%s) failed rc=%Rrc\n", pszModule, pszFilename, rc));
+- }
+- else
+- rc = VINF_SUCCESS;
+- if ( RT_SUCCESS(rc)
+- || rc == VERR_ALREADY_LOADED /* A competing process. */
+- )
+- {
+- LogRel(("SUP: Loaded %s (%s) at %#RKv - ModuleInit at %RKv and ModuleTerm at %RKv%s\n",
+- pszModule, pszFilename, OpenReq.u.Out.pvImageBase, (RTR0PTR)ModuleInit, (RTR0PTR)ModuleTerm,
+- OpenReq.u.Out.fNativeLoader ? " using the native ring-0 loader" : ""));
+- if (fIsVMMR0)
+- {
+- g_pvVMMR0 = OpenReq.u.Out.pvImageBase;
+- LogRel(("SUP: VMMR0EntryEx located at %RKv and VMMR0EntryFast at %RKv\n", (RTR0PTR)VMMR0EntryEx, (RTR0PTR)VMMR0EntryFast));
+- }
+-#ifdef RT_OS_WINDOWS
+- LogRel(("SUP: windbg> .reload /f %s=%#RKv\n", pszFilename, OpenReq.u.Out.pvImageBase));
+-#endif
+-
+- RTMemTmpFree(pLoadReq);
+- RTLdrClose(hLdrMod);
+- return VINF_SUCCESS;
+- }
+-
+- /*
+- * Failed, bail out.
+- */
+- LogRel(("SUP: Loading failed for %s (%s) rc=%Rrc\n", pszModule, pszFilename, rc));
+- if ( pLoadReq->u.Out.uErrorMagic == SUPLDRLOAD_ERROR_MAGIC
+- && pLoadReq->u.Out.szError[0] != '\0')
+- {
+- LogRel(("SUP: %s\n", pLoadReq->u.Out.szError));
+- RTErrInfoSet(pErrInfo, rc, pLoadReq->u.Out.szError);
+- }
+- else
+- RTErrInfoSet(pErrInfo, rc, "SUP_IOCTL_LDR_LOAD failed");
+- }
+- else
+- {
+- LogRel(("SUP: RTLdrEnumSymbols failed for %s (%s) rc=%Rrc\n", pszModule, pszFilename, rc));
+- RTErrInfoSetF(pErrInfo, rc, "RTLdrEnumSymbols #2 failed");
+- }
+- }
+- else
+- {
+- LogRel(("SUP: Failed to get entry point '%s' for %s (%s) rc=%Rrc\n", pszEp, pszModule, pszFilename, rc));
+- RTErrInfoSetF(pErrInfo, rc, "Failed to resolve entry point '%s'", pszEp);
+- }
++ rc = supLoadModuleInner(hLdrMod, pLoadReq, cbImageWithEverything, OpenReq.u.Out.pvImageBase, CalcArgs.cbImage,
++ pszModule, pszFilename, OpenReq.u.Out.fNativeLoader, fIsVMMR0, pszSrvReqHandler,
++ offSymTab, CalcArgs.cSymbols,
++ offStrTab, CalcArgs.cbStrings,
++ offSegTab, SegArgs.iSegs,
++ pErrInfo);
++ RTMemTmpFree(pLoadReq);
+ }
+ else
+ {
+- LogRel(("SUP: RTLdrGetBits failed for %s (%s). rc=%Rrc\n", pszModule, pszFilename, rc));
+- if (!RTErrInfoIsSet(pErrInfo))
+- RTErrInfoSetF(pErrInfo, rc, "RTLdrGetBits failed");
++ AssertMsgFailed(("failed to allocated %u bytes for SUPLDRLOAD_IN structure!\n", SUP_IOCTL_LDR_LOAD_SIZE(cbImageWithEverything)));
++ rc = RTErrInfoSetF(pErrInfo, VERR_NO_TMP_MEMORY, "Failed to allocate %u bytes for the load request",
++ SUP_IOCTL_LDR_LOAD_SIZE(cbImageWithEverything));
+ }
+- RTMemTmpFree(pLoadReq);
+ }
+- else
++ /*
++ * Already loaded?
++ */
++ else if (RT_SUCCESS(rc))
+ {
+- AssertMsgFailed(("failed to allocated %u bytes for SUPLDRLOAD_IN structure!\n", SUP_IOCTL_LDR_LOAD_SIZE(cbImageWithTabs)));
+- rc = VERR_NO_TMP_MEMORY;
+- RTErrInfoSetF(pErrInfo, rc, "Failed to allocate %u bytes for the load request", SUP_IOCTL_LDR_LOAD_SIZE(cbImageWithTabs));
+- }
+- }
+- /*
+- * Already loaded?
+- */
+- else if (RT_SUCCESS(rc))
+- {
+- if (fIsVMMR0)
+- g_pvVMMR0 = OpenReq.u.Out.pvImageBase;
+- LogRel(("SUP: Opened %s (%s) at %#RKv%s.\n", pszModule, pszFilename, OpenReq.u.Out.pvImageBase,
+- OpenReq.u.Out.fNativeLoader ? " loaded by the native ring-0 loader" : ""));
++ if (fIsVMMR0)
++ g_pvVMMR0 = OpenReq.u.Out.pvImageBase;
++ LogRel(("SUP: Opened %s (%s) at %#RKv%s.\n", pszModule, pszFilename, OpenReq.u.Out.pvImageBase,
++ OpenReq.u.Out.fNativeLoader ? " loaded by the native ring-0 loader" : ""));
+ #ifdef RT_OS_WINDOWS
+- LogRel(("SUP: windbg> .reload /f %s=%#RKv\n", pszFilename, OpenReq.u.Out.pvImageBase));
++ LogRel(("SUP: windbg> .reload /f %s=%#RKv\n", pszFilename, OpenReq.u.Out.pvImageBase));
+ #endif
++ }
++ /*
++ * No, failed.
++ */
++ else
++ RTErrInfoSet(pErrInfo, rc, "SUP_IOCTL_LDR_OPEN failed");
+ }
+- /*
+- * No, failed.
+- */
+- else
+- RTErrInfoSet(pErrInfo, rc, "SUP_IOCTL_LDR_OPEN failed");
++ else if (!RTErrInfoIsSet(pErrInfo) && pErrInfo)
++ RTErrInfoSetF(pErrInfo, rc, "RTLdrEnumSegments #1 failed");
+ }
+ else
+ RTErrInfoSetF(pErrInfo, rc, "RTLdrEnumSymbols #1 failed");
+@@ -682,10 +928,10 @@ SUPR3DECL(int) SUPR3GetSymbolR0(void *pv
+ }
+
+
+-SUPR3DECL(int) SUPR3LoadVMM(const char *pszFilename)
++SUPR3DECL(int) SUPR3LoadVMM(const char *pszFilename, PRTERRINFO pErrInfo)
+ {
+ void *pvImageBase;
+- return SUPR3LoadModule(pszFilename, "VMMR0.r0", &pvImageBase, NULL /*pErrInfo*/);
++ return SUPR3LoadModule(pszFilename, "VMMR0.r0", &pvImageBase, pErrInfo);
+ }
+
+
+--- a/src/VBox/HostDrivers/Support/testcase/tstInt.cpp
++++ b/src/VBox/HostDrivers/Support/testcase/tstInt.cpp
+@@ -76,7 +76,8 @@ int main(int argc, char **argv)
+ /*
+ * Load VMM code.
+ */
+- rc = SUPR3LoadVMM(szAbsFile);
++ RTERRINFOSTATIC ErrInfo;
++ rc = SUPR3LoadVMM(szAbsFile, RTErrInfoInitStatic(&ErrInfo));
+ if (RT_SUCCESS(rc))
+ {
+ /*
+@@ -208,7 +209,7 @@ int main(int argc, char **argv)
+ }
+ else
+ {
+- RTPrintf("tstInt: SUPR3LoadVMM failed with rc=%Rrc\n", rc);
++ RTPrintf("tstInt: SUPR3LoadVMM failed with rc=%Rrc%#RTeim\n", rc, &ErrInfo.Core);
+ rcRet++;
+ }
+
+--- a/src/VBox/Devices/Makefile.kmk
++++ b/src/VBox/Devices/Makefile.kmk
+@@ -52,7 +52,7 @@ if !defined(VBOX_ONLY_EXTPACKS)
+ if1of ($(KBUILD_TARGET_ARCH), $(VBOX_SUPPORTED_HOST_ARCHS))
+ LIBRARIES += ServicesR0
+ DLLS += VBoxDDU VBoxDD VBoxDD2
+- SYSMODS += VBoxDDR0
++ $(if-expr defined(VBOX_WITH_VBOXR0_AS_DLL),DLLS,SYSMODS) += VBoxDDR0
+ ifdef VBOX_WITH_RAW_MODE
+ SYSMODS += VBoxDDRC
+ endif
+@@ -1370,7 +1370,7 @@ if defined(VBOX_WITH_EXTPACK) && defined
+ USB/DevXHCI.cpp
+ $(call VBOX_SET_VER_INFO_DLL,VBoxEhciR3,PUEL Extension Pack - EHCI Device)
+
+- SYSMODS += VBoxEhciR0
++ $(if-expr defined(VBOX_WITH_VBOXR0_AS_DLL),DLLS,SYSMODS) += VBoxEhciR0
+ VBoxEhciR0_TEMPLATE = VBoxR0ExtPackPuel
+ VBoxEhciR0_SOURCES = \
+ USB/DevEHCI.cpp \
+@@ -1406,7 +1406,7 @@ if defined(VBOX_WITH_EXTPACK) && defined
+ VBoxPciRawDrv_SOURCES = Bus/DrvPciRaw.cpp
+ $(call VBOX_SET_VER_INFO_DLL,VBoxPciRawDrv,PUEL Extension Pack - PCI Passthrough Driver)
+
+- SYSMODS += VBoxPciRawR0
++ $(if-expr defined(VBOX_WITH_VBOXR0_AS_DLL),DLLS,SYSMODS) += VBoxPciRawR0
+ VBoxPciRawR0_TEMPLATE = VBoxR0ExtPackPuel
+ VBoxPciRawR0_SOURCES = Bus/DevPciRaw.cpp
+ $(call VBOX_SET_VER_INFO_R0,VBoxPciRawR0,PUEL Extension Pack - PCI Passthrough Driver$(COMMA) ring-0)
+@@ -1424,7 +1424,7 @@ if defined(VBOX_WITH_EXTPACK) && defined
+ Storage/DevNVMe.cpp
+ $(call VBOX_SET_VER_INFO_DLL,VBoxNvmeR3,PUEL Extension Pack - NVMe Device)
+
+- SYSMODS += VBoxNvmeR0
++ $(if-expr defined(VBOX_WITH_VBOXR0_AS_DLL),DLLS,SYSMODS) += VBoxNvmeR0
+ VBoxNvmeR0_TEMPLATE = VBoxR0ExtPackPuel
+ VBoxNvmeR0_SOURCES = \
+ Storage/DevNVMe.cpp
+--- a/src/VBox/ExtPacks/VBoxDTrace/Makefile.kmk
++++ b/src/VBox/ExtPacks/VBoxDTrace/Makefile.kmk
+@@ -242,7 +242,7 @@ if defined(VBOX_WITH_EXTPACK_VBOXDTRACE)
+ # The ring-0 part of VBoxDTrace.
+ #
+ ifneq ($(KBUILD_TARGET),solaris) # disabled on solaris - neiter needed nor currently able to build it here.
+- SYSMODS += VBoxDTraceR0
++ $(if-expr defined(VBOX_WITH_VBOXR0_AS_DLL),DLLS,SYSMODS) += VBoxDTraceR0
+ endif
+ VBoxDTraceR0_TEMPLATE = VBoxR0ExtPackDTrace
+ VBoxDTraceR0_DEFS = IN_VBOXDTRACE_R0 IN_RT_R0
+--- a/src/VBox/ExtPacks/BusMouseSample/Makefile.kmk
++++ b/src/VBox/ExtPacks/BusMouseSample/Makefile.kmk
+@@ -83,7 +83,7 @@ DLLS += VBoxBusMouseR3
+ VBoxBusMouseR3_TEMPLATE = VBoxR3ExtPackBusMouse
+ VBoxBusMouseR3_SOURCES = DevBusMouse.cpp
+
+-SYSMODS += VBoxBusMouseR0
++$(if-expr defined(VBOX_WITH_VBOXR0_AS_DLL),DLLS,SYSMODS) += VBoxBusMouseR0
+ VBoxBusMouseR0_TEMPLATE = VBoxR0ExtPackBusMouse
+ VBoxBusMouseR0_SOURCES = DevBusMouse.cpp
+
+--- a/src/VBox/Runtime/testcase/Makefile.kmk
++++ b/src/VBox/Runtime/testcase/Makefile.kmk
+@@ -210,13 +210,13 @@ if1of ($(KBUILD_TARGET_ARCH), amd64 x86)
+ tstRTR0ThreadDriver
+ endif
+ if1of ($(KBUILD_TARGET_ARCH), $(VBOX_SUPPORTED_HOST_ARCHS))
+- SYSMODS += \
++ $(if-expr defined(VBOX_WITH_VBOXR0_AS_DLL),DLLS,SYSMODS) += \
+ tstLdrObjR0
+ ifdef VBOX_WITH_RAW_MODE
+ SYSMODS += tstLdrObj
+ endif
+ endif
+- SYSMODS += \
++ $(if-expr defined(VBOX_WITH_VBOXR0_AS_DLL),DLLS,SYSMODS) += \
+ tstRTR0MemUserKernel \
+ tstRTR0SemMutex \
+ tstRTR0Timer \
+@@ -224,7 +224,7 @@ if1of ($(KBUILD_TARGET_ARCH), amd64 x86)
+ tstRTR0Thread
+ if1of ($(KBUILD_TARGET), solaris darwin)
+ PROGRAMS += tstRTR0DbgKrnlInfoDriver
+- SYSMODS += tstRTR0DbgKrnlInfo
++ $(if-expr defined(VBOX_WITH_VBOXR0_AS_DLL),DLLS,SYSMODS) += tstRTR0DbgKrnlInfo
+ endif # VBOX_SUPPORTED_HOST_ARCHS only
+
+ endif
+--- a/src/VBox/VMM/Makefile.kmk
++++ b/src/VBox/VMM/Makefile.kmk
+@@ -435,7 +435,7 @@ ifndef VBOX_ONLY_EXTPACKS
+ #
+ # VMMR0.r0
+ #
+-SYSMODS += VMMR0
++$(if-expr defined(VBOX_WITH_VBOXR0_AS_DLL),DLLS,SYSMODS) += VMMR0
+ VMMR0_TEMPLATE = VBoxR0
+ VMMR0_SYSSUFF = .r0
+
+--- a/src/VBox/ValidationKit/utils/misc/Makefile.kmk
++++ b/src/VBox/ValidationKit/utils/misc/Makefile.kmk
+@@ -31,7 +31,7 @@ PROGRAMS += LoadGenerator
+ LoadGenerator_TEMPLATE = VBoxValidationKitR3Host
+ LoadGenerator_SOURCES = loadgenerator.cpp
+
+-SYSMODS += loadgeneratorR0
++$(if-expr defined(VBOX_WITH_VBOXR0_AS_DLL),DLLS,SYSMODS) += loadgeneratorR0
+ loadgeneratorR0_TEMPLATE = VBoxValidationKitR0
+ loadgeneratorR0_SOURCES = loadgeneratorR0.cpp
+
+--- a/src/VBox/HostDrivers/Support/SUPLib.cpp
++++ b/src/VBox/HostDrivers/Support/SUPLib.cpp
+@@ -275,9 +275,9 @@ SUPR3DECL(int) SUPR3InitEx(bool fUnrestr
+ CookieReq.Hdr.rc = VERR_INTERNAL_ERROR;
+ strcpy(CookieReq.u.In.szMagic, SUPCOOKIE_MAGIC);
+ CookieReq.u.In.u32ReqVersion = SUPDRV_IOC_VERSION;
+- const uint32_t uMinVersion = (SUPDRV_IOC_VERSION & 0xffff0000) == 0x002d0000
++ const uint32_t uMinVersion = /*(SUPDRV_IOC_VERSION & 0xffff0000) == 0x002d0000
+ ? 0x002d0001
+- : SUPDRV_IOC_VERSION & 0xffff0000;
++ :*/ SUPDRV_IOC_VERSION & 0xffff0000;
+ CookieReq.u.In.u32MinVersion = uMinVersion;
+ rc = suplibOsIOCtl(&g_supLibData, SUP_IOCTL_COOKIE, &CookieReq, SUP_IOCTL_COOKIE_SIZE);
+ if ( RT_SUCCESS(rc)
+--- a/src/VBox/HostDrivers/Support/SUPDrvIOC.h
++++ b/src/VBox/HostDrivers/Support/SUPDrvIOC.h
+@@ -220,9 +220,10 @@ typedef SUPREQHDR *PSUPREQHDR;
+ * -# When increment the major number, execute all pending work.
+ *
+ * @todo Pending work on next major version change:
+- * - Move SUP_IOCTL_FAST_DO_NOP and SUP_VMMR0_DO_NEM_RUN after NEM.
++ * - Nothing.
++ * @note 0x002f0000 is used by 6.0. The next version number must be 0x00300000.
+ */
+-#define SUPDRV_IOC_VERSION 0x002d0001
++#define SUPDRV_IOC_VERSION 0x002e0000
+
+ /** SUP_IOCTL_COOKIE. */
+ typedef struct SUPCOOKIE
+@@ -314,8 +315,8 @@ typedef struct SUPLDROPEN
+ {
+ struct
+ {
+- /** Size of the image we'll be loading (including tables). */
+- uint32_t cbImageWithTabs;
++ /** Size of the image we'll be loading (including all tables). */
++ uint32_t cbImageWithEverything;
+ /** The size of the image bits. (Less or equal to cbImageWithTabs.) */
+ uint32_t cbImageBits;
+ /** Image name.
+@@ -390,6 +391,29 @@ typedef SUPLDRSYM *PSUPLDRSYM;
+ /** Pointer to a const symbol table entry. */
+ typedef SUPLDRSYM const *PCSUPLDRSYM;
+
++#define SUPLDR_PROT_READ 1 /**< Grant read access (RTMEM_PROT_READ). */
++#define SUPLDR_PROT_WRITE 2 /**< Grant write access (RTMEM_PROT_WRITE). */
++#define SUPLDR_PROT_EXEC 4 /**< Grant execute access (RTMEM_PROT_EXEC). */
++
++/**
++ * A segment table entry - chiefly for conveying memory protection.
++ */
++typedef struct SUPLDRSEG
++{
++ /** The RVA of the segment. */
++ uint32_t off;
++ /** The size of the segment. */
++ uint32_t cb : 28;
++ /** The segment protection (SUPLDR_PROT_XXX). */
++ uint32_t fProt : 3;
++ /** MBZ. */
++ uint32_t fUnused;
++} SUPLDRSEG;
++/** Pointer to a segment table entry. */
++typedef SUPLDRSEG *PSUPLDRSEG;
++/** Pointer to a const segment table entry. */
++typedef SUPLDRSEG const *PCSUPLDRSEG;
++
+ /**
+ * SUPLDRLOAD::u::In::EP type.
+ */
+@@ -443,7 +467,7 @@ typedef struct SUPLDRLOAD
+ /** The size of the image bits (starting at offset 0 and
+ * approaching offSymbols). */
+ uint32_t cbImageBits;
+- /** The offset of the symbol table. */
++ /** The offset of the symbol table (SUPLDRSYM array). */
+ uint32_t offSymbols;
+ /** The number of entries in the symbol table. */
+ uint32_t cSymbols;
+@@ -451,8 +475,12 @@ typedef struct SUPLDRLOAD
+ uint32_t offStrTab;
+ /** Size of the string table. */
+ uint32_t cbStrTab;
++ /** Offset to the segment table (SUPLDRSEG array). */
++ uint32_t offSegments;
++ /** Number of segments. */
++ uint32_t cSegments;
+ /** Size of image data in achImage. */
+- uint32_t cbImageWithTabs;
++ uint32_t cbImageWithEverything;
+ /** The image data. */
+ uint8_t abImage[1];
+ } In;
+--- a/src/VBox/HostDrivers/Support/SUPDrvInternal.h
++++ b/src/VBox/HostDrivers/Support/SUPDrvInternal.h
+@@ -145,6 +145,12 @@
+ # define SUPDRV_USE_MUTEX_FOR_GIP
+ #endif
+
++#if defined(RT_OS_LINUX) /** @todo make everyone do this */
++/** Use the RTR0MemObj API rather than the RTMemExecAlloc for the images.
++ * This is a good idea in general, but a necessity for @bugref{9801}. */
++# define SUPDRV_USE_MEMOBJ_FOR_LDR_IMAGE
++#endif
++
+
+ /**
+ * OS debug print macro.
+@@ -326,15 +332,20 @@ typedef struct SUPDRVLDRIMAGE
+ struct SUPDRVLDRIMAGE * volatile pNext;
+ /** Pointer to the image. */
+ void *pvImage;
++#ifdef SUPDRV_USE_MEMOBJ_FOR_LDR_IMAGE
++ /** The memory object for the module allocation. */
++ RTR0MEMOBJ hMemObjImage;
++#else
+ /** Pointer to the allocated image buffer.
+ * pvImage is 32-byte aligned or it may governed by the native loader (this
+ * member is NULL then). */
+ void *pvImageAlloc;
++#endif
+ /** Magic value (SUPDRVLDRIMAGE_MAGIC). */
+ uint32_t uMagic;
+ /** Size of the image including the tables. This is mainly for verification
+ * of the load request. */
+- uint32_t cbImageWithTabs;
++ uint32_t cbImageWithEverything;
+ /** Size of the image. */
+ uint32_t cbImageBits;
+ /** The number of entries in the symbol table. */
+@@ -345,6 +356,10 @@ typedef struct SUPDRVLDRIMAGE
+ char *pachStrTab;
+ /** Size of the string table. */
+ uint32_t cbStrTab;
++ /** Number of segments. */
++ uint32_t cSegments;
++ /** Segments (for memory protection). */
++ PSUPLDRSEG paSegments;
+ /** Pointer to the optional module initialization callback. */
+ PFNR0MODULEINIT pfnModuleInit;
+ /** Pointer to the optional module termination callback. */
+--- a/src/VBox/HostDrivers/Support/SUPDrv.cpp
++++ b/src/VBox/HostDrivers/Support/SUPDrv.cpp
+@@ -1734,11 +1734,10 @@ static int supdrvIOCtlInnerUnrestricted(
+ /* validate */
+ PSUPLDROPEN pReq = (PSUPLDROPEN)pReqHdr;
+ REQ_CHECK_SIZES(SUP_IOCTL_LDR_OPEN);
+- REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, pReq->u.In.cbImageWithTabs > 0);
+- REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, pReq->u.In.cbImageWithTabs < 16*_1M);
++ REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, pReq->u.In.cbImageWithEverything > 0);
++ REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, pReq->u.In.cbImageWithEverything < 16*_1M);
+ REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, pReq->u.In.cbImageBits > 0);
+- REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, pReq->u.In.cbImageBits > 0);
+- REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, pReq->u.In.cbImageBits < pReq->u.In.cbImageWithTabs);
++ REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, pReq->u.In.cbImageBits < pReq->u.In.cbImageWithEverything);
+ REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, pReq->u.In.szName[0]);
+ REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, RTStrEnd(pReq->u.In.szName, sizeof(pReq->u.In.szName)));
+ REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, supdrvIsLdrModuleNameValid(pReq->u.In.szName));
+@@ -1754,19 +1753,29 @@ static int supdrvIOCtlInnerUnrestricted(
+ /* validate */
+ PSUPLDRLOAD pReq = (PSUPLDRLOAD)pReqHdr;
+ REQ_CHECK_EXPR(Name, pReq->Hdr.cbIn >= SUP_IOCTL_LDR_LOAD_SIZE_IN(32));
+- REQ_CHECK_SIZES_EX(SUP_IOCTL_LDR_LOAD, SUP_IOCTL_LDR_LOAD_SIZE_IN(pReq->u.In.cbImageWithTabs), SUP_IOCTL_LDR_LOAD_SIZE_OUT);
+- REQ_CHECK_EXPR(SUP_IOCTL_LDR_LOAD, pReq->u.In.cSymbols <= 16384);
++ REQ_CHECK_SIZES_EX(SUP_IOCTL_LDR_LOAD, SUP_IOCTL_LDR_LOAD_SIZE_IN(pReq->u.In.cbImageWithEverything), SUP_IOCTL_LDR_LOAD_SIZE_OUT);
+ REQ_CHECK_EXPR_FMT( !pReq->u.In.cSymbols
+- || ( pReq->u.In.offSymbols < pReq->u.In.cbImageWithTabs
+- && pReq->u.In.offSymbols + pReq->u.In.cSymbols * sizeof(SUPLDRSYM) <= pReq->u.In.cbImageWithTabs),
+- ("SUP_IOCTL_LDR_LOAD: offSymbols=%#lx cSymbols=%#lx cbImageWithTabs=%#lx\n", (long)pReq->u.In.offSymbols,
+- (long)pReq->u.In.cSymbols, (long)pReq->u.In.cbImageWithTabs));
++ || ( pReq->u.In.cSymbols <= 16384
++ && pReq->u.In.offSymbols >= pReq->u.In.cbImageBits
++ && pReq->u.In.offSymbols < pReq->u.In.cbImageWithEverything
++ && pReq->u.In.offSymbols + pReq->u.In.cSymbols * sizeof(SUPLDRSYM) <= pReq->u.In.cbImageWithEverything),
++ ("SUP_IOCTL_LDR_LOAD: offSymbols=%#lx cSymbols=%#lx cbImageWithEverything=%#lx\n", (long)pReq->u.In.offSymbols,
++ (long)pReq->u.In.cSymbols, (long)pReq->u.In.cbImageWithEverything));
+ REQ_CHECK_EXPR_FMT( !pReq->u.In.cbStrTab
+- || ( pReq->u.In.offStrTab < pReq->u.In.cbImageWithTabs
+- && pReq->u.In.offStrTab + pReq->u.In.cbStrTab <= pReq->u.In.cbImageWithTabs
+- && pReq->u.In.cbStrTab <= pReq->u.In.cbImageWithTabs),
+- ("SUP_IOCTL_LDR_LOAD: offStrTab=%#lx cbStrTab=%#lx cbImageWithTabs=%#lx\n", (long)pReq->u.In.offStrTab,
+- (long)pReq->u.In.cbStrTab, (long)pReq->u.In.cbImageWithTabs));
++ || ( pReq->u.In.offStrTab < pReq->u.In.cbImageWithEverything
++ && pReq->u.In.offStrTab >= pReq->u.In.cbImageBits
++ && pReq->u.In.offStrTab + pReq->u.In.cbStrTab <= pReq->u.In.cbImageWithEverything
++ && pReq->u.In.cbStrTab <= pReq->u.In.cbImageWithEverything),
++ ("SUP_IOCTL_LDR_LOAD: offStrTab=%#lx cbStrTab=%#lx cbImageWithEverything=%#lx\n", (long)pReq->u.In.offStrTab,
++ (long)pReq->u.In.cbStrTab, (long)pReq->u.In.cbImageWithEverything));
++ REQ_CHECK_EXPR_FMT( pReq->u.In.cSegments >= 1
++ && pReq->u.In.cSegments <= 128
++ && pReq->u.In.cSegments <= pReq->u.In.cbImageBits / PAGE_SIZE
++ && pReq->u.In.offSegments >= pReq->u.In.cbImageBits
++ && pReq->u.In.offSegments < pReq->u.In.cbImageWithEverything
++ && pReq->u.In.offSegments + pReq->u.In.cSegments * sizeof(SUPLDRSEG) <= pReq->u.In.cbImageWithEverything,
++ ("SUP_IOCTL_LDR_LOAD: offSegments=%#lx cSegments=%#lx cbImageWithEverything=%#lx\n", (long)pReq->u.In.offSegments,
++ (long)pReq->u.In.cSegments, (long)pReq->u.In.cbImageWithEverything));
+
+ if (pReq->u.In.cSymbols)
+ {
+@@ -1774,15 +1783,37 @@ static int supdrvIOCtlInnerUnrestricted(
+ PSUPLDRSYM paSyms = (PSUPLDRSYM)&pReq->u.In.abImage[pReq->u.In.offSymbols];
+ for (i = 0; i < pReq->u.In.cSymbols; i++)
+ {
+- REQ_CHECK_EXPR_FMT(paSyms[i].offSymbol < pReq->u.In.cbImageWithTabs,
+- ("SUP_IOCTL_LDR_LOAD: sym #%ld: symb off %#lx (max=%#lx)\n", (long)i, (long)paSyms[i].offSymbol, (long)pReq->u.In.cbImageWithTabs));
++ REQ_CHECK_EXPR_FMT(paSyms[i].offSymbol < pReq->u.In.cbImageWithEverything,
++ ("SUP_IOCTL_LDR_LOAD: sym #%ld: symb off %#lx (max=%#lx)\n", (long)i, (long)paSyms[i].offSymbol, (long)pReq->u.In.cbImageWithEverything));
+ REQ_CHECK_EXPR_FMT(paSyms[i].offName < pReq->u.In.cbStrTab,
+- ("SUP_IOCTL_LDR_LOAD: sym #%ld: name off %#lx (max=%#lx)\n", (long)i, (long)paSyms[i].offName, (long)pReq->u.In.cbImageWithTabs));
++ ("SUP_IOCTL_LDR_LOAD: sym #%ld: name off %#lx (max=%#lx)\n", (long)i, (long)paSyms[i].offName, (long)pReq->u.In.cbImageWithEverything));
+ REQ_CHECK_EXPR_FMT(RTStrEnd((char const *)&pReq->u.In.abImage[pReq->u.In.offStrTab + paSyms[i].offName],
+ pReq->u.In.cbStrTab - paSyms[i].offName),
+- ("SUP_IOCTL_LDR_LOAD: sym #%ld: unterminated name! (%#lx / %#lx)\n", (long)i, (long)paSyms[i].offName, (long)pReq->u.In.cbImageWithTabs));
++ ("SUP_IOCTL_LDR_LOAD: sym #%ld: unterminated name! (%#lx / %#lx)\n", (long)i, (long)paSyms[i].offName, (long)pReq->u.In.cbImageWithEverything));
+ }
+ }
++ {
++ uint32_t i;
++ uint32_t offPrevEnd = 0;
++ PSUPLDRSEG paSegs = (PSUPLDRSEG)&pReq->u.In.abImage[pReq->u.In.offSegments];
++ for (i = 0; i < pReq->u.In.cSegments; i++)
++ {
++ REQ_CHECK_EXPR_FMT(paSegs[i].off < pReq->u.In.cbImageBits && !(paSegs[i].off & PAGE_OFFSET_MASK),
++ ("SUP_IOCTL_LDR_LOAD: seg #%ld: off %#lx (max=%#lx)\n", (long)i, (long)paSegs[i].off, (long)pReq->u.In.cbImageBits));
++ REQ_CHECK_EXPR_FMT(paSegs[i].cb <= pReq->u.In.cbImageBits,
++ ("SUP_IOCTL_LDR_LOAD: seg #%ld: cb %#lx (max=%#lx)\n", (long)i, (long)paSegs[i].cb, (long)pReq->u.In.cbImageBits));
++ REQ_CHECK_EXPR_FMT(paSegs[i].off + paSegs[i].cb <= pReq->u.In.cbImageBits,
++ ("SUP_IOCTL_LDR_LOAD: seg #%ld: off %#lx + cb %#lx = %#lx (max=%#lx)\n", (long)i, (long)paSegs[i].off, (long)paSegs[i].cb, (long)(paSegs[i].off + paSegs[i].cb), (long)pReq->u.In.cbImageBits));
++ REQ_CHECK_EXPR_FMT(paSegs[i].fProt != 0,
++ ("SUP_IOCTL_LDR_LOAD: seg #%ld: off %#lx + cb %#lx\n", (long)i, (long)paSegs[i].off, (long)paSegs[i].cb));
++ REQ_CHECK_EXPR_FMT(paSegs[i].fUnused == 0, ("SUP_IOCTL_LDR_LOAD: seg #%ld: fUnused=1\n", (long)i));
++ REQ_CHECK_EXPR_FMT(offPrevEnd == paSegs[i].off,
++ ("SUP_IOCTL_LDR_LOAD: seg #%ld: off %#lx offPrevEnd %#lx\n", (long)i, (long)paSegs[i].off, (long)offPrevEnd));
++ offPrevEnd = paSegs[i].off + paSegs[i].cb;
++ }
++ REQ_CHECK_EXPR_FMT(offPrevEnd == pReq->u.In.cbImageBits,
++ ("SUP_IOCTL_LDR_LOAD: offPrevEnd %#lx cbImageBits %#lx\n", (long)i, (long)offPrevEnd, (long)pReq->u.In.cbImageBits));
++ }
+
+ /* execute */
+ pReq->Hdr.rc = supdrvIOCtl_LdrLoad(pDevExt, pSession, pReq);
+@@ -5021,7 +5052,7 @@ static int supdrvIOCtl_LdrOpen(PSUPDRVDE
+ size_t cchName = strlen(pReq->u.In.szName); /* (caller checked < 32). */
+ SUPDRV_CHECK_SMAP_SETUP();
+ SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
+- LogFlow(("supdrvIOCtl_LdrOpen: szName=%s cbImageWithTabs=%d\n", pReq->u.In.szName, pReq->u.In.cbImageWithTabs));
++ LogFlow(("supdrvIOCtl_LdrOpen: szName=%s cbImageWithEverything=%d\n", pReq->u.In.szName, pReq->u.In.cbImageWithEverything));
+
+ /*
+ * Check if we got an instance of the image already.
+@@ -5035,7 +5066,8 @@ static int supdrvIOCtl_LdrOpen(PSUPDRVDE
+ {
+ if (RT_LIKELY(pImage->cUsage < UINT32_MAX / 2U))
+ {
+- /** @todo check cbImageBits and cbImageWithTabs here, if they differs that indicates that the images are different. */
++ /** @todo check cbImageBits and cbImageWithEverything here, if they differs
++ * that indicates that the images are different. */
+ pImage->cUsage++;
+ pReq->u.Out.pvImageBase = pImage->pvImage;
+ pReq->u.Out.fNeedsLoading = pImage->uState == SUP_IOCTL_LDR_OPEN;
+@@ -5078,13 +5110,19 @@ static int supdrvIOCtl_LdrOpen(PSUPDRVDE
+ */
+ pImage = (PSUPDRVLDRIMAGE)pv;
+ pImage->pvImage = NULL;
++#ifdef SUPDRV_USE_MEMOBJ_FOR_LDR_IMAGE
++ pImage->hMemObjImage = NIL_RTR0MEMOBJ;
++#else
+ pImage->pvImageAlloc = NULL;
+- pImage->cbImageWithTabs = pReq->u.In.cbImageWithTabs;
++#endif
++ pImage->cbImageWithEverything = pReq->u.In.cbImageWithEverything;
+ pImage->cbImageBits = pReq->u.In.cbImageBits;
+ pImage->cSymbols = 0;
+ pImage->paSymbols = NULL;
+ pImage->pachStrTab = NULL;
+ pImage->cbStrTab = 0;
++ pImage->cSegments = 0;
++ pImage->paSegments = NULL;
+ pImage->pfnModuleInit = NULL;
+ pImage->pfnModuleTerm = NULL;
+ pImage->pfnServiceReqHandler = NULL;
+@@ -5102,10 +5140,19 @@ static int supdrvIOCtl_LdrOpen(PSUPDRVDE
+ rc = supdrvOSLdrOpen(pDevExt, pImage, pReq->u.In.szFilename);
+ if (rc == VERR_NOT_SUPPORTED)
+ {
++#ifdef SUPDRV_USE_MEMOBJ_FOR_LDR_IMAGE
++ rc = RTR0MemObjAllocPage(&pImage->hMemObjImage, pImage->cbImageBits, true /*fExecutable*/);
++ if (RT_SUCCESS(rc))
++ {
++ pImage->pvImage = RTR0MemObjAddress(pImage->hMemObjImage);
++ pImage->fNative = false;
++ }
++#else
+ pImage->pvImageAlloc = RTMemExecAlloc(pImage->cbImageBits + 31);
+ pImage->pvImage = RT_ALIGN_P(pImage->pvImageAlloc, 32);
+ pImage->fNative = false;
+ rc = pImage->pvImageAlloc ? VINF_SUCCESS : VERR_NO_EXEC_MEMORY;
++#endif
+ SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
+ }
+ if (RT_FAILURE(rc))
+@@ -5138,41 +5185,90 @@ static int supdrvIOCtl_LdrOpen(PSUPDRVDE
+
+
+ /**
++ * Formats a load error message.
++ *
++ * @returns @a rc
++ * @param rc Return code.
++ * @param pReq The request.
++ * @param pszFormat The error message format string.
++ * @param ... Argument to the format string.
++ */
++int VBOXCALL supdrvLdrLoadError(int rc, PSUPLDRLOAD pReq, const char *pszFormat, ...)
++{
++ va_list va;
++ va_start(va, pszFormat);
++ pReq->u.Out.uErrorMagic = SUPLDRLOAD_ERROR_MAGIC;
++ RTStrPrintfV(pReq->u.Out.szError, sizeof(pReq->u.Out.szError), pszFormat, va);
++ va_end(va);
++ Log(("SUP_IOCTL_LDR_LOAD: %s [rc=%Rrc]\n", pReq->u.Out.szError, rc));
++ return rc;
++}
++
++
++/**
+ * Worker that validates a pointer to an image entrypoint.
+ *
++ * Calls supdrvLdrLoadError on error.
++ *
+ * @returns IPRT status code.
+ * @param pDevExt The device globals.
+ * @param pImage The loader image.
+ * @param pv The pointer into the image.
+ * @param fMayBeNull Whether it may be NULL.
+- * @param fCheckNative Whether to check with the native loaders.
+- * @param pszSymbol The entrypoint name or log name. If the symbol
++ * @param pszSymbol The entrypoint name or log name. If the symbol is
+ * capitalized it signifies a specific symbol, otherwise it
+ * for logging.
+ * @param pbImageBits The image bits prepared by ring-3.
++ * @param pReq The request for passing to supdrvLdrLoadError.
+ *
+- * @remarks Will leave the lock on failure.
++ * @note Will leave the loader lock on failure!
+ */
+ static int supdrvLdrValidatePointer(PSUPDRVDEVEXT pDevExt, PSUPDRVLDRIMAGE pImage, void *pv, bool fMayBeNull,
+- bool fCheckNative, const uint8_t *pbImageBits, const char *pszSymbol)
++ const uint8_t *pbImageBits, const char *pszSymbol, PSUPLDRLOAD pReq)
+ {
+ if (!fMayBeNull || pv)
+ {
+- if ((uintptr_t)pv - (uintptr_t)pImage->pvImage >= pImage->cbImageBits)
++ uint32_t iSeg;
++
++ /* Must be within the image bits: */
++ uintptr_t const uRva = (uintptr_t)pv - (uintptr_t)pImage->pvImage;
++ if (uRva >= pImage->cbImageBits)
+ {
+ supdrvLdrUnlock(pDevExt);
+- Log(("Out of range (%p LB %#x): %s=%p\n", pImage->pvImage, pImage->cbImageBits, pszSymbol, pv));
+- return VERR_INVALID_PARAMETER;
++ return supdrvLdrLoadError(VERR_INVALID_PARAMETER, pReq,
++ "Invalid entry point address %p given for %s: RVA %#zx, image size %#zx",
++ pv, pszSymbol, uRva, pImage->cbImageBits);
+ }
+
+- if (pImage->fNative && fCheckNative)
++ /* Must be in an executable segment: */
++ for (iSeg = 0; iSeg < pImage->cSegments; iSeg++)
++ if (uRva - pImage->paSegments[iSeg].off < (uintptr_t)pImage->paSegments[iSeg].cb)
++ {
++ if (pImage->paSegments[iSeg].fProt & SUPLDR_PROT_EXEC)
++ break;
++ supdrvLdrUnlock(pDevExt);
++ return supdrvLdrLoadError(VERR_INVALID_PARAMETER, pReq,
++ "Bad entry point %p given for %s: not executable (seg #%u: %#RX32 LB %#RX32 prot %#x)",
++ pv, pszSymbol, iSeg, pImage->paSegments[iSeg].off, pImage->paSegments[iSeg].cb,
++ pImage->paSegments[iSeg].fProt);
++ }
++ if (iSeg >= pImage->cSegments)
+ {
++ supdrvLdrUnlock(pDevExt);
++ return supdrvLdrLoadError(VERR_INVALID_PARAMETER, pReq,
++ "Bad entry point %p given for %s: no matching segment found (RVA %#zx)!",
++ pv, pszSymbol, uRva);
++ }
++
++ if (pImage->fNative)
++ {
++ /** @todo pass pReq along to the native code. */
+ int rc = supdrvOSLdrValidatePointer(pDevExt, pImage, pv, pbImageBits, pszSymbol);
+ if (RT_FAILURE(rc))
+ {
+ supdrvLdrUnlock(pDevExt);
+- Log(("Bad entry point address: %s=%p (rc=%Rrc)\n", pszSymbol, pv, rc));
+- return rc;
++ return supdrvLdrLoadError(VERR_INVALID_PARAMETER, pReq,
++ "Bad entry point address %p for %s: rc=%Rrc\n", pv, pszSymbol, rc);
+ }
+ }
+ }
+@@ -5223,27 +5319,6 @@ int VBOXCALL supdrvLdrLoadError(int rc,
+
+
+ /**
+- * Formats a load error message.
+- *
+- * @returns @a rc
+- * @param rc Return code.
+- * @param pReq The request.
+- * @param pszFormat The error message format string.
+- * @param ... Argument to the format string.
+- */
+-int VBOXCALL supdrvLdrLoadError(int rc, PSUPLDRLOAD pReq, const char *pszFormat, ...)
+-{
+- va_list va;
+- va_start(va, pszFormat);
+- pReq->u.Out.uErrorMagic = SUPLDRLOAD_ERROR_MAGIC;
+- RTStrPrintfV(pReq->u.Out.szError, sizeof(pReq->u.Out.szError), pszFormat, va);
+- va_end(va);
+- Log(("SUP_IOCTL_LDR_LOAD: %s [rc=%Rrc]\n", pReq->u.Out.szError, rc));
+- return rc;
+-}
+-
+-
+-/**
+ * Loads the image bits.
+ *
+ * This is the 2nd step of the loading.
+@@ -5259,7 +5334,7 @@ static int supdrvIOCtl_LdrLoad(PSUPDRVDE
+ PSUPDRVLDRIMAGE pImage;
+ int rc;
+ SUPDRV_CHECK_SMAP_SETUP();
+- LogFlow(("supdrvIOCtl_LdrLoad: pvImageBase=%p cbImageWithBits=%d\n", pReq->u.In.pvImageBase, pReq->u.In.cbImageWithTabs));
++ LogFlow(("supdrvIOCtl_LdrLoad: pvImageBase=%p cbImageWithEverything=%d\n", pReq->u.In.pvImageBase, pReq->u.In.cbImageWithEverything));
+ SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
+
+ /*
+@@ -5281,12 +5356,12 @@ static int supdrvIOCtl_LdrLoad(PSUPDRVDE
+ /*
+ * Validate input.
+ */
+- if ( pImage->cbImageWithTabs != pReq->u.In.cbImageWithTabs
+- || pImage->cbImageBits != pReq->u.In.cbImageBits)
++ if ( pImage->cbImageWithEverything != pReq->u.In.cbImageWithEverything
++ || pImage->cbImageBits != pReq->u.In.cbImageBits)
+ {
+ supdrvLdrUnlock(pDevExt);
+- return supdrvLdrLoadError(VERR_INVALID_HANDLE, pReq, "Image size mismatch found: %d(prep) != %d(load) or %d != %d",
+- pImage->cbImageWithTabs, pReq->u.In.cbImageWithTabs, pImage->cbImageBits, pReq->u.In.cbImageBits);
++ return supdrvLdrLoadError(VERR_INVALID_HANDLE, pReq, "Image size mismatch found: %u(prep) != %u(load) or %u != %u",
++ pImage->cbImageWithEverything, pReq->u.In.cbImageWithEverything, pImage->cbImageBits, pReq->u.In.cbImageBits);
+ }
+
+ if (pImage->uState != SUP_IOCTL_LDR_OPEN)
+@@ -5306,35 +5381,56 @@ static int supdrvIOCtl_LdrLoad(PSUPDRVDE
+ return supdrvLdrLoadError(VERR_PERMISSION_DENIED, pReq, "Loader is locked down");
+ }
+
++ /*
++ * Copy the segments before we start using supdrvLdrValidatePointer for entrypoint validation.
++ */
++ pImage->cSegments = pReq->u.In.cSegments;
++ {
++ size_t cbSegments = pImage->cSegments * sizeof(SUPLDRSEG);
++ pImage->paSegments = (PSUPLDRSEG)RTMemDup(&pReq->u.In.abImage[pReq->u.In.offSegments], cbSegments);
++ if (pImage->paSegments) /* Align the last segment size to avoid upsetting RTR0MemObjProtect. */ /** @todo relax RTR0MemObjProtect */
++ pImage->paSegments[pImage->cSegments - 1].cb = RT_ALIGN_32(pImage->paSegments[pImage->cSegments - 1].cb, PAGE_SIZE);
++ else
++ {
++ supdrvLdrUnlock(pDevExt);
++ return supdrvLdrLoadError(VERR_NO_MEMORY, pReq, "Out of memory for segment table: %#x", cbSegments);
++ }
++ SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
++ }
++
++ /*
++ * Validate entrypoints.
++ */
+ switch (pReq->u.In.eEPType)
+ {
+ case SUPLDRLOADEP_NOTHING:
+ break;
+
+ case SUPLDRLOADEP_VMMR0:
+- rc = supdrvLdrValidatePointer( pDevExt, pImage, pReq->u.In.EP.VMMR0.pvVMMR0, false, false, pReq->u.In.abImage, "pvVMMR0");
+- if (RT_SUCCESS(rc))
+- rc = supdrvLdrValidatePointer(pDevExt, pImage, pReq->u.In.EP.VMMR0.pvVMMR0EntryFast, false, true, pReq->u.In.abImage, "VMMR0EntryFast");
+- if (RT_SUCCESS(rc))
+- rc = supdrvLdrValidatePointer(pDevExt, pImage, pReq->u.In.EP.VMMR0.pvVMMR0EntryEx, false, true, pReq->u.In.abImage, "VMMR0EntryEx");
++ if (pReq->u.In.EP.VMMR0.pvVMMR0 != pImage->pvImage)
++ {
++ supdrvLdrUnlock(pDevExt);
++ return supdrvLdrLoadError(VERR_INVALID_PARAMETER, pReq, "Invalid pvVMMR0 pointer: %p, expected %p", pReq->u.In.EP.VMMR0.pvVMMR0, pImage->pvImage);
++ }
++ rc = supdrvLdrValidatePointer(pDevExt, pImage, pReq->u.In.EP.VMMR0.pvVMMR0EntryFast, false, pReq->u.In.abImage, "VMMR0EntryFast", pReq);
++ if (RT_FAILURE(rc))
++ return rc;
++ rc = supdrvLdrValidatePointer(pDevExt, pImage, pReq->u.In.EP.VMMR0.pvVMMR0EntryEx, false, pReq->u.In.abImage, "VMMR0EntryEx", pReq);
+ if (RT_FAILURE(rc))
+- return supdrvLdrLoadError(rc, pReq, "Invalid VMMR0 pointer");
++ return rc;
+ break;
+
+ case SUPLDRLOADEP_SERVICE:
+- rc = supdrvLdrValidatePointer(pDevExt, pImage, pReq->u.In.EP.Service.pfnServiceReq, false, true, pReq->u.In.abImage, "pfnServiceReq");
++ rc = supdrvLdrValidatePointer(pDevExt, pImage, pReq->u.In.EP.Service.pfnServiceReq, false, pReq->u.In.abImage, "pfnServiceReq", pReq);
+ if (RT_FAILURE(rc))
+- return supdrvLdrLoadError(rc, pReq, "Invalid pfnServiceReq pointer: %p", pReq->u.In.EP.Service.pfnServiceReq);
++ return rc;
+ if ( pReq->u.In.EP.Service.apvReserved[0] != NIL_RTR0PTR
+ || pReq->u.In.EP.Service.apvReserved[1] != NIL_RTR0PTR
+ || pReq->u.In.EP.Service.apvReserved[2] != NIL_RTR0PTR)
+ {
+ supdrvLdrUnlock(pDevExt);
+- return supdrvLdrLoadError(VERR_INVALID_PARAMETER, pReq,
+- "Out of range (%p LB %#x): apvReserved={%p,%p,%p} MBZ!",
+- pImage->pvImage, pReq->u.In.cbImageWithTabs,
+- pReq->u.In.EP.Service.apvReserved[0],
+- pReq->u.In.EP.Service.apvReserved[1],
++ return supdrvLdrLoadError(VERR_INVALID_PARAMETER, pReq, "apvReserved={%p,%p,%p} MBZ!",
++ pReq->u.In.EP.Service.apvReserved[0], pReq->u.In.EP.Service.apvReserved[1],
+ pReq->u.In.EP.Service.apvReserved[2]);
+ }
+ break;
+@@ -5344,12 +5440,12 @@ static int supdrvIOCtl_LdrLoad(PSUPDRVDE
+ return supdrvLdrLoadError(VERR_INVALID_PARAMETER, pReq, "Invalid eEPType=%d", pReq->u.In.eEPType);
+ }
+
+- rc = supdrvLdrValidatePointer(pDevExt, pImage, pReq->u.In.pfnModuleInit, true, true, pReq->u.In.abImage, "ModuleInit");
++ rc = supdrvLdrValidatePointer(pDevExt, pImage, pReq->u.In.pfnModuleInit, true, pReq->u.In.abImage, "ModuleInit", pReq);
+ if (RT_FAILURE(rc))
+- return supdrvLdrLoadError(rc, pReq, "Invalid pfnModuleInit pointer: %p", pReq->u.In.pfnModuleInit);
+- rc = supdrvLdrValidatePointer(pDevExt, pImage, pReq->u.In.pfnModuleTerm, true, true, pReq->u.In.abImage, "ModuleTerm");
++ return rc;
++ rc = supdrvLdrValidatePointer(pDevExt, pImage, pReq->u.In.pfnModuleTerm, true, pReq->u.In.abImage, "ModuleTerm", pReq);
+ if (RT_FAILURE(rc))
+- return supdrvLdrLoadError(rc, pReq, "Invalid pfnModuleTerm pointer: %p", pReq->u.In.pfnModuleTerm);
++ return rc;
+ SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
+
+ /*
+@@ -5361,10 +5457,8 @@ static int supdrvIOCtl_LdrLoad(PSUPDRVDE
+ pImage->cbStrTab = pReq->u.In.cbStrTab;
+ if (pImage->cbStrTab)
+ {
+- pImage->pachStrTab = (char *)RTMemAlloc(pImage->cbStrTab);
+- if (pImage->pachStrTab)
+- memcpy(pImage->pachStrTab, &pReq->u.In.abImage[pReq->u.In.offStrTab], pImage->cbStrTab);
+- else
++ pImage->pachStrTab = (char *)RTMemDup(&pReq->u.In.abImage[pReq->u.In.offStrTab], pImage->cbStrTab);
++ if (!pImage->pachStrTab)
+ rc = supdrvLdrLoadError(VERR_NO_MEMORY, pReq, "Out of memory for string table: %#x", pImage->cbStrTab);
+ SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
+ }
+@@ -5373,17 +5467,15 @@ static int supdrvIOCtl_LdrLoad(PSUPDRVDE
+ if (RT_SUCCESS(rc) && pImage->cSymbols)
+ {
+ size_t cbSymbols = pImage->cSymbols * sizeof(SUPLDRSYM);
+- pImage->paSymbols = (PSUPLDRSYM)RTMemAlloc(cbSymbols);
+- if (pImage->paSymbols)
+- memcpy(pImage->paSymbols, &pReq->u.In.abImage[pReq->u.In.offSymbols], cbSymbols);
+- else
++ pImage->paSymbols = (PSUPLDRSYM)RTMemDup(&pReq->u.In.abImage[pReq->u.In.offSymbols], cbSymbols);
++ if (!pImage->paSymbols)
+ rc = supdrvLdrLoadError(VERR_NO_MEMORY, pReq, "Out of memory for symbol table: %#x", cbSymbols);
+ SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
+ }
+ }
+
+ /*
+- * Copy the bits / complete native loading.
++ * Copy the bits and apply permissions / complete native loading.
+ */
+ if (RT_SUCCESS(rc))
+ {
+@@ -5395,7 +5487,26 @@ static int supdrvIOCtl_LdrLoad(PSUPDRVDE
+ rc = supdrvOSLdrLoad(pDevExt, pImage, pReq->u.In.abImage, pReq);
+ else
+ {
++#ifdef SUPDRV_USE_MEMOBJ_FOR_LDR_IMAGE
++ uint32_t i;
+ memcpy(pImage->pvImage, &pReq->u.In.abImage[0], pImage->cbImageBits);
++
++ for (i = 0; i < pImage->cSegments; i++)
++ {
++ rc = RTR0MemObjProtect(pImage->hMemObjImage, pImage->paSegments[i].off, pImage->paSegments[i].cb,
++ pImage->paSegments[i].fProt);
++ if (RT_SUCCESS(rc))
++ continue;
++ if (rc == VERR_NOT_SUPPORTED)
++ rc = VINF_SUCCESS;
++ else
++ rc = supdrvLdrLoadError(rc, pReq, "RTR0MemObjProtect failed on seg#%u %#RX32 LB %#RX32 fProt=%#x",
++ i, pImage->paSegments[i].off, pImage->paSegments[i].cb, pImage->paSegments[i].fProt);
++ break;
++ }
++#else
++ memcpy(pImage->pvImage, &pReq->u.In.abImage[0], pImage->cbImageBits);
++#endif
+ Log(("vboxdrv: Loaded '%s' at %p\n", pImage->szName, pImage->pvImage));
+ }
+ SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
+@@ -5990,12 +6101,20 @@ static void supdrvLdrFree(PSUPDRVDEVEXT
+ pImage->pDevExt = NULL;
+ pImage->pNext = NULL;
+ pImage->uState = SUP_IOCTL_LDR_FREE;
++#ifdef SUPDRV_USE_MEMOBJ_FOR_LDR_IMAGE
++ RTR0MemObjFree(pImage->hMemObjImage, true /*fMappings*/);
++ pImage->hMemObjImage = NIL_RTR0MEMOBJ;
++#else
+ RTMemExecFree(pImage->pvImageAlloc, pImage->cbImageBits + 31);
+ pImage->pvImageAlloc = NULL;
++#endif
++ pImage->pvImage = NULL;
+ RTMemFree(pImage->pachStrTab);
+ pImage->pachStrTab = NULL;
+ RTMemFree(pImage->paSymbols);
+ pImage->paSymbols = NULL;
++ RTMemFree(pImage->paSegments);
++ pImage->paSegments = NULL;
+ RTMemFree(pImage);
+ }
+
+--- a/src/VBox/Runtime/r0drv/linux/the-linux-kernel.h
++++ b/src/VBox/Runtime/r0drv/linux/the-linux-kernel.h
+@@ -176,6 +176,11 @@
+ # include <asm/set_memory.h>
+ #endif
+
++/* for __flush_tlb_all() */
++#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 28) && (defined(RT_ARCH_AMD64) || defined(RT_ARCH_X86))
++# include <asm/tlbflush.h>
++#endif
++
+ #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 7, 0)
+ # include <asm/smap.h>
+ #else
diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/kernel-5.8-4.patch b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/kernel-5.8-4.patch
deleted file mode 100644
index cb4148fc79..0000000000
--- a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/kernel-5.8-4.patch
+++ /dev/null
@@ -1,19 +0,0 @@
-Description: Fix kernel 5.8 forbidding use of vermagic.h header file
-Author: Gianfranco Costamagna <locutusofborg@debian.org>
-Origin: https://www.virtualbox.org/ticket/19644
-Bug-Ubuntu: https://launchpad.net/bugs/1884652
-Last-Update: 2020-08-10
-
---- virtualbox-6.1.12-dfsg.orig/src/VBox/Additions/linux/sharedfolders/vfsmod.c
-+++ virtualbox-6.1.12-dfsg/src/VBox/Additions/linux/sharedfolders/vfsmod.c
-@@ -53,7 +53,9 @@
- #include <linux/seq_file.h>
- #include <linux/vfs.h>
- #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 5, 62)
--# include <linux/vermagic.h>
-+# if LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
-+# include <linux/vermagic.h>
-+# endif
- #endif
- #include <VBox/err.h>
- #include <iprt/path.h>
diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.12.bb b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.12.bb
index e57df58d6c..6c036d403c 100644
--- a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.12.bb
+++ b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.12.bb
@@ -12,10 +12,7 @@ COMPATIBLE_MACHINE = "(qemux86|qemux86-64)"
VBOX_NAME = "VirtualBox-${PV}"
SRC_URI = "http://download.virtualbox.org/virtualbox/${PV}/${VBOX_NAME}.tar.bz2 \
- file://0001-fixes_for_mm_struct.patch \
- file://0002-fixes_for_module_memory.patch \
- file://0003-fixes_for_changes_in_cpu_tlbstate.patch \
- file://kernel-5.8-4.patch \
+ file://021-linux-5-8.patch \
file://Makefile.utils \
"
SRC_URI[md5sum] = "3c351f7fd6376e0bb3c8489505a9450c"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [dunfell 04/15] vboxguestdrivers: upgrade 6.1.12 -> 6.1.14 Drop kernel 5.8 compatibility patch, now part of upstream codebase
2021-07-25 4:52 [dunfell 00/15] Patch review July 24th Armin Kuster
` (2 preceding siblings ...)
2021-07-25 4:52 ` [dunfell 03/15] vboxguestdrivers: Fix build with kernel 5.8 Armin Kuster
@ 2021-07-25 4:52 ` Armin Kuster
2021-07-25 4:52 ` [dunfell 05/15] vboxguestdrivers: upgrade 6.1.14 -> 6.1.16 Armin Kuster
` (10 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Armin Kuster @ 2021-07-25 4:52 UTC (permalink / raw)
To: openembedded-devel
From: Gianfranco Costamagna <costamagna.gianfranco@gmail.com>
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1cd14bf12472970d75df3172a2b9b0dff71da655)
[Stable branch]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../vboxguestdrivers/021-linux-5-8.patch | 5046 -----------------
...s_6.1.12.bb => vboxguestdrivers_6.1.14.bb} | 5 +-
2 files changed, 2 insertions(+), 5049 deletions(-)
delete mode 100644 meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/021-linux-5-8.patch
rename meta-oe/recipes-support/vboxguestdrivers/{vboxguestdrivers_6.1.12.bb => vboxguestdrivers_6.1.14.bb} (94%)
diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/021-linux-5-8.patch b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/021-linux-5-8.patch
deleted file mode 100644
index 9d45750608..0000000000
--- a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/021-linux-5-8.patch
+++ /dev/null
@@ -1,5046 +0,0 @@
-fix Linux 5.8
-
-This is a squashed patch with following upstream revisions:
-
- r85208
- r85430
- r85431
- r85432
- r85447 # context required adjustment
- r85453
- r85460
- r85461 # context required adjustment
- r85500
- r85501
- r85503
- r85504
- r85505
- r85506
- r85507 # context required adjustment
- r85509
- r85510
- r85511
- r85514
- r85516
- r85517
- r85518
- r85525
- r85526
- r85527
- r85533
- r85534
- r85540
- r85541
- r85545
- r85546
- r85552
- r85555
- r85556
- r85590
-
-Thanks a lot to loqs for his hard work on FS#67488!
-
---- a/src/VBox/Runtime/r0drv/linux/time-r0drv-linux.c
-+++ b/src/VBox/Runtime/r0drv/linux/time-r0drv-linux.c
-@@ -31,6 +31,12 @@
- #define LOG_GROUP RTLOGGROUP_TIME
- #include "the-linux-kernel.h"
- #include "internal/iprt.h"
-+/* Make sure we have the setting functions we need for RTTimeNow: */
-+#if LINUX_VERSION_CODE < KERNEL_VERSION(2, 6, 16)
-+# define RTTIME_INCL_TIMEVAL
-+#elif LINUX_VERSION_CODE < KERNEL_VERSION(3, 17, 0)
-+# define RTTIME_INCL_TIMESPEC
-+#endif
- #include <iprt/time.h>
- #include <iprt/asm.h>
-
-@@ -181,22 +187,19 @@ RT_EXPORT_SYMBOL(RTTimeSystemMilliTS);
- RTDECL(PRTTIMESPEC) RTTimeNow(PRTTIMESPEC pTime)
- {
- IPRT_LINUX_SAVE_EFL_AC();
--#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 16)
--/* On Linux 4.20, time.h includes time64.h and we have to use 64-bit times. */
--# ifdef _LINUX_TIME64_H
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 17, 0)
- struct timespec64 Ts;
-- ktime_get_real_ts64(&Ts);
--# else
-- struct timespec Ts;
-- ktime_get_real_ts(&Ts);
--# endif
-+ ktime_get_real_ts64(&Ts); /* ktime_get_real_ts64 was added as a macro in 3.17, function since 4.18. */
- IPRT_LINUX_RESTORE_EFL_AC();
--# ifdef _LINUX_TIME64_H
- return RTTimeSpecSetTimespec64(pTime, &Ts);
--# else
-+
-+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 16)
-+ struct timespec Ts;
-+ ktime_get_real_ts(&Ts); /* ktime_get_real_ts was removed in Linux 4.20. */
-+ IPRT_LINUX_RESTORE_EFL_AC();
- return RTTimeSpecSetTimespec(pTime, &Ts);
--# endif
--#else /* < 2.6.16 */
-+
-+#else /* < 2.6.16 */
- struct timeval Tv;
- do_gettimeofday(&Tv);
- IPRT_LINUX_RESTORE_EFL_AC();
---- a/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c
-+++ b/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c
-@@ -52,6 +52,14 @@
- # define PAGE_READONLY_EXEC PAGE_READONLY
- #endif
-
-+/** @def IPRT_USE_ALLOC_VM_AREA_FOR_EXEC
-+ * Whether we use alloc_vm_area (3.2+) for executable memory.
-+ * This is a must for 5.8+, but we enable it all the way back to 3.2.x for
-+ * better W^R compliance (fExecutable flag). */
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 2, 0) || defined(DOXYGEN_RUNNING)
-+# define IPRT_USE_ALLOC_VM_AREA_FOR_EXEC
-+#endif
-+
- /*
- * 2.6.29+ kernels don't work with remap_pfn_range() anymore because
- * track_pfn_vma_new() is apparently not defined for non-RAM pages.
-@@ -72,12 +80,27 @@
- # define gfp_t unsigned
- #endif
-
-+/*
-+ * Wrappers around mmap_lock/mmap_sem difference.
-+ */
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
-+# define LNX_MM_DOWN_READ(a_pMm) down_read(&(a_pMm)->mmap_lock)
-+# define LNX_MM_UP_READ(a_pMm) up_read(&(a_pMm)->mmap_lock)
-+# define LNX_MM_DOWN_WRITE(a_pMm) down_write(&(a_pMm)->mmap_lock)
-+# define LNX_MM_UP_WRITE(a_pMm) up_write(&(a_pMm)->mmap_lock)
-+#else
-+# define LNX_MM_DOWN_READ(a_pMm) down_read(&(a_pMm)->mmap_sem)
-+# define LNX_MM_UP_READ(a_pMm) up_read(&(a_pMm)->mmap_sem)
-+# define LNX_MM_DOWN_WRITE(a_pMm) down_write(&(a_pMm)->mmap_sem)
-+# define LNX_MM_UP_WRITE(a_pMm) up_write(&(a_pMm)->mmap_sem)
-+#endif
-+
-
- /*********************************************************************************************************************************
- * Structures and Typedefs *
- *********************************************************************************************************************************/
- /**
-- * The Darwin version of the memory object structure.
-+ * The Linux version of the memory object structure.
- */
- typedef struct RTR0MEMOBJLNX
- {
-@@ -90,11 +113,20 @@ typedef struct RTR0MEMOBJLNX
- bool fExecutable;
- /** Set if we've vmap'ed the memory into ring-0. */
- bool fMappedToRing0;
-+#ifdef IPRT_USE_ALLOC_VM_AREA_FOR_EXEC
-+ /** Return from alloc_vm_area() that we now need to use for executable
-+ * memory. */
-+ struct vm_struct *pArea;
-+ /** PTE array that goes along with pArea (must be freed). */
-+ pte_t **papPtesForArea;
-+#endif
- /** The pages in the apPages array. */
- size_t cPages;
- /** Array of struct page pointers. (variable size) */
- struct page *apPages[1];
--} RTR0MEMOBJLNX, *PRTR0MEMOBJLNX;
-+} RTR0MEMOBJLNX;
-+/** Pointer to the linux memory object. */
-+typedef RTR0MEMOBJLNX *PRTR0MEMOBJLNX;
-
-
- static void rtR0MemObjLinuxFreePages(PRTR0MEMOBJLNX pMemLnx);
-@@ -182,7 +214,7 @@ static pgprot_t rtR0MemObjLinuxConvertPr
- * Worker for rtR0MemObjNativeReserveUser and rtR0MemObjNativerMapUser that creates
- * an empty user space mapping.
- *
-- * We acquire the mmap_sem of the task!
-+ * We acquire the mmap_sem/mmap_lock of the task!
- *
- * @returns Pointer to the mapping.
- * (void *)-1 on failure.
-@@ -222,9 +254,9 @@ static void *rtR0MemObjLinuxDoMmap(RTR3P
- #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 5, 0)
- ulAddr = vm_mmap(NULL, R3PtrFixed, cb, fLnxProt, MAP_SHARED | MAP_ANONYMOUS | MAP_FIXED, 0);
- #else
-- down_write(&pTask->mm->mmap_sem);
-+ LNX_MM_DOWN_WRITE(pTask->mm);
- ulAddr = do_mmap(NULL, R3PtrFixed, cb, fLnxProt, MAP_SHARED | MAP_ANONYMOUS | MAP_FIXED, 0);
-- up_write(&pTask->mm->mmap_sem);
-+ LNX_MM_UP_WRITE(pTask->mm);
- #endif
- }
- else
-@@ -232,9 +264,9 @@ static void *rtR0MemObjLinuxDoMmap(RTR3P
- #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 5, 0)
- ulAddr = vm_mmap(NULL, 0, cb, fLnxProt, MAP_SHARED | MAP_ANONYMOUS, 0);
- #else
-- down_write(&pTask->mm->mmap_sem);
-+ LNX_MM_DOWN_WRITE(pTask->mm);
- ulAddr = do_mmap(NULL, 0, cb, fLnxProt, MAP_SHARED | MAP_ANONYMOUS, 0);
-- up_write(&pTask->mm->mmap_sem);
-+ LNX_MM_UP_WRITE(pTask->mm);
- #endif
- if ( !(ulAddr & ~PAGE_MASK)
- && (ulAddr & (uAlignment - 1)))
-@@ -257,7 +289,7 @@ static void *rtR0MemObjLinuxDoMmap(RTR3P
- * Worker that destroys a user space mapping.
- * Undoes what rtR0MemObjLinuxDoMmap did.
- *
-- * We acquire the mmap_sem of the task!
-+ * We acquire the mmap_sem/mmap_lock of the task!
- *
- * @param pv The ring-3 mapping.
- * @param cb The size of the mapping.
-@@ -269,13 +301,13 @@ static void rtR0MemObjLinuxDoMunmap(void
- Assert(pTask == current); RT_NOREF_PV(pTask);
- vm_munmap((unsigned long)pv, cb);
- #elif defined(USE_RHEL4_MUNMAP)
-- down_write(&pTask->mm->mmap_sem);
-+ LNX_MM_DOWN_WRITE(pTask->mm);
- do_munmap(pTask->mm, (unsigned long)pv, cb, 0); /* should it be 1 or 0? */
-- up_write(&pTask->mm->mmap_sem);
-+ LNX_MM_UP_WRITE(pTask->mm);
- #else
-- down_write(&pTask->mm->mmap_sem);
-+ LNX_MM_DOWN_WRITE(pTask->mm);
- do_munmap(pTask->mm, (unsigned long)pv, cb);
-- up_write(&pTask->mm->mmap_sem);
-+ LNX_MM_UP_WRITE(pTask->mm);
- #endif
- }
-
-@@ -520,15 +552,49 @@ static int rtR0MemObjLinuxVMap(PRTR0MEMO
- pgprot_val(fPg) |= _PAGE_NX;
- # endif
-
-+# ifdef IPRT_USE_ALLOC_VM_AREA_FOR_EXEC
-+ if (fExecutable)
-+ {
-+ pte_t **papPtes = (pte_t **)kmalloc_array(pMemLnx->cPages, sizeof(papPtes[0]), GFP_KERNEL);
-+ if (papPtes)
-+ {
-+ pMemLnx->pArea = alloc_vm_area(pMemLnx->Core.cb, papPtes); /* Note! pArea->nr_pages is not set. */
-+ if (pMemLnx->pArea)
-+ {
-+ size_t i;
-+ Assert(pMemLnx->pArea->size >= pMemLnx->Core.cb); /* Note! includes guard page. */
-+ Assert(pMemLnx->pArea->addr);
-+# ifdef _PAGE_NX
-+ pgprot_val(fPg) |= _PAGE_NX; /* Uses RTR0MemObjProtect to clear NX when memory ready, W^X fashion. */
-+# endif
-+ pMemLnx->papPtesForArea = papPtes;
-+ for (i = 0; i < pMemLnx->cPages; i++)
-+ *papPtes[i] = mk_pte(pMemLnx->apPages[i], fPg);
-+ pMemLnx->Core.pv = pMemLnx->pArea->addr;
-+ pMemLnx->fMappedToRing0 = true;
-+ }
-+ else
-+ {
-+ kfree(papPtes);
-+ rc = VERR_MAP_FAILED;
-+ }
-+ }
-+ else
-+ rc = VERR_MAP_FAILED;
-+ }
-+ else
-+# endif
-+ {
- # ifdef VM_MAP
-- pMemLnx->Core.pv = vmap(&pMemLnx->apPages[0], pMemLnx->cPages, VM_MAP, fPg);
-+ pMemLnx->Core.pv = vmap(&pMemLnx->apPages[0], pMemLnx->cPages, VM_MAP, fPg);
- # else
-- pMemLnx->Core.pv = vmap(&pMemLnx->apPages[0], pMemLnx->cPages, VM_ALLOC, fPg);
-+ pMemLnx->Core.pv = vmap(&pMemLnx->apPages[0], pMemLnx->cPages, VM_ALLOC, fPg);
- # endif
-- if (pMemLnx->Core.pv)
-- pMemLnx->fMappedToRing0 = true;
-- else
-- rc = VERR_MAP_FAILED;
-+ if (pMemLnx->Core.pv)
-+ pMemLnx->fMappedToRing0 = true;
-+ else
-+ rc = VERR_MAP_FAILED;
-+ }
- #else /* < 2.4.22 */
- rc = VERR_NOT_SUPPORTED;
- #endif
-@@ -554,6 +620,22 @@ static int rtR0MemObjLinuxVMap(PRTR0MEMO
- static void rtR0MemObjLinuxVUnmap(PRTR0MEMOBJLNX pMemLnx)
- {
- #if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 4, 22)
-+# ifdef IPRT_USE_ALLOC_VM_AREA_FOR_EXEC
-+ if (pMemLnx->pArea)
-+ {
-+# if 0
-+ pte_t **papPtes = pMemLnx->papPtesForArea;
-+ size_t i;
-+ for (i = 0; i < pMemLnx->cPages; i++)
-+ *papPtes[i] = 0;
-+# endif
-+ free_vm_area(pMemLnx->pArea);
-+ kfree(pMemLnx->papPtesForArea);
-+ pMemLnx->pArea = NULL;
-+ pMemLnx->papPtesForArea = NULL;
-+ }
-+ else
-+# endif
- if (pMemLnx->fMappedToRing0)
- {
- Assert(pMemLnx->Core.pv);
-@@ -593,7 +675,7 @@ DECLHIDDEN(int) rtR0MemObjNativeFree(RTR
- size_t iPage;
- Assert(pTask);
- if (pTask && pTask->mm)
-- down_read(&pTask->mm->mmap_sem);
-+ LNX_MM_DOWN_READ(pTask->mm);
-
- iPage = pMemLnx->cPages;
- while (iPage-- > 0)
-@@ -608,7 +690,7 @@ DECLHIDDEN(int) rtR0MemObjNativeFree(RTR
- }
-
- if (pTask && pTask->mm)
-- up_read(&pTask->mm->mmap_sem);
-+ LNX_MM_UP_READ(pTask->mm);
- }
- /* else: kernel memory - nothing to do here. */
- break;
-@@ -1076,7 +1158,7 @@ DECLHIDDEN(int) rtR0MemObjNativeLockUser
- papVMAs = (struct vm_area_struct **)RTMemAlloc(sizeof(*papVMAs) * cPages);
- if (papVMAs)
- {
-- down_read(&pTask->mm->mmap_sem);
-+ LNX_MM_DOWN_READ(pTask->mm);
-
- /*
- * Get user pages.
-@@ -1162,7 +1244,7 @@ DECLHIDDEN(int) rtR0MemObjNativeLockUser
- papVMAs[rc]->vm_flags |= VM_DONTCOPY | VM_LOCKED;
- }
-
-- up_read(&pTask->mm->mmap_sem);
-+ LNX_MM_UP_READ(pTask->mm);
-
- RTMemFree(papVMAs);
-
-@@ -1189,7 +1271,7 @@ DECLHIDDEN(int) rtR0MemObjNativeLockUser
- #endif
- }
-
-- up_read(&pTask->mm->mmap_sem);
-+ LNX_MM_UP_READ(pTask->mm);
-
- RTMemFree(papVMAs);
- rc = VERR_LOCK_FAILED;
-@@ -1422,6 +1504,7 @@ DECLHIDDEN(int) rtR0MemObjNativeMapKerne
- * Use vmap - 2.4.22 and later.
- */
- pgprot_t fPg = rtR0MemObjLinuxConvertProt(fProt, true /* kernel */);
-+ /** @todo We don't really care too much for EXEC here... 5.8 always adds NX. */
- Assert(((offSub + cbSub) >> PAGE_SHIFT) <= pMemLnxToMap->cPages);
- # ifdef VM_MAP
- pMemLnx->Core.pv = vmap(&pMemLnxToMap->apPages[offSub >> PAGE_SHIFT], cbSub >> PAGE_SHIFT, VM_MAP, fPg);
-@@ -1604,7 +1687,7 @@ DECLHIDDEN(int) rtR0MemObjNativeMapUser(
- const size_t cPages = (offSub + cbSub) >> PAGE_SHIFT;
- size_t iPage;
-
-- down_write(&pTask->mm->mmap_sem);
-+ LNX_MM_DOWN_WRITE(pTask->mm);
-
- rc = VINF_SUCCESS;
- if (pMemLnxToMap->cPages)
-@@ -1721,7 +1804,7 @@ DECLHIDDEN(int) rtR0MemObjNativeMapUser(
- }
- #endif /* CONFIG_NUMA_BALANCING */
-
-- up_write(&pTask->mm->mmap_sem);
-+ LNX_MM_UP_WRITE(pTask->mm);
-
- if (RT_SUCCESS(rc))
- {
-@@ -1753,6 +1836,29 @@ DECLHIDDEN(int) rtR0MemObjNativeMapUser(
-
- DECLHIDDEN(int) rtR0MemObjNativeProtect(PRTR0MEMOBJINTERNAL pMem, size_t offSub, size_t cbSub, uint32_t fProt)
- {
-+# ifdef IPRT_USE_ALLOC_VM_AREA_FOR_EXEC
-+ /*
-+ * Currently only supported when we've got addresses PTEs from the kernel.
-+ */
-+ PRTR0MEMOBJLNX pMemLnx = (PRTR0MEMOBJLNX)pMem;
-+ if (pMemLnx->pArea && pMemLnx->papPtesForArea)
-+ {
-+ pgprot_t const fPg = rtR0MemObjLinuxConvertProt(fProt, true /*fKernel*/);
-+ size_t const cPages = (offSub + cbSub) >> PAGE_SHIFT;
-+ pte_t **papPtes = pMemLnx->papPtesForArea;
-+ size_t i;
-+
-+ for (i = offSub >> PAGE_SHIFT; i < cPages; i++)
-+ {
-+ set_pte(papPtes[i], mk_pte(pMemLnx->apPages[i], fPg));
-+ }
-+ preempt_disable();
-+ __flush_tlb_all();
-+ preempt_enable();
-+ return VINF_SUCCESS;
-+ }
-+# endif
-+
- NOREF(pMem);
- NOREF(offSub);
- NOREF(cbSub);
---- a/src/VBox/HostDrivers/Support/linux/SUPDrv-linux.c
-+++ b/src/VBox/HostDrivers/Support/linux/SUPDrv-linux.c
-@@ -144,9 +144,9 @@ static int force_async_tsc = 0;
- * Memory for the executable memory heap (in IPRT).
- */
- # ifdef DEBUG
--# define EXEC_MEMORY_SIZE 8388608 /* 8 MB */
-+# define EXEC_MEMORY_SIZE 10485760 /* 10 MB */
- # else
--# define EXEC_MEMORY_SIZE 2097152 /* 2 MB */
-+# define EXEC_MEMORY_SIZE 8388608 /* 8 MB */
- # endif
- extern uint8_t g_abExecMemory[EXEC_MEMORY_SIZE];
- # ifndef VBOX_WITH_TEXT_MODMEM_HACK
-@@ -756,20 +756,25 @@ EXPORT_SYMBOL(SUPDrvLinuxIDC);
-
- RTCCUINTREG VBOXCALL supdrvOSChangeCR4(RTCCUINTREG fOrMask, RTCCUINTREG fAndMask)
- {
--#if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 20, 0)
-- RTCCUINTREG uOld = this_cpu_read(cpu_tlbstate.cr4);
-- RTCCUINTREG uNew = (uOld & fAndMask) | fOrMask;
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
-+ RTCCUINTREG const uOld = __read_cr4();
-+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(3, 20, 0)
-+ RTCCUINTREG const uOld = this_cpu_read(cpu_tlbstate.cr4);
-+#else
-+ RTCCUINTREG const uOld = ASMGetCR4();
-+#endif
-+ RTCCUINTREG const uNew = (uOld & fAndMask) | fOrMask;
- if (uNew != uOld)
- {
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 8, 0)
-+ ASMSetCR4(uNew);
-+#elif LINUX_VERSION_CODE >= KERNEL_VERSION(3, 20, 0)
- this_cpu_write(cpu_tlbstate.cr4, uNew);
- __write_cr4(uNew);
-- }
- #else
-- RTCCUINTREG uOld = ASMGetCR4();
-- RTCCUINTREG uNew = (uOld & fAndMask) | fOrMask;
-- if (uNew != uOld)
- ASMSetCR4(uNew);
- #endif
-+ }
- return uOld;
- }
-
---- a/src/VBox/Additions/linux/sharedfolders/vfsmod.c
-+++ b/src/VBox/Additions/linux/sharedfolders/vfsmod.c
-@@ -52,7 +52,7 @@
- #endif
- #include <linux/seq_file.h>
- #include <linux/vfs.h>
--#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 5, 62)
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 5, 62) && LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
- # include <linux/vermagic.h>
- #endif
- #include <VBox/err.h>
---- a/Config.kmk
-+++ b/Config.kmk
-@@ -4462,15 +4462,20 @@ endif # pe
-
- ifeq ($(VBOX_LDR_FMT),elf)
- TEMPLATE_VBoxR0_TOOL = $(VBOX_GCC_TOOL)
--TEMPLATE_VBoxR0_CFLAGS = -fno-pie -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_C) $(VBOX_GCC_Wno-variadic-macros) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) -fno-strict-aliasing -fno-exceptions $(VBOX_GCC_fno-stack-protector) -fno-common $(VBOX_GCC_fvisibility-hidden) -std=gnu99 $(VBOX_GCC_IPRT_FMT_CHECK)
--TEMPLATE_VBoxR0_CXXFLAGS = -fno-pie -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_CXX) $(VBOX_GCC_Wno-variadic-macros) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) -fno-strict-aliasing -fno-exceptions $(VBOX_GCC_fno-stack-protector) -fno-common $(VBOX_GCC_fvisibility-inlines-hidden) $(VBOX_GCC_fvisibility-hidden) -fno-rtti $(VBOX_GCC_IPRT_FMT_CHECK)
--TEMPLATE_VBoxR0_CFLAGS.amd64 = -m64 -mno-red-zone -mcmodel=kernel -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fasynchronous-unwind-tables -ffreestanding
--TEMPLATE_VBoxR0_CXXFLAGS.amd64 = -m64 -mno-red-zone -mcmodel=kernel -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fasynchronous-unwind-tables
-+TEMPLATE_VBoxR0_CFLAGS = -fno-pie -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_C) \
-+ $(VBOX_GCC_Wno-variadic-macros) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) -fno-strict-aliasing -fno-exceptions \
-+ $(VBOX_GCC_fno-stack-protector) -fno-common $(VBOX_GCC_fvisibility-hidden) -std=gnu99 $(VBOX_GCC_IPRT_FMT_CHECK)
-+TEMPLATE_VBoxR0_CXXFLAGS = -fno-pie -nostdinc -g $(VBOX_GCC_pipe) $(VBOX_GCC_WERR) $(VBOX_GCC_PEDANTIC_CXX) \
-+ $(VBOX_GCC_Wno-variadic-macros) $(VBOX_GCC_R0_OPT) $(VBOX_GCC_R0_FP) -fno-strict-aliasing -fno-exceptions \
-+ $(VBOX_GCC_fno-stack-protector) -fno-common $(VBOX_GCC_fvisibility-inlines-hidden) $(VBOX_GCC_fvisibility-hidden) \
-+ -fno-rtti $(VBOX_GCC_std) $(VBOX_GCC_IPRT_FMT_CHECK)
-++TEMPLATE_VBoxR0_CFLAGS.amd64 = -m64 -mno-red-zone -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fasynchronous-unwind-tables -ffreestanding
-++TEMPLATE_VBoxR0_CXXFLAGS.amd64 = -m64 -mno-red-zone -mno-sse -mno-mmx -mno-sse2 -mno-3dnow -fasynchronous-unwind-tables
- TEMPLATE_VBoxR0_CXXFLAGS.freebsd = -ffreestanding
- if $(VBOX_GCC_VERSION_CC) < 30400
- TEMPLATE_VBoxR0_DEFS += RT_WITHOUT_PRAGMA_ONCE
- endif
--ifeq ($(KBUILD_TARGET),solaris)
-+ ifeq ($(KBUILD_TARGET),solaris)
- TEMPLATE_VBoxR0_LDFLAGS = -r
- TEMPLATE_VBoxR0_LDFLAGS.solaris = -u _init -u _info
- TEMPLATE_VBoxR0_LIBS.solaris = \
-@@ -4481,19 +4486,32 @@ ifeq ($(KBUILD_TARGET),solaris)
- endif
- # Solaris driver signing.
- TEMPLATE_VBoxR0_POST_CMDS = $(VBOX_SIGN_DRIVER_CMDS)
--else
-+ else
- TEMPLATE_VBoxR0_LDFLAGS = -nostdlib -Bsymbolic -g
- ## @todo WTF doesn't the globals work? Debug info is supposed to be split everywhere. GRR
- TEMPLATE_VBoxR0_LD_DEBUG = split
--endif
--ifn1of ($(KBUILD_TARGET),solaris freebsd)
-+ endif
-+ if1of ($(KBUILD_TARGET), linux)
-+VBOX_WITH_VBOXR0_AS_DLL = 1
-+TEMPLATE_VBoxR0_DLLSUFF = .r0
-+TEMPLATE_VBoxR0_CFLAGS += -fPIC
-+TEMPLATE_VBoxR0_CXXFLAGS += -fPIC
-+TEMPLATE_VBoxR0_LDFLAGS +=
-+TEMPLATE_VBoxR0_DTRACE_HDR_FLAGS += --pic
-+TEMPLATE_VBoxR0_DTRACE_OBJ_FLAGS += --pic
-+ else
-+TEMPLATE_VBoxR0_CFLAGS.amd64 += -mcmodel=kernel
-+TEMPLATE_VBoxR0_CXXFLAGS.amd64 += -mcmodel=kernel
-+ endif
-+ ifn1of ($(KBUILD_TARGET),solaris freebsd)
- TEMPLATE_VBoxR0_LIBS = \
- $(VBOX_GCC_LIBGCC) # intrinsics
--endif
--if1of ($(KBUILD_TARGET),linux)
-- TEMPLATE_VBoxR0_POST_CMDS = $(if $(eq $(tool_do),LINK_SYSMOD),if readelf -S $(out)|grep -q "[cd]tors"; then echo "Found ctors/dtors in $(out)!"; exit 1; fi)
--endif
--endif
-+ endif
-+ if1of ($(KBUILD_TARGET),linux)
-+ TEMPLATE_VBoxR0_POST_CMDS += $(NLTAB)\
-+ $(if $(eq $(tool_do),LINK_SYSMOD),if readelf -S $(out)|grep -q "[cd]tors"; then echo "Found ctors/dtors in $(out)!"; exit 1; fi)
-+ endif
-+endif # elf
-
- ifeq ($(VBOX_LDR_FMT),macho)
- TEMPLATE_VBoxR0_TOOL = $(VBOX_GCC_TOOL)
---- a/tools/bin/gen-slickedit-workspace.sh
-+++ b/tools/bin/gen-slickedit-workspace.sh
-@@ -496,11 +496,13 @@ my_generate_usercpp_h()
- #
- # Probe the slickedit user config, picking the most recent version.
- #
-+ MY_VSLICK_DB_OLD=
- if test -z "${MY_SLICK_CONFIG}"; then
- if test -d "${HOME}/Library/Application Support/SlickEdit"; then
- MY_SLICKDIR_="${HOME}/Library/Application Support/SlickEdit"
- MY_USERCPP_H="unxcpp.h"
- MY_VSLICK_DB="vslick.sta" # was .stu earlier, 24 is using .sta.
-+ MY_VSLICK_DB_OLD="vslick.stu"
- elif test -d "${HOMEDRIVE}${HOMEPATH}/Documents/My SlickEdit Config"; then
- MY_SLICKDIR_="${HOMEDRIVE}${HOMEPATH}/Documents/My SlickEdit Config"
- MY_USERCPP_H="usercpp.h"
-@@ -508,7 +510,8 @@ my_generate_usercpp_h()
- else
- MY_SLICKDIR_="${HOME}/.slickedit"
- MY_USERCPP_H="unxcpp.h"
-- MY_VSLICK_DB="vslick.stu"
-+ MY_VSLICK_DB="vslick.sta"
-+ MY_VSLICK_DB_OLD="vslick.stu"
- fi
- else
- MY_SLICKDIR_="${MY_SLICK_CONFIG}"
-@@ -517,7 +520,8 @@ my_generate_usercpp_h()
- MY_VSLICK_DB="vslick.sta"
- else
- MY_USERCPP_H="unxcpp.h"
-- MY_VSLICK_DB="vslick.stu"
-+ MY_VSLICK_DB="vslick.sta"
-+ MY_VSLICK_DB_OLD="vslick.stu"
- fi
- # MacOS: Implement me!
- fi
-@@ -526,7 +530,9 @@ my_generate_usercpp_h()
- MY_VER="0.0.0"
- for subdir in "${MY_SLICKDIR_}/"*;
- do
-- if test -f "${subdir}/${MY_USERCPP_H}" -o -f "${subdir}/${MY_VSLICK_DB}"; then
-+ if test -f "${subdir}/${MY_USERCPP_H}" \
-+ -o -f "${subdir}/${MY_VSLICK_DB}" \
-+ -o '(' -n "${MY_VSLICK_DB_OLD}" -a -f "${subdir}/${MY_VSLICK_DB_OLD}" ')'; then
- MY_CUR_VER_NUM=0
- MY_CUR_VER=`echo "${subdir}" | ${MY_SED} -e 's,^.*/,,g'`
-
-@@ -561,6 +567,7 @@ my_generate_usercpp_h()
- echo "Found SlickEdit v${MY_VER} preprocessor file: ${MY_USERCPP_H_FULL}"
- else
- echo "Failed to locate SlickEdit preprocessor file. You need to manually merge ${MY_USERCPP_H}."
-+ echo "dbg: MY_SLICKDIR=${MY_SLICKDIR} MY_USERCPP_H_FULL=${MY_USERCPP_H_FULL}"
- MY_USERCPP_H_FULL=""
- fi
-
-@@ -717,6 +724,10 @@ EOF
- #define RTASN1TYPE_STANDARD_PROTOTYPES_NO_GET_CORE(a_TypeNm, a_DeclMacro, a_ImplExtNm) int a_ImplExtNm##_Init(P##a_TypeNm pThis, PCRTASN1ALLOCATORVTABLE pAllocator); int a_ImplExtNm##_Clone(P##a_TypeNm pThis, PC##a_TypeNm) pSrc, PCRTASN1ALLOCATORVTABLE pAllocator); void a_ImplExtNm##_Delete(P##a_TypeNm pThis); int a_ImplExtNm##_Enum(P##a_TypeNm pThis, PFNRTASN1ENUMCALLBACK pfnCallback, uint32_t uDepth, void *pvUser); int a_ImplExtNm##_Compare(PC##a_TypeNm) pLeft, PC##a_TypeNm pRight); int a_ImplExtNm##_DecodeAsn1(PRTASN1CURSOR pCursor, uint32_t fFlags, P##a_TypeNm pThis, const char *pszErrorTag); int a_ImplExtNm##_CheckSanity(PC##a_TypeNm pThis, uint32_t fFlags, PRTERRINFO pErrInfo, const char *pszErrorTag)
- #define RTASN1TYPE_STANDARD_PROTOTYPES(a_TypeNm, a_DeclMacro, a_ImplExtNm, a_Asn1CoreNm) inline PRTASN1CORE a_ImplExtNm##_GetAsn1Core(PC##a_TypeNm pThis) { return (PRTASN1CORE)&pThis->a_Asn1CoreNm; } inline bool a_ImplExtNm##_IsPresent(PC##a_TypeNm pThis) { return pThis && RTASN1CORE_IS_PRESENT(&pThis->a_Asn1CoreNm); } RTASN1TYPE_STANDARD_PROTOTYPES_NO_GET_CORE(a_TypeNm, a_DeclMacro, a_ImplExtNm)
-
-+#define RTLDRELF_NAME(name) rtldrELF64##name
-+#define RTLDRELF_SUFF(name) name##64
-+#define RTLDRELF_MID(pre,suff) pre##64##suff
-+
- #define BS3_DECL(type) type
- #define BS3_DECL_CALLBACK(type) type
- #define TMPL_NM(name) name##_mmm
---- a/include/iprt/asmdefs.mac
-+++ b/include/iprt/asmdefs.mac
-@@ -841,18 +841,18 @@ size NAME(%1 %+ _EndProc) 0
- ; is defined and RT_WITHOUT_NOCRT_WRAPPERS isn't.
- ;
- %macro RT_NOCRT_BEGINPROC 1
--%ifdef RT_WITH_NOCRT_ALIASES
--BEGINPROC RT_NOCRT(%1)
--%ifdef ASM_FORMAT_ELF
-+ %ifdef RT_WITH_NOCRT_ALIASES
-+BEGINPROC_EXPORTED RT_NOCRT(%1)
-+ %ifdef ASM_FORMAT_ELF
- global NAME(%1)
- weak NAME(%1)
- NAME(%1):
--%else
-+ %else
- GLOBALNAME %1
--%endif
--%else ; !RT_WITH_NOCRT_ALIASES
--BEGINPROC RT_NOCRT(%1)
--%endif ; !RT_WITH_NOCRT_ALIASES
-+ %endif
-+ %else ; !RT_WITH_NOCRT_ALIASES
-+BEGINPROC_EXPORTED RT_NOCRT(%1)
-+ %endif ; !RT_WITH_NOCRT_ALIASES
- %endmacro ; RT_NOCRT_BEGINPROC
-
- %ifdef RT_WITH_NOCRT_ALIASES
---- a/src/VBox/Runtime/testcase/tstLdr-4.cpp
-+++ b/src/VBox/Runtime/testcase/tstLdr-4.cpp
-@@ -35,9 +35,9 @@
- #include <iprt/assert.h>
- #include <iprt/param.h>
- #include <iprt/path.h>
--#include <iprt/initterm.h>
- #include <iprt/err.h>
- #include <iprt/string.h>
-+#include <iprt/test.h>
-
- #include <VBox/sup.h>
-
-@@ -45,8 +45,9 @@
- /*********************************************************************************************************************************
- * Global Variables *
- *********************************************************************************************************************************/
--static SUPGLOBALINFOPAGE g_MyGip = { SUPGLOBALINFOPAGE_MAGIC, SUPGLOBALINFOPAGE_VERSION, SUPGIPMODE_INVARIANT_TSC, 42 };
--static PSUPGLOBALINFOPAGE g_pMyGip = &g_MyGip;
-+static RTTEST g_hTest;
-+static SUPGLOBALINFOPAGE g_MyGip = { SUPGLOBALINFOPAGE_MAGIC, SUPGLOBALINFOPAGE_VERSION, SUPGIPMODE_INVARIANT_TSC, 42 };
-+static PSUPGLOBALINFOPAGE g_pMyGip = &g_MyGip;
-
- extern "C" DECLEXPORT(int) DisasmTest1(void);
-
-@@ -58,6 +59,60 @@ static DECLCALLBACK(int) testEnumSegment
- " link=%RTptr LB %RTptr align=%RTptr fProt=%#x offFile=%RTfoff\n"
- , *piSeg, pSeg->RVA, pSeg->cbMapped, pSeg->pszName,
- pSeg->LinkAddress, pSeg->cb, pSeg->Alignment, pSeg->fProt, pSeg->offFile);
-+
-+ if (pSeg->RVA != NIL_RTLDRADDR)
-+ {
-+ RTTESTI_CHECK(pSeg->cbMapped != NIL_RTLDRADDR);
-+ RTTESTI_CHECK(pSeg->cbMapped >= pSeg->cb);
-+ }
-+ else
-+ {
-+ RTTESTI_CHECK(pSeg->cbMapped == NIL_RTLDRADDR);
-+ }
-+
-+ /*
-+ * Do some address conversion tests:
-+ */
-+ if (pSeg->cbMapped != NIL_RTLDRADDR)
-+ {
-+ /* RTLdrRvaToSegOffset: */
-+ uint32_t iSegConv = ~(uint32_t)42;
-+ RTLDRADDR offSegConv = ~(RTLDRADDR)22;
-+ int rc = RTLdrRvaToSegOffset(hLdrMod, pSeg->RVA, &iSegConv, &offSegConv);
-+ if (RT_FAILURE(rc))
-+ RTTestIFailed("RTLdrRvaToSegOffset failed on Seg #%u / RVA %#RTptr: %Rrc", *piSeg, pSeg->RVA, rc);
-+ else if (iSegConv != *piSeg || offSegConv != 0)
-+ RTTestIFailed("RTLdrRvaToSegOffset on Seg #%u / RVA %#RTptr returned: iSegConv=%#x offSegConv=%RTptr, expected %#x and 0",
-+ *piSeg, pSeg->RVA, iSegConv, offSegConv, *piSeg);
-+
-+ /* RTLdrSegOffsetToRva: */
-+ RTLDRADDR uRvaConv = ~(RTLDRADDR)22;
-+ rc = RTLdrSegOffsetToRva(hLdrMod, *piSeg, 0, &uRvaConv);
-+ if (RT_FAILURE(rc))
-+ RTTestIFailed("RTLdrSegOffsetToRva failed on Seg #%u / off 0: %Rrc", *piSeg, rc);
-+ else if (uRvaConv != pSeg->RVA)
-+ RTTestIFailed("RTLdrSegOffsetToRva on Seg #%u / off 0 returned: %RTptr, expected %RTptr", *piSeg, uRvaConv, pSeg->RVA);
-+
-+ /* RTLdrLinkAddressToRva: */
-+ uRvaConv = ~(RTLDRADDR)22;
-+ rc = RTLdrLinkAddressToRva(hLdrMod, pSeg->LinkAddress, &uRvaConv);
-+ if (RT_FAILURE(rc))
-+ RTTestIFailed("RTLdrLinkAddressToRva failed on Seg #%u / %RTptr: %Rrc", *piSeg, pSeg->LinkAddress, rc);
-+ else if (uRvaConv != pSeg->RVA)
-+ RTTestIFailed("RTLdrLinkAddressToRva on Seg #%u / %RTptr returned: %RTptr, expected %RTptr",
-+ *piSeg, pSeg->LinkAddress, uRvaConv, pSeg->RVA);
-+
-+ /* RTLdrLinkAddressToSegOffset: */
-+ iSegConv = ~(uint32_t)42;
-+ offSegConv = ~(RTLDRADDR)22;
-+ rc = RTLdrLinkAddressToSegOffset(hLdrMod, pSeg->LinkAddress, &iSegConv, &offSegConv);
-+ if (RT_FAILURE(rc))
-+ RTTestIFailed("RTLdrLinkAddressToSegOffset failed on Seg #%u / %#RTptr: %Rrc", *piSeg, pSeg->LinkAddress, rc);
-+ else if (iSegConv != *piSeg || offSegConv != 0)
-+ RTTestIFailed("RTLdrLinkAddressToSegOffset on Seg #%u / %#RTptr returned: iSegConv=%#x offSegConv=%RTptr, expected %#x and 0",
-+ *piSeg, pSeg->LinkAddress, iSegConv, offSegConv, *piSeg);
-+ }
-+
- *piSeg += 1;
- RT_NOREF(hLdrMod);
- return VINF_SUCCESS;
-@@ -125,12 +180,12 @@ static DECLCALLBACK(int) testGetImport(R
- * regions the for compare usage. The third is loaded into one
- * and then relocated between the two and other locations a few times.
- *
-- * @returns number of errors.
- * @param pszFilename The file to load the mess with.
- */
--static int testLdrOne(const char *pszFilename)
-+static void testLdrOne(const char *pszFilename)
- {
-- int cErrors = 0;
-+ RTTestSub(g_hTest, RTPathFilename(pszFilename));
-+
- size_t cbImage = 0;
- struct Load
- {
-@@ -155,9 +210,8 @@ static int testLdrOne(const char *pszFil
- rc = RTLdrOpen(pszFilename, 0, RTLDRARCH_WHATEVER, &aLoads[i].hLdrMod);
- if (RT_FAILURE(rc))
- {
-- RTPrintf("tstLdr-4: Failed to open '%s'/%d, rc=%Rrc. aborting test.\n", pszFilename, i, rc);
-+ RTTestIFailed("tstLdr-4: Failed to open '%s'/%d, rc=%Rrc. aborting test.", pszFilename, i, rc);
- Assert(aLoads[i].hLdrMod == NIL_RTLDRMOD);
-- cErrors++;
- break;
- }
-
-@@ -165,8 +219,7 @@ static int testLdrOne(const char *pszFil
- size_t cb = RTLdrSize(aLoads[i].hLdrMod);
- if (cbImage && cb != cbImage)
- {
-- RTPrintf("tstLdr-4: Size mismatch '%s'/%d. aborting test.\n", pszFilename, i);
-- cErrors++;
-+ RTTestIFailed("tstLdr-4: Size mismatch '%s'/%d. aborting test.", pszFilename, i);
- break;
- }
- aLoads[i].cbBits = cbImage = cb;
-@@ -175,8 +228,7 @@ static int testLdrOne(const char *pszFil
- aLoads[i].pvBits = RTMemExecAlloc(cb);
- if (!aLoads[i].pvBits)
- {
-- RTPrintf("tstLdr-4: Out of memory '%s'/%d cbImage=%d. aborting test.\n", pszFilename, i, cbImage);
-- cErrors++;
-+ RTTestIFailed("Out of memory '%s'/%d cbImage=%d. aborting test.", pszFilename, i, cbImage);
- break;
- }
-
-@@ -184,8 +236,7 @@ static int testLdrOne(const char *pszFil
- rc = RTLdrGetBits(aLoads[i].hLdrMod, aLoads[i].pvBits, (uintptr_t)aLoads[i].pvBits, testGetImport, NULL);
- if (RT_FAILURE(rc))
- {
-- RTPrintf("tstLdr-4: Failed to get bits for '%s'/%d, rc=%Rrc. aborting test\n", pszFilename, i, rc);
-- cErrors++;
-+ RTTestIFailed("Failed to get bits for '%s'/%d, rc=%Rrc. aborting test", pszFilename, i, rc);
- break;
- }
- }
-@@ -193,7 +244,7 @@ static int testLdrOne(const char *pszFil
- /*
- * Execute the code.
- */
-- if (!cErrors)
-+ if (!RTTestSubErrorCount(g_hTest))
- {
- for (i = 0; i < RT_ELEMENTS(aLoads); i += 1)
- {
-@@ -209,22 +260,18 @@ static int testLdrOne(const char *pszFil
- UINT32_MAX, "_DisasmTest1", &Value);
- if (RT_FAILURE(rc))
- {
-- RTPrintf("tstLdr-4: Failed to get symbol \"DisasmTest1\" from load #%d: %Rrc\n", i, rc);
-- cErrors++;
-+ RTTestIFailed("Failed to get symbol \"DisasmTest1\" from load #%d: %Rrc", i, rc);
- break;
- }
- DECLCALLBACKPTR(int, pfnDisasmTest1)(void) = (DECLCALLBACKPTR(int, RT_NOTHING)(void))(uintptr_t)Value; /* eeeh. */
-- RTPrintf("tstLdr-4: pfnDisasmTest1=%p / add-symbol-file %s %#x\n", pfnDisasmTest1, pszFilename, aLoads[i].pvBits);
-+ RTPrintf("tstLdr-4: pfnDisasmTest1=%p / add-symbol-file %s %#p\n", pfnDisasmTest1, pszFilename, aLoads[i].pvBits);
- uint32_t iSeg = 0;
- RTLdrEnumSegments(aLoads[i].hLdrMod, testEnumSegment, &iSeg);
-
- /* call the test function. */
- rc = pfnDisasmTest1();
- if (rc)
-- {
-- RTPrintf("tstLdr-4: load #%d Test1 -> %#x\n", i, rc);
-- cErrors++;
-- }
-+ RTTestIFailed("load #%d Test1 -> %#x", i, rc);
-
- /* While we're here, check a couple of RTLdrQueryProp calls too */
- void *pvBits = aLoads[i].pvBits;
-@@ -255,56 +302,42 @@ static int testLdrOne(const char *pszFil
- {
- rc = RTLdrClose(aLoads[i].hLdrMod);
- if (RT_FAILURE(rc))
-- {
-- RTPrintf("tstLdr-4: Failed to close '%s' i=%d, rc=%Rrc.\n", pszFilename, i, rc);
-- cErrors++;
-- }
-+ RTTestIFailed("Failed to close '%s' i=%d, rc=%Rrc.", pszFilename, i, rc);
- }
- }
-
-- return cErrors;
- }
-
-
-
--int main(int argc, char **argv)
-+int main()
- {
-- int cErrors = 0;
-- RTR3InitExe(argc, &argv, 0);
-+ RTEXITCODE rcExit = RTTestInitAndCreate("tstLdr-4", &g_hTest);
-+ if (rcExit != RTEXITCODE_SUCCESS)
-+ return rcExit;
-
- /*
- * Sanity check.
- */
- int rc = DisasmTest1();
-- if (rc)
-+ if (rc == 0)
- {
-- RTPrintf("tstLdr-4: FATAL ERROR - DisasmTest1 is buggy: rc=%#x\n", rc);
-- return 1;
-- }
-+ /*
-+ * Execute the test.
-+ */
-+ char szPath[RTPATH_MAX];
-+ rc = RTPathExecDir(szPath, sizeof(szPath) - sizeof("/tstLdrObjR0.r0"));
-+ if (RT_SUCCESS(rc))
-+ {
-+ strcat(szPath, "/tstLdrObjR0.r0");
-
-- /*
-- * Execute the test.
-- */
-- char szPath[RTPATH_MAX];
-- rc = RTPathExecDir(szPath, sizeof(szPath) - sizeof("/tstLdrObjR0.r0"));
-- if (RT_SUCCESS(rc))
-- {
-- strcat(szPath, "/tstLdrObjR0.r0");
-- RTPrintf("tstLdr-4: TESTING '%s'...\n", szPath);
-- cErrors += testLdrOne(szPath);
-+ testLdrOne(szPath);
-+ }
-+ else
-+ RTTestIFailed("RTPathExecDir -> %Rrc", rc);
- }
- else
-- {
-- RTPrintf("tstLdr-4: RTPathExecDir -> %Rrc\n", rc);
-- cErrors++;
-- }
-+ RTTestIFailed("FATAL ERROR - DisasmTest1 is buggy: rc=%#x", rc);
-
-- /*
-- * Test result summary.
-- */
-- if (!cErrors)
-- RTPrintf("tstLdr-4: SUCCESS\n");
-- else
-- RTPrintf("tstLdr-4: FAILURE - %d errors\n", cErrors);
-- return !!cErrors;
-+ return RTTestSummaryAndDestroy(g_hTest);
- }
---- a/include/iprt/formats/elf-common.h
-+++ b/include/iprt/formats/elf-common.h
-@@ -198,6 +198,12 @@ typedef struct {
- #define PT_LOPROC 0x70000000 /* First processor-specific type. */
- #define PT_HIPROC 0x7fffffff /* Last processor-specific type. */
-
-+#define PT_GNU_EH_FRAME 0x6474e550 /**< GNU/Linux -> .eh_frame_hdr */
-+#define PT_GNU_STACK 0x6474e551 /**< GNU/Linux -> stack prot (RWX or RW) */
-+#define PT_GNU_RELRO 0x6474e552 /**< GNU/Linux -> make RO after relocations */
-+#define PT_GNU_PROPERTY 0x6474e553 /**< GNU/Linux -> .note.gnu.property */
-+
-+
- /* Values for p_flags. */
- #define PF_X 0x1 /* Executable. */
- #define PF_W 0x2 /* Writable. */
---- a/src/VBox/Runtime/common/ldr/ldrELF.cpp
-+++ b/src/VBox/Runtime/common/ldr/ldrELF.cpp
-@@ -51,9 +51,11 @@
- * Defined Constants And Macros *
- *********************************************************************************************************************************/
- /** Finds an ELF symbol table string. */
--#define ELF_STR(pHdrs, iStr) ((pHdrs)->pStr + (iStr))
-+#define ELF_STR(pHdrs, iStr) ((pHdrs)->Rel.pStr + (iStr))
-+/** Finds an ELF symbol table string. */
-+#define ELF_DYN_STR(pHdrs, iStr) ((pHdrs)->Dyn.pStr + (iStr))
- /** Finds an ELF section header string. */
--#define ELF_SH_STR(pHdrs, iStr) ((pHdrs)->pShStr + (iStr))
-+#define ELF_SH_STR(pHdrs, iStr) ((pHdrs)->pShStr + (iStr))
-
-
-
-@@ -62,6 +64,7 @@
- *********************************************************************************************************************************/
- #ifdef LOG_ENABLED
- static const char *rtldrElfGetShdrType(uint32_t iType);
-+static const char *rtldrElfGetPhdrType(uint32_t iType);
- #endif
-
-
-@@ -81,6 +84,7 @@ static const char *rtldrElfGetShdrType(u
-
-
- #ifdef LOG_ENABLED
-+
- /**
- * Gets the section type.
- *
-@@ -91,23 +95,51 @@ static const char *rtldrElfGetShdrType(u
- {
- switch (iType)
- {
-- case SHT_NULL: return "SHT_NULL";
-- case SHT_PROGBITS: return "SHT_PROGBITS";
-- case SHT_SYMTAB: return "SHT_SYMTAB";
-- case SHT_STRTAB: return "SHT_STRTAB";
-- case SHT_RELA: return "SHT_RELA";
-- case SHT_HASH: return "SHT_HASH";
-- case SHT_DYNAMIC: return "SHT_DYNAMIC";
-- case SHT_NOTE: return "SHT_NOTE";
-- case SHT_NOBITS: return "SHT_NOBITS";
-- case SHT_REL: return "SHT_REL";
-- case SHT_SHLIB: return "SHT_SHLIB";
-- case SHT_DYNSYM: return "SHT_DYNSYM";
-+ RT_CASE_RET_STR(SHT_NULL);
-+ RT_CASE_RET_STR(SHT_PROGBITS);
-+ RT_CASE_RET_STR(SHT_SYMTAB);
-+ RT_CASE_RET_STR(SHT_STRTAB);
-+ RT_CASE_RET_STR(SHT_RELA);
-+ RT_CASE_RET_STR(SHT_HASH);
-+ RT_CASE_RET_STR(SHT_DYNAMIC);
-+ RT_CASE_RET_STR(SHT_NOTE);
-+ RT_CASE_RET_STR(SHT_NOBITS);
-+ RT_CASE_RET_STR(SHT_REL);
-+ RT_CASE_RET_STR(SHT_SHLIB);
-+ RT_CASE_RET_STR(SHT_DYNSYM);
- default:
- return "";
- }
- }
--#endif
-+
-+/**
-+ * Gets the program header type.
-+ *
-+ * @returns Pointer to read only string.
-+ * @param iType The section type index.
-+ */
-+static const char *rtldrElfGetPhdrType(uint32_t iType)
-+{
-+ switch (iType)
-+ {
-+ RT_CASE_RET_STR(PT_NULL);
-+ RT_CASE_RET_STR(PT_LOAD);
-+ RT_CASE_RET_STR(PT_DYNAMIC);
-+ RT_CASE_RET_STR(PT_INTERP);
-+ RT_CASE_RET_STR(PT_NOTE);
-+ RT_CASE_RET_STR(PT_SHLIB);
-+ RT_CASE_RET_STR(PT_PHDR);
-+ RT_CASE_RET_STR(PT_TLS);
-+ RT_CASE_RET_STR(PT_GNU_EH_FRAME);
-+ RT_CASE_RET_STR(PT_GNU_STACK);
-+ RT_CASE_RET_STR(PT_GNU_RELRO);
-+ RT_CASE_RET_STR(PT_GNU_PROPERTY);
-+ default:
-+ return "";
-+ }
-+}
-+
-+#endif /* LOG_ENABLED*/
-
-
- /**
-@@ -124,8 +156,6 @@ DECLHIDDEN(int) rtldrELFOpen(PRTLDRREADE
- {
- const char *pszLogName = pReader->pfnLogName(pReader); NOREF(pszLogName);
-
-- RT_NOREF_PV(pErrInfo); /** @todo implement */
--
- /*
- * Read the ident to decide if this is 32-bit or 64-bit
- * and worth dealing with.
-@@ -134,6 +164,7 @@ DECLHIDDEN(int) rtldrELFOpen(PRTLDRREADE
- int rc = pReader->pfnRead(pReader, &e_ident, sizeof(e_ident), 0);
- if (RT_FAILURE(rc))
- return rc;
-+
- if ( e_ident[EI_MAG0] != ELFMAG0
- || e_ident[EI_MAG1] != ELFMAG1
- || e_ident[EI_MAG2] != ELFMAG2
-@@ -141,19 +172,17 @@ DECLHIDDEN(int) rtldrELFOpen(PRTLDRREADE
- || ( e_ident[EI_CLASS] != ELFCLASS32
- && e_ident[EI_CLASS] != ELFCLASS64)
- )
-- {
-- Log(("RTLdrELF: %s: Unsupported/invalid ident %.*Rhxs\n", pszLogName, sizeof(e_ident), e_ident));
-- return VERR_BAD_EXE_FORMAT;
-- }
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: Unsupported/invalid ident %.*Rhxs", pszLogName, sizeof(e_ident), e_ident);
-+
- if (e_ident[EI_DATA] != ELFDATA2LSB)
-- {
-- Log(("RTLdrELF: %s: ELF endian %x is unsupported\n", pszLogName, e_ident[EI_DATA]));
-- return VERR_LDRELF_ODD_ENDIAN;
-- }
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_LDRELF_ODD_ENDIAN,
-+ "%s: ELF endian %x is unsupported", pszLogName, e_ident[EI_DATA]);
-+
- if (e_ident[EI_CLASS] == ELFCLASS32)
-- rc = rtldrELF32Open(pReader, fFlags, enmArch, phLdrMod);
-+ rc = rtldrELF32Open(pReader, fFlags, enmArch, phLdrMod, pErrInfo);
- else
-- rc = rtldrELF64Open(pReader, fFlags, enmArch, phLdrMod);
-+ rc = rtldrELF64Open(pReader, fFlags, enmArch, phLdrMod, pErrInfo);
- return rc;
- }
-
---- a/src/VBox/Runtime/common/ldr/ldrELFRelocatable.cpp.h
-+++ b/src/VBox/Runtime/common/ldr/ldrELFRelocatable.cpp.h
-@@ -29,31 +29,37 @@
- * Defined Constants And Macros *
- *******************************************************************************/
- #if ELF_MODE == 32
--#define RTLDRELF_NAME(name) rtldrELF32##name
--#define RTLDRELF_SUFF(name) name##32
--#define RTLDRELF_MID(pre,suff) pre##32##suff
--#define FMT_ELF_ADDR "%08RX32"
--#define FMT_ELF_HALF "%04RX16"
--#define FMT_ELF_OFF "%08RX32"
--#define FMT_ELF_SIZE "%08RX32"
--#define FMT_ELF_SWORD "%RI32"
--#define FMT_ELF_WORD "%08RX32"
--#define FMT_ELF_XWORD "%08RX32"
--#define FMT_ELF_SXWORD "%RI32"
-+# define RTLDRELF_NAME(name) rtldrELF32##name
-+# define RTLDRELF_SUFF(name) name##32
-+# define RTLDRELF_MID(pre,suff) pre##32##suff
-+# define FMT_ELF_ADDR "%08RX32"
-+# define FMT_ELF_ADDR7 "%07RX32"
-+# define FMT_ELF_HALF "%04RX16"
-+# define FMT_ELF_OFF "%08RX32"
-+# define FMT_ELF_SIZE "%08RX32"
-+# define FMT_ELF_SWORD "%RI32"
-+# define FMT_ELF_WORD "%08RX32"
-+# define FMT_ELF_XWORD "%08RX32"
-+# define FMT_ELF_SXWORD "%RI32"
-+# define Elf_Xword Elf32_Word
-+# define Elf_Sxword Elf32_Sword
-
- #elif ELF_MODE == 64
--#define RTLDRELF_NAME(name) rtldrELF64##name
--#define RTLDRELF_SUFF(name) name##64
--#define RTLDRELF_MID(pre,suff) pre##64##suff
--#define FMT_ELF_ADDR "%016RX64"
--#define FMT_ELF_HALF "%04RX16"
--#define FMT_ELF_SHALF "%RI16"
--#define FMT_ELF_OFF "%016RX64"
--#define FMT_ELF_SIZE "%016RX64"
--#define FMT_ELF_SWORD "%RI32"
--#define FMT_ELF_WORD "%08RX32"
--#define FMT_ELF_XWORD "%016RX64"
--#define FMT_ELF_SXWORD "%RI64"
-+# define RTLDRELF_NAME(name) rtldrELF64##name
-+# define RTLDRELF_SUFF(name) name##64
-+# define RTLDRELF_MID(pre,suff) pre##64##suff
-+# define FMT_ELF_ADDR "%016RX64"
-+# define FMT_ELF_ADDR7 "%08RX64"
-+# define FMT_ELF_HALF "%04RX16"
-+# define FMT_ELF_SHALF "%RI16"
-+# define FMT_ELF_OFF "%016RX64"
-+# define FMT_ELF_SIZE "%016RX64"
-+# define FMT_ELF_SWORD "%RI32"
-+# define FMT_ELF_WORD "%08RX32"
-+# define FMT_ELF_XWORD "%016RX64"
-+# define FMT_ELF_SXWORD "%RI64"
-+# define Elf_Xword Elf64_Xword
-+# define Elf_Sxword Elf64_Sxword
- #endif
-
- #define Elf_Ehdr RTLDRELF_MID(Elf,_Ehdr)
-@@ -74,6 +80,9 @@
- #define RTLDRMODELF RTLDRELF_MID(RTLDRMODELF,RT_NOTHING)
- #define PRTLDRMODELF RTLDRELF_MID(PRTLDRMODELF,RT_NOTHING)
-
-+#define RTLDRMODELFSHX RTLDRELF_MID(RTLDRMODELFSHX,RT_NOTHING)
-+#define PRTLDRMODELFSHX RTLDRELF_MID(PRTLDRMODELFSHX,RT_NOTHING)
-+
- #define ELF_R_SYM(info) RTLDRELF_MID(ELF,_R_SYM)(info)
- #define ELF_R_TYPE(info) RTLDRELF_MID(ELF,_R_TYPE)(info)
- #define ELF_R_INFO(sym, type) RTLDRELF_MID(ELF,_R_INFO)(sym, type)
-@@ -86,6 +95,20 @@
- * Structures and Typedefs *
- *******************************************************************************/
- /**
-+ * Extra section info.
-+ */
-+typedef struct RTLDRMODELFSHX
-+{
-+ /** The corresponding program header. */
-+ uint16_t idxPhdr;
-+ /** The corresponding dynamic section entry (address). */
-+ uint16_t idxDt;
-+ /** The DT tag. */
-+ uint32_t uDtTag;
-+} RTLDRMODELFSHX;
-+typedef RTLDRMODELFSHX *PRTLDRMODELFSHX;
-+
-+/**
- * The ELF loader structure.
- */
- typedef struct RTLDRMODELF
-@@ -105,36 +128,82 @@ typedef struct RTLDRMODELF
- /** Unmodified section headers (allocated after paShdrs, so no need to free).
- * Not valid if the image is DONE. */
- Elf_Shdr const *paOrgShdrs;
-+ /** Runs parallel to paShdrs and is part of the same allocation. */
-+ PRTLDRMODELFSHX paShdrExtras;
-+ /** Base section number, either 1 or zero depending on whether we've
-+ * re-used the NULL entry for .elf.headers in ET_EXEC/ET_DYN. */
-+ unsigned iFirstSect;
-+ /** Set if the SHF_ALLOC section headers are in order of sh_addr. */
-+ bool fShdrInOrder;
- /** The size of the loaded image. */
- size_t cbImage;
-
- /** The image base address if it's an EXEC or DYN image. */
- Elf_Addr LinkAddress;
-
-- /** The symbol section index. */
-- unsigned iSymSh;
-- /** Number of symbols in the table. */
-- unsigned cSyms;
-- /** Pointer to symbol table within RTLDRMODELF::pvBits. */
-- const Elf_Sym *paSyms;
--
-- /** The string section index. */
-- unsigned iStrSh;
-- /** Size of the string table. */
-- unsigned cbStr;
-- /** Pointer to string table within RTLDRMODELF::pvBits. */
-- const char *pStr;
-+ struct
-+ {
-+ /** The symbol section index. */
-+ unsigned iSymSh;
-+ /** Number of symbols in the table. */
-+ unsigned cSyms;
-+ /** Pointer to symbol table within RTLDRMODELF::pvBits. */
-+ const Elf_Sym *paSyms;
-+
-+ /** The string section index. */
-+ unsigned iStrSh;
-+ /** Size of the string table. */
-+ unsigned cbStr;
-+ /** Pointer to string table within RTLDRMODELF::pvBits. */
-+ const char *pStr;
-+ } Rel /**< Regular symbols and strings. */
-+ , Dyn /**< Dynamic symbols and strings. */;
-
-- /** Size of the section header string table. */
-- unsigned cbShStr;
- /** Pointer to section header string table within RTLDRMODELF::pvBits. */
- const char *pShStr;
-+ /** Size of the section header string table. */
-+ unsigned cbShStr;
-
- /** The '.eh_frame' section index. Zero if not searched for, ~0U if not found. */
- unsigned iShEhFrame;
- /** The '.eh_frame_hdr' section index. Zero if not searched for, ~0U if not found. */
- unsigned iShEhFrameHdr;
--} RTLDRMODELF, *PRTLDRMODELF;
-+
-+ /** The '.dynamic' / SHT_DYNAMIC section index. ~0U if not present. */
-+ unsigned iShDynamic;
-+ /** Number of entries in paDynamic. */
-+ unsigned cDynamic;
-+ /** The dynamic section (NULL for ET_REL). */
-+ Elf_Dyn *paDynamic;
-+ /** Program headers (NULL for ET_REL). */
-+ Elf_Phdr *paPhdrs;
-+
-+ /** Info extracted from PT_DYNAMIC and the program headers. */
-+ struct
-+ {
-+ /** DT_RELA/DT_REL. */
-+ Elf_Addr uPtrRelocs;
-+ /** DT_RELASZ/DT_RELSZ. */
-+ Elf_Xword cbRelocs;
-+ /** Non-zero if we've seen DT_RELAENT/DT_RELENT. */
-+ unsigned cbRelocEntry;
-+ /** DT_RELA or DT_REL. */
-+ unsigned uRelocType;
-+ /** The index of the section header matching DT_RELA/DT_REL. */
-+ unsigned idxShRelocs;
-+
-+ /** DT_JMPREL. */
-+ Elf_Addr uPtrJmpRelocs;
-+ /** DT_PLTRELSZ. */
-+ Elf_Xword cbJmpRelocs;
-+ /** DT_RELA or DT_REL (if we've seen DT_PLTREL). */
-+ unsigned uJmpRelocType;
-+ /** The index of the section header matching DT_JMPREL. */
-+ unsigned idxShJmpRelocs;
-+ } DynInfo;
-+} RTLDRMODELF;
-+/** Pointer to an ELF module instance. */
-+typedef RTLDRMODELF *PRTLDRMODELF;
-
-
- /**
-@@ -154,11 +223,15 @@ static int RTLDRELF_NAME(MapBits)(PRTLDR
- if (RT_SUCCESS(rc))
- {
- const uint8_t *pu8 = (const uint8_t *)pModElf->pvBits;
-- if (pModElf->iSymSh != ~0U)
-- pModElf->paSyms = (const Elf_Sym *)(pu8 + pModElf->paShdrs[pModElf->iSymSh].sh_offset);
-- if (pModElf->iStrSh != ~0U)
-- pModElf->pStr = (const char *)(pu8 + pModElf->paShdrs[pModElf->iStrSh].sh_offset);
-- pModElf->pShStr = (const char *)(pu8 + pModElf->paShdrs[pModElf->Ehdr.e_shstrndx].sh_offset);
-+ if (pModElf->Rel.iSymSh != ~0U)
-+ pModElf->Rel.paSyms = (const Elf_Sym *)(pu8 + pModElf->paShdrs[pModElf->Rel.iSymSh].sh_offset);
-+ if (pModElf->Rel.iStrSh != ~0U)
-+ pModElf->Rel.pStr = (const char *)(pu8 + pModElf->paShdrs[pModElf->Rel.iStrSh].sh_offset);
-+ if (pModElf->Dyn.iSymSh != ~0U)
-+ pModElf->Dyn.paSyms = (const Elf_Sym *)(pu8 + pModElf->paShdrs[pModElf->Dyn.iSymSh].sh_offset);
-+ if (pModElf->Dyn.iStrSh != ~0U)
-+ pModElf->Dyn.pStr = (const char *)(pu8 + pModElf->paShdrs[pModElf->Dyn.iStrSh].sh_offset);
-+ pModElf->pShStr = (const char *)(pu8 + pModElf->paShdrs[pModElf->Ehdr.e_shstrndx].sh_offset);
-
- /*
- * Verify that the ends of the string tables have a zero terminator
-@@ -167,8 +240,12 @@ static int RTLDRELF_NAME(MapBits)(PRTLDR
- * sh_offset and sh_size were verfied in RTLDRELF_NAME(ValidateSectionHeader)() already so they
- * are safe to use.
- */
-- AssertMsgStmt( pModElf->iStrSh == ~0U
-- || pModElf->pStr[pModElf->paShdrs[pModElf->iStrSh].sh_size - 1] == '\0',
-+ AssertMsgStmt( pModElf->Rel.iStrSh == ~0U
-+ || pModElf->Rel.pStr[pModElf->paShdrs[pModElf->Rel.iStrSh].sh_size - 1] == '\0',
-+ ("The string table is not zero terminated!\n"),
-+ rc = VERR_LDRELF_UNTERMINATED_STRING_TAB);
-+ AssertMsgStmt( pModElf->Dyn.iStrSh == ~0U
-+ || pModElf->Dyn.pStr[pModElf->paShdrs[pModElf->Dyn.iStrSh].sh_size - 1] == '\0',
- ("The string table is not zero terminated!\n"),
- rc = VERR_LDRELF_UNTERMINATED_STRING_TAB);
- AssertMsgStmt(pModElf->pShStr[pModElf->paShdrs[pModElf->Ehdr.e_shstrndx].sh_size - 1] == '\0',
-@@ -180,10 +257,12 @@ static int RTLDRELF_NAME(MapBits)(PRTLDR
- /* Unmap. */
- int rc2 = pModElf->Core.pReader->pfnUnmap(pModElf->Core.pReader, pModElf->pvBits);
- AssertRC(rc2);
-- pModElf->pvBits = NULL;
-- pModElf->paSyms = NULL;
-- pModElf->pStr = NULL;
-- pModElf->pShStr = NULL;
-+ pModElf->pvBits = NULL;
-+ pModElf->Rel.paSyms = NULL;
-+ pModElf->Rel.pStr = NULL;
-+ pModElf->Dyn.paSyms = NULL;
-+ pModElf->Dyn.pStr = NULL;
-+ pModElf->pShStr = NULL;
- }
- }
- return rc;
-@@ -200,6 +279,101 @@ static int RTLDRELF_NAME(MapBits)(PRTLDR
- *
- */
-
-+/**
-+ * Get the symbol and symbol value.
-+ *
-+ * @returns iprt status code.
-+ * @param pModElf The ELF loader module instance data.
-+ * @param BaseAddr The base address which the module is being fixedup to.
-+ * @param pfnGetImport The callback function to use to resolve imports (aka unresolved externals).
-+ * @param pvUser User argument to pass to the callback.
-+ * @param iSym The symbol to get.
-+ * @param ppSym Where to store the symbol pointer on success. (read only)
-+ * @param pSymValue Where to store the symbol value on success.
-+ */
-+static int RTLDRELF_NAME(SymbolExecDyn)(PRTLDRMODELF pModElf, Elf_Addr BaseAddr, PFNRTLDRIMPORT pfnGetImport, void *pvUser,
-+ Elf_Size iSym, const Elf_Sym **ppSym, Elf_Addr *pSymValue)
-+{
-+ /*
-+ * Validate and find the symbol.
-+ */
-+ AssertMsgReturn(iSym < pModElf->Dyn.cSyms, ("iSym=%d is an invalid symbol index!\n", iSym), VERR_LDRELF_INVALID_SYMBOL_INDEX);
-+ const Elf_Sym *pSym = &pModElf->Dyn.paSyms[iSym];
-+ *ppSym = pSym;
-+
-+ AssertMsgReturn(pSym->st_name < pModElf->Dyn.cbStr,
-+ ("iSym=%d st_name=%d str sh_size=%d\n", iSym, pSym->st_name, pModElf->Dyn.cbStr),
-+ VERR_LDRELF_INVALID_SYMBOL_NAME_OFFSET);
-+ const char * const pszName = pModElf->Dyn.pStr + pSym->st_name;
-+
-+ /*
-+ * Determine the symbol value.
-+ *
-+ * Symbols needs different treatment depending on which section their are in.
-+ * Undefined and absolute symbols goes into special non-existing sections.
-+ */
-+ switch (pSym->st_shndx)
-+ {
-+ /*
-+ * Undefined symbol, needs resolving.
-+ *
-+ * Since ELF has no generic concept of importing from specific module (the OS/2 ELF format
-+ * has but that's an OS extension and only applies to programs and dlls), we'll have to ask
-+ * the resolver callback to do a global search.
-+ */
-+ case SHN_UNDEF:
-+ {
-+ /* Try to resolve the symbol. */
-+ RTUINTPTR Value;
-+ int rc = pfnGetImport(&pModElf->Core, "", pszName, ~0U, &Value, pvUser);
-+ AssertMsgRCReturn(rc, ("Failed to resolve '%s' (iSym=" FMT_ELF_SIZE " rc=%Rrc\n", pszName, iSym, rc), rc);
-+
-+ *pSymValue = (Elf_Addr)Value;
-+ AssertMsgReturn((RTUINTPTR)*pSymValue == Value,
-+ ("Symbol value overflowed! '%s' (iSym=" FMT_ELF_SIZE "\n", pszName, iSym), VERR_SYMBOL_VALUE_TOO_BIG);
-+
-+ Log2(("rtldrELF: #%-3d - UNDEF " FMT_ELF_ADDR " '%s'\n", iSym, *pSymValue, pszName));
-+ break;
-+ }
-+
-+ /*
-+ * Absolute symbols needs no fixing since they are, well, absolute.
-+ */
-+ case SHN_ABS:
-+ *pSymValue = pSym->st_value;
-+ Log2(("rtldrELF: #%-3d - ABS " FMT_ELF_ADDR " '%s'\n", iSym, *pSymValue, pszName));
-+ break;
-+
-+ /*
-+ * All other symbols are addressed relative the image base in DYN and EXEC binaries.
-+ */
-+ default:
-+ AssertMsgReturn(pSym->st_shndx < pModElf->Ehdr.e_shnum,
-+ ("iSym=%d st_shndx=%d e_shnum=%d pszName=%s\n", iSym, pSym->st_shndx, pModElf->Ehdr.e_shnum, pszName),
-+ VERR_BAD_EXE_FORMAT);
-+ *pSymValue = pSym->st_value + BaseAddr;
-+ Log2(("rtldrELF: #%-3d - %5d " FMT_ELF_ADDR " '%s'\n", iSym, pSym->st_shndx, *pSymValue, pszName));
-+ break;
-+ }
-+
-+ return VINF_SUCCESS;
-+}
-+
-+
-+#if ELF_MODE == 32
-+/** Helper for RelocateSectionExecDyn. */
-+DECLINLINE(const Elf_Shdr *) RTLDRELF_NAME(RvaToSectionHeader)(PRTLDRMODELF pModElf, Elf_Addr uRva)
-+{
-+ const Elf_Shdr * const pShdrFirst = pModElf->paShdrs;
-+ const Elf_Shdr *pShdr = pShdrFirst + pModElf->Ehdr.e_shnum;
-+ while (--pShdr != pShdrFirst)
-+ if (uRva - pShdr->sh_addr /*rva*/ < pShdr->sh_size)
-+ return pShdr;
-+ AssertFailed();
-+ return pShdr;
-+}
-+#endif
-+
-
- /**
- * Applies the fixups for a section in an executable image.
-@@ -230,84 +404,106 @@ static int RTLDRELF_NAME(RelocateSection
- * Iterate the relocations.
- * The relocations are stored in an array of Elf32_Rel records and covers the entire relocation section.
- */
-+#if ELF_MODE == 32
-+ const Elf_Shdr *pShdr = pModElf->paShdrs;
- const Elf_Addr offDelta = BaseAddr - pModElf->LinkAddress;
-+#endif
- const Elf_Reloc *paRels = (const Elf_Reloc *)pvRelocs;
-- const unsigned iRelMax = (unsigned)(cbRelocs / sizeof(paRels[0]));
-+ const unsigned iRelMax = (unsigned)(cbRelocs / sizeof(paRels[0]));
- AssertMsgReturn(iRelMax == cbRelocs / sizeof(paRels[0]), (FMT_ELF_SIZE "\n", cbRelocs / sizeof(paRels[0])),
- VERR_IMAGE_TOO_BIG);
- for (unsigned iRel = 0; iRel < iRelMax; iRel++)
- {
- /*
-- * Skip R_XXX_NONE entries early to avoid confusion in the symbol
-- * getter code.
-+ * Apply fixups not taking a symbol (will 'continue' rather than 'break').
- */
-+ AssertMsgReturn(paRels[iRel].r_offset < cbSec, (FMT_ELF_ADDR " " FMT_ELF_SIZE "\n", paRels[iRel].r_offset, cbSec),
-+ VERR_LDRELF_INVALID_RELOCATION_OFFSET);
- #if ELF_MODE == 32
-- if (ELF_R_TYPE(paRels[iRel].r_info) == R_386_NONE)
-- continue;
--#elif ELF_MODE == 64
-- if (ELF_R_TYPE(paRels[iRel].r_info) == R_X86_64_NONE)
-- continue;
-+ if (paRels[iRel].r_offset - pShdr->sh_addr /*rva*/ >= pShdr->sh_size)
-+ pShdr = RTLDRELF_NAME(RvaToSectionHeader)(pModElf, paRels[iRel].r_offset);
-+ static const Elf_Addr s_uZero = 0;
-+ const Elf_Addr *pAddrR = RT_LIKELY(pShdr->sh_type != SHT_NOBITS) /* Where to read the addend. */
-+ ? (const Elf_Addr *)(pu8SecBaseR + paRels[iRel].r_offset - pShdr->sh_addr /*rva*/
-+ + pShdr->sh_offset)
-+ : &s_uZero;
- #endif
--
-- /*
-- * Validate and find the symbol, resolve undefined ones.
-- */
-- Elf_Size iSym = ELF_R_SYM(paRels[iRel].r_info);
-- if (iSym >= pModElf->cSyms)
-- {
-- AssertMsgFailed(("iSym=%d is an invalid symbol index!\n", iSym));
-- return VERR_LDRELF_INVALID_SYMBOL_INDEX;
-- }
-- const Elf_Sym *pSym = &pModElf->paSyms[iSym];
-- if (pSym->st_name >= pModElf->cbStr)
-+ Elf_Addr *pAddrW = (Elf_Addr *)(pu8SecBaseW + paRels[iRel].r_offset); /* Where to write the fixup. */
-+ switch (ELF_R_TYPE(paRels[iRel].r_info))
- {
-- AssertMsgFailed(("iSym=%d st_name=%d str sh_size=%d\n", iSym, pSym->st_name, pModElf->cbStr));
-- return VERR_LDRELF_INVALID_SYMBOL_NAME_OFFSET;
-- }
-+ /*
-+ * Image relative (addend + base).
-+ */
-+#if ELF_MODE == 32
-+ case R_386_RELATIVE:
-+ {
-+ const Elf_Addr Value = *pAddrR + BaseAddr;
-+ *(uint32_t *)pAddrW = Value;
-+ Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_386_RELATIVE Value=" FMT_ELF_ADDR "\n",
-+ SecAddr + paRels[iRel].r_offset + BaseAddr, paRels[iRel].r_offset, Value));
-+ AssertCompile(sizeof(Value) == sizeof(uint32_t));
-+ continue;
-+ }
-+#elif ELF_MODE == 64
-+ case R_X86_64_RELATIVE:
-+ {
-+ const Elf_Addr Value = paRels[iRel].r_addend + BaseAddr;
-+ *(uint64_t *)pAddrW = (uint64_t)Value;
-+ Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_X86_64_RELATIVE Value=" FMT_ELF_ADDR "\n",
-+ SecAddr + paRels[iRel].r_offset + BaseAddr, paRels[iRel].r_offset, Value));
-+ AssertCompile(sizeof(Value) == sizeof(uint64_t));
-+ continue;
-+ }
-+#endif
-
-- Elf_Addr SymValue = 0;
-- if (pSym->st_shndx == SHN_UNDEF)
-- {
-- /* Try to resolve the symbol. */
-- const char *pszName = ELF_STR(pModElf, pSym->st_name);
-- RTUINTPTR ExtValue;
-- int rc = pfnGetImport(&pModElf->Core, "", pszName, ~0U, &ExtValue, pvUser);
-- AssertMsgRCReturn(rc, ("Failed to resolve '%s' rc=%Rrc\n", pszName, rc), rc);
-- SymValue = (Elf_Addr)ExtValue;
-- AssertMsgReturn((RTUINTPTR)SymValue == ExtValue, ("Symbol value overflowed! '%s'\n", pszName),
-- VERR_SYMBOL_VALUE_TOO_BIG);
-- Log2(("rtldrELF: #%-3d - UNDEF " FMT_ELF_ADDR " '%s'\n", iSym, SymValue, pszName));
-- }
-- else
-- {
-- AssertMsgReturn(pSym->st_shndx < pModElf->Ehdr.e_shnum || pSym->st_shndx == SHN_ABS, ("%#x\n", pSym->st_shndx),
-- VERR_LDRELF_INVALID_RELOCATION_OFFSET);
--#if ELF_MODE == 64
-- SymValue = pSym->st_value;
-+ /*
-+ * R_XXX_NONE.
-+ */
-+#if ELF_MODE == 32
-+ case R_386_NONE:
-+#elif ELF_MODE == 64
-+ case R_X86_64_NONE:
- #endif
-+ continue;
- }
-
--#if ELF_MODE == 64
-- /* Calc the value (indexes checked above; assumes SHN_UNDEF == 0). */
-- Elf_Addr Value;
-- if (pSym->st_shndx < pModElf->Ehdr.e_shnum)
-- Value = SymValue + offDelta;
-- else /* SHN_ABS: */
-- Value = SymValue + paRels[iRel].r_addend;
--#endif
-+ /*
-+ * Validate and find the symbol, resolve undefined ones.
-+ */
-+ const Elf_Sym *pSym = NULL; /* shut up gcc */
-+ Elf_Addr SymValue = 0; /* shut up gcc-4 */
-+ int rc = RTLDRELF_NAME(SymbolExecDyn)(pModElf, BaseAddr, pfnGetImport, pvUser, ELF_R_SYM(paRels[iRel].r_info), &pSym, &SymValue);
-+ if (RT_FAILURE(rc))
-+ return rc;
-
- /*
- * Apply the fixup.
- */
-- AssertMsgReturn(paRels[iRel].r_offset < cbSec, (FMT_ELF_ADDR " " FMT_ELF_SIZE "\n", paRels[iRel].r_offset, cbSec), VERR_LDRELF_INVALID_RELOCATION_OFFSET);
--#if ELF_MODE == 32
-- const Elf_Addr *pAddrR = (const Elf_Addr *)(pu8SecBaseR + paRels[iRel].r_offset); /* Where to read the addend. */
--#endif
-- Elf_Addr *pAddrW = (Elf_Addr *)(pu8SecBaseW + paRels[iRel].r_offset); /* Where to write the fixup. */
- switch (ELF_R_TYPE(paRels[iRel].r_info))
- {
- #if ELF_MODE == 32
- /*
-+ * GOT/PLT.
-+ */
-+ case R_386_GLOB_DAT:
-+ {
-+ *(uint32_t *)pAddrW = (uint32_t)SymValue;
-+ Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_386_GLOB_DAT Value=" FMT_ELF_ADDR "\n",
-+ SecAddr + paRels[iRel].r_offset + BaseAddr, paRels[iRel].r_offset, SymValue));
-+ AssertCompile(sizeof(SymValue) == sizeof(uint32_t));
-+ break;
-+ }
-+
-+ case R_386_JMP_SLOT:
-+ {
-+ *(uint32_t *)pAddrW = (uint32_t)SymValue;
-+ Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_386_JMP_SLOT Value=" FMT_ELF_ADDR "\n",
-+ SecAddr + paRels[iRel].r_offset + BaseAddr, paRels[iRel].r_offset, SymValue));
-+ AssertCompile(sizeof(SymValue) == sizeof(uint32_t));
-+ break;
-+ }
-+
-+ /*
- * Absolute addressing.
- */
- case R_386_32:
-@@ -322,7 +518,8 @@ static int RTLDRELF_NAME(RelocateSection
- else
- AssertFailedReturn(VERR_LDR_GENERAL_FAILURE); /** @todo SHN_COMMON */
- *(uint32_t *)pAddrW = Value;
-- Log4((FMT_ELF_ADDR": R_386_32 Value=" FMT_ELF_ADDR "\n", SecAddr + paRels[iRel].r_offset + BaseAddr, Value));
-+ Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_386_32 Value=" FMT_ELF_ADDR "\n",
-+ SecAddr + paRels[iRel].r_offset + BaseAddr, paRels[iRel].r_offset, Value));
- break;
- }
-
-@@ -344,20 +541,42 @@ static int RTLDRELF_NAME(RelocateSection
- }
- else
- AssertFailedReturn(VERR_LDR_GENERAL_FAILURE); /** @todo SHN_COMMON */
-- Log4((FMT_ELF_ADDR": R_386_PC32 Value=" FMT_ELF_ADDR "\n", SecAddr + paRels[iRel].r_offset + BaseAddr, Value));
-+ Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_386_PC32 Value=" FMT_ELF_ADDR "\n",
-+ SecAddr + paRels[iRel].r_offset + BaseAddr, paRels[iRel].r_offset, Value));
- break;
- }
-
- #elif ELF_MODE == 64
-+ /*
-+ * GOT/PLT.
-+ */
-+ case R_X86_64_GLOB_DAT:
-+ {
-+ *(uint64_t *)pAddrW = (uint64_t)SymValue;
-+ Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_X86_64_GLOB_DAT Value=" FMT_ELF_ADDR "\n",
-+ SecAddr + paRels[iRel].r_offset + BaseAddr, paRels[iRel].r_offset, SymValue));
-+ AssertCompile(sizeof(SymValue) == sizeof(uint64_t));
-+ break;
-+ }
-+
-+ case R_X86_64_JMP_SLOT:
-+ {
-+ *(uint64_t *)pAddrW = (uint64_t)SymValue;
-+ Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_X86_64_JMP_SLOT Value=" FMT_ELF_ADDR "\n",
-+ SecAddr + paRels[iRel].r_offset + BaseAddr, paRels[iRel].r_offset, SymValue));
-+ AssertCompile(sizeof(SymValue) == sizeof(uint64_t));
-+ break;
-+ }
-
- /*
-- * Absolute addressing
-+ * Absolute addressing.
- */
- case R_X86_64_64:
- {
-+ const Elf_Addr Value = SymValue + paRels[iRel].r_addend;
- *(uint64_t *)pAddrW = Value;
-- Log4((FMT_ELF_ADDR": R_X86_64_64 Value=" FMT_ELF_ADDR " SymValue=" FMT_ELF_ADDR "\n",
-- SecAddr + paRels[iRel].r_offset + BaseAddr, Value, SymValue));
-+ Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_X86_64_64 Value=" FMT_ELF_ADDR " SymValue=" FMT_ELF_ADDR "\n",
-+ SecAddr + paRels[iRel].r_offset + BaseAddr, paRels[iRel].r_offset, Value, SymValue));
- break;
- }
-
-@@ -366,9 +585,10 @@ static int RTLDRELF_NAME(RelocateSection
- */
- case R_X86_64_32:
- {
-+ const Elf_Addr Value = SymValue + paRels[iRel].r_addend;
- *(uint32_t *)pAddrW = (uint32_t)Value;
-- Log4((FMT_ELF_ADDR": R_X86_64_32 Value=" FMT_ELF_ADDR " SymValue=" FMT_ELF_ADDR "\n",
-- SecAddr + paRels[iRel].r_offset + BaseAddr, Value, SymValue));
-+ Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_X86_64_32 Value=" FMT_ELF_ADDR " SymValue=" FMT_ELF_ADDR "\n",
-+ SecAddr + paRels[iRel].r_offset + BaseAddr, paRels[iRel].r_offset, Value, SymValue));
- AssertMsgReturn((Elf_Addr)*(uint32_t *)pAddrW == SymValue, ("Value=" FMT_ELF_ADDR "\n", SymValue),
- VERR_SYMBOL_VALUE_TOO_BIG);
- break;
-@@ -379,9 +599,10 @@ static int RTLDRELF_NAME(RelocateSection
- */
- case R_X86_64_32S:
- {
-+ const Elf_Addr Value = SymValue + paRels[iRel].r_addend;
- *(int32_t *)pAddrW = (int32_t)Value;
-- Log4((FMT_ELF_ADDR": R_X86_64_32S Value=" FMT_ELF_ADDR " SymValue=" FMT_ELF_ADDR "\n",
-- SecAddr + paRels[iRel].r_offset + BaseAddr, Value, SymValue));
-+ Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_X86_64_32S Value=" FMT_ELF_ADDR " SymValue=" FMT_ELF_ADDR "\n",
-+ SecAddr + paRels[iRel].r_offset + BaseAddr, paRels[iRel].r_offset, Value, SymValue));
- AssertMsgReturn((Elf_Addr)*(int32_t *)pAddrW == Value, ("Value=" FMT_ELF_ADDR "\n", Value), VERR_SYMBOL_VALUE_TOO_BIG); /** @todo check the sign-extending here. */
- break;
- }
-@@ -390,18 +611,17 @@ static int RTLDRELF_NAME(RelocateSection
- * PC relative addressing.
- */
- case R_X86_64_PC32:
-- case R_X86_64_PLT32: /* binutils commit 451875b4f976a527395e9303224c7881b65e12ed feature/regression. */
- {
-- const Elf_Addr SourceAddr = SecAddr + paRels[iRel].r_offset + BaseAddr; /* Where the source really is. */
-- Value -= SourceAddr;
-+ const Elf_Addr SourceAddr = SecAddr + paRels[iRel].r_offset + BaseAddr; /* Where the source really is. */
-+ const Elf_Addr Value = SymValue + paRels[iRel].r_addend - SourceAddr;
- *(int32_t *)pAddrW = (int32_t)Value;
-- Log4((FMT_ELF_ADDR": R_X86_64_PC32 Value=" FMT_ELF_ADDR " SymValue=" FMT_ELF_ADDR "\n",
-- SourceAddr, Value, SymValue));
-+ Log4((FMT_ELF_ADDR "/" FMT_ELF_ADDR7 ": R_X86_64_PC32 Value=" FMT_ELF_ADDR " SymValue=" FMT_ELF_ADDR "\n",
-+ SourceAddr, paRels[iRel].r_offset, Value, SymValue));
- AssertMsgReturn((Elf_Addr)*(int32_t *)pAddrW == Value, ("Value=" FMT_ELF_ADDR "\n", Value), VERR_SYMBOL_VALUE_TOO_BIG); /** @todo check the sign-extending here. */
- break;
- }
--#endif
-
-+#endif
- default:
- AssertMsgFailed(("Unknown relocation type: %d (iRel=%d iRelMax=%d)\n",
- ELF_R_TYPE(paRels[iRel].r_info), iRel, iRelMax));
-@@ -442,19 +662,13 @@ static int RTLDRELF_NAME(Symbol)(PRTLDRM
- /*
- * Validate and find the symbol.
- */
-- if (iSym >= pModElf->cSyms)
-- {
-- AssertMsgFailed(("iSym=%d is an invalid symbol index!\n", iSym));
-- return VERR_LDRELF_INVALID_SYMBOL_INDEX;
-- }
-- const Elf_Sym *pSym = &pModElf->paSyms[iSym];
-+ AssertMsgReturn(iSym < pModElf->Rel.cSyms, ("iSym=%d is an invalid symbol index!\n", iSym), VERR_LDRELF_INVALID_SYMBOL_INDEX);
-+ const Elf_Sym *pSym = &pModElf->Rel.paSyms[iSym];
- *ppSym = pSym;
-
-- if (pSym->st_name >= pModElf->cbStr)
-- {
-- AssertMsgFailed(("iSym=%d st_name=%d str sh_size=%d\n", iSym, pSym->st_name, pModElf->cbStr));
-- return VERR_LDRELF_INVALID_SYMBOL_NAME_OFFSET;
-- }
-+ AssertMsgReturn(pSym->st_name < pModElf->Rel.cbStr,
-+ ("iSym=%d st_name=%d str sh_size=%d\n", iSym, pSym->st_name, pModElf->Rel.cbStr),
-+ VERR_LDRELF_INVALID_SYMBOL_NAME_OFFSET);
- const char *pszName = ELF_STR(pModElf, pSym->st_name);
-
- /*
-@@ -469,7 +683,7 @@ static int RTLDRELF_NAME(Symbol)(PRTLDRM
- * Undefined symbol, needs resolving.
- *
- * Since ELF has no generic concept of importing from specific module (the OS/2 ELF format
-- * has but that's a OS extension and only applies to programs and dlls), we'll have to ask
-+ * has but that's an OS extension and only applies to programs and dlls), we'll have to ask
- * the resolver callback to do a global search.
- */
- case SHN_UNDEF:
-@@ -477,17 +691,12 @@ static int RTLDRELF_NAME(Symbol)(PRTLDRM
- /* Try to resolve the symbol. */
- RTUINTPTR Value;
- int rc = pfnGetImport(&pModElf->Core, "", pszName, ~0U, &Value, pvUser);
-- if (RT_FAILURE(rc))
-- {
-- AssertMsgFailed(("Failed to resolve '%s' rc=%Rrc\n", pszName, rc));
-- return rc;
-- }
-+ AssertMsgRCReturn(rc, ("Failed to resolve '%s' (iSym=" FMT_ELF_SIZE " rc=%Rrc\n", pszName, iSym, rc), rc);
- *pSymValue = (Elf_Addr)Value;
-- if ((RTUINTPTR)*pSymValue != Value)
-- {
-- AssertMsgFailed(("Symbol value overflowed! '%s'\n", pszName));
-- return VERR_SYMBOL_VALUE_TOO_BIG;
-- }
-+
-+ AssertMsgReturn((RTUINTPTR)*pSymValue == Value,
-+ ("Symbol value overflowed! '%s' (iSym=" FMT_ELF_SIZE ")\n", pszName, iSym),
-+ VERR_SYMBOL_VALUE_TOO_BIG);
-
- Log2(("rtldrELF: #%-3d - UNDEF " FMT_ELF_ADDR " '%s'\n", iSym, *pSymValue, pszName));
- break;
-@@ -536,9 +745,9 @@ static int RTLDRELF_NAME(Symbol)(PRTLDRM
- * @param pvRelocs Pointer to where we read the relocations from.
- * @param cbRelocs Size of the relocations.
- */
--static int RTLDRELF_NAME(RelocateSection)(PRTLDRMODELF pModElf, Elf_Addr BaseAddr, PFNRTLDRIMPORT pfnGetImport, void *pvUser,
-- const Elf_Addr SecAddr, Elf_Size cbSec, const uint8_t *pu8SecBaseR, uint8_t *pu8SecBaseW,
-- const void *pvRelocs, Elf_Size cbRelocs)
-+static int RTLDRELF_NAME(RelocateSectionRel)(PRTLDRMODELF pModElf, Elf_Addr BaseAddr, PFNRTLDRIMPORT pfnGetImport, void *pvUser,
-+ const Elf_Addr SecAddr, Elf_Size cbSec, const uint8_t *pu8SecBaseR,
-+ uint8_t *pu8SecBaseW, const void *pvRelocs, Elf_Size cbRelocs)
- {
- #if ELF_MODE != 32
- NOREF(pu8SecBaseR);
-@@ -702,6 +911,18 @@ static DECLCALLBACK(int) RTLDRELF_NAME(C
- pModElf->paShdrs = NULL;
- }
-
-+ if (pModElf->paPhdrs)
-+ {
-+ RTMemFree(pModElf->paPhdrs);
-+ pModElf->paPhdrs = NULL;
-+ }
-+
-+ if (pModElf->paDynamic)
-+ {
-+ RTMemFree(pModElf->paDynamic);
-+ pModElf->paDynamic = NULL;
-+ }
-+
- if (pModElf->pvBits)
- {
- pModElf->Core.pReader->pfnUnmap(pModElf->Core.pReader, pModElf->pvBits);
-@@ -721,9 +942,9 @@ static DECLCALLBACK(int) RTLDRELF_NAME(D
- }
-
-
--/** @copydoc RTLDROPS::EnumSymbols */
--static DECLCALLBACK(int) RTLDRELF_NAME(EnumSymbols)(PRTLDRMODINTERNAL pMod, unsigned fFlags, const void *pvBits, RTUINTPTR BaseAddress,
-- PFNRTLDRENUMSYMS pfnCallback, void *pvUser)
-+/** @copydoc RTLDROPS::pfnEnumSymbols */
-+static DECLCALLBACK(int) RTLDRELF_NAME(EnumSymbols)(PRTLDRMODINTERNAL pMod, unsigned fFlags, const void *pvBits,
-+ RTUINTPTR BaseAddress, PFNRTLDRENUMSYMS pfnCallback, void *pvUser)
- {
- PRTLDRMODELF pModElf = (PRTLDRMODELF)pMod;
- NOREF(pvBits);
-@@ -744,8 +965,20 @@ static DECLCALLBACK(int) RTLDRELF_NAME(E
- /*
- * Enumerate the symbol table.
- */
-- const Elf_Sym *paSyms = pModElf->paSyms;
-- unsigned cSyms = pModElf->cSyms;
-+ const Elf_Sym *paSyms = pModElf->Rel.paSyms;
-+ unsigned cSyms = pModElf->Rel.cSyms;
-+ const char *pszzStr = pModElf->Rel.pStr;
-+ unsigned cbStr = pModElf->Rel.cbStr;
-+ if ( ( !(fFlags & RTLDR_ENUM_SYMBOL_FLAGS_ALL)
-+ && pModElf->Dyn.cSyms > 0)
-+ || cSyms == 0)
-+ {
-+ paSyms = pModElf->Dyn.paSyms;
-+ cSyms = pModElf->Dyn.cSyms;
-+ pszzStr = pModElf->Dyn.pStr;
-+ cbStr = pModElf->Dyn.cbStr;
-+ }
-+
- for (unsigned iSym = 1; iSym < cSyms; iSym++)
- {
- /*
-@@ -774,22 +1007,21 @@ static DECLCALLBACK(int) RTLDRELF_NAME(E
- return VERR_BAD_EXE_FORMAT;
- }
-
-- AssertMsgReturn(paSyms[iSym].st_name < pModElf->cbStr,
-+ AssertMsgReturn(paSyms[iSym].st_name < cbStr,
- ("String outside string table! iSym=%d paSyms[iSym].st_name=%#x\n", iSym, paSyms[iSym].st_name),
- VERR_LDRELF_INVALID_SYMBOL_NAME_OFFSET);
-+ const char * const pszName = pszzStr + paSyms[iSym].st_name;
-
-- const char *pszName = ELF_STR(pModElf, paSyms[iSym].st_name);
- /* String termination was already checked when the string table was mapped. */
-- if ( (pszName && *pszName)
-+ if ( *pszName != '\0'
- && ( (fFlags & RTLDR_ENUM_SYMBOL_FLAGS_ALL)
-- || ELF_ST_BIND(paSyms[iSym].st_info) == STB_GLOBAL)
-- )
-+ || ELF_ST_BIND(paSyms[iSym].st_info) == STB_GLOBAL) )
- {
- /*
- * Call back.
- */
- AssertMsgReturn(Value == (RTUINTPTR)Value, (FMT_ELF_ADDR "\n", Value), VERR_SYMBOL_VALUE_TOO_BIG);
-- rc = pfnCallback(pMod, pszName, ~0U, (RTUINTPTR)Value, pvUser);
-+ rc = pfnCallback(pMod, pszName, iSym, (RTUINTPTR)Value, pvUser);
- if (rc)
- return rc;
- }
-@@ -820,13 +1052,11 @@ static DECLCALLBACK(int) RTLDRELF_NAME(G
- switch (pModElf->Ehdr.e_type)
- {
- case ET_REL:
-+ case ET_DYN:
- break;
- case ET_EXEC:
- Log(("RTLdrELF: %s: Executable images are not supported yet!\n", pModElf->Core.pReader->pfnLogName(pModElf->Core.pReader)));
- return VERR_LDRELF_EXEC;
-- case ET_DYN:
-- Log(("RTLdrELF: %s: Dynamic images are not supported yet!\n", pModElf->Core.pReader->pfnLogName(pModElf->Core.pReader)));
-- return VERR_LDRELF_DYN;
- default: AssertFailedReturn(VERR_BAD_EXE_FORMAT);
- }
-
-@@ -885,13 +1115,11 @@ static DECLCALLBACK(int) RTLDRELF_NAME(R
- switch (pModElf->Ehdr.e_type)
- {
- case ET_REL:
-+ case ET_DYN:
- break;
- case ET_EXEC:
- Log(("RTLdrELF: %s: Executable images are not supported yet!\n", pszLogName));
- return VERR_LDRELF_EXEC;
-- case ET_DYN:
-- Log(("RTLdrELF: %s: Dynamic images are not supported yet!\n", pszLogName));
-- return VERR_LDRELF_DYN;
- default: AssertFailedReturn(VERR_BAD_EXE_FORMAT);
- }
-
-@@ -910,8 +1138,9 @@ static DECLCALLBACK(int) RTLDRELF_NAME(R
-
- /*
- * Iterate the sections looking for interesting SHT_REL[A] sections.
-- * SHT_REL[A] sections have the section index of the section they contain fixups
-- * for in the sh_info member.
-+ *
-+ * In ET_REL files the SHT_REL[A] sections have the section index of
-+ * the section they contain fixups for in the sh_info member.
- */
- const Elf_Shdr *paShdrs = pModElf->paShdrs;
- Log2(("rtLdrElf: %s: Fixing up image\n", pszLogName));
-@@ -928,36 +1157,37 @@ static DECLCALLBACK(int) RTLDRELF_NAME(R
- if (pShdrRel->sh_type != SHT_RELA)
- #endif
- continue;
-- if (pShdrRel->sh_info >= pModElf->Ehdr.e_shnum)
-- continue;
-- const Elf_Shdr *pShdr = &paShdrs[pShdrRel->sh_info]; /* the section to fixup. */
-- if (!(pShdr->sh_flags & SHF_ALLOC))
-- continue;
--
-- /*
-- * Relocate the section.
-- */
-- Log2(("rtldrELF: %s: Relocation records for #%d [%s] (sh_info=%d sh_link=%d) found in #%d [%s] (sh_info=%d sh_link=%d)\n",
-- pszLogName, (int)pShdrRel->sh_info, ELF_SH_STR(pModElf, pShdr->sh_name), (int)pShdr->sh_info, (int)pShdr->sh_link,
-- iShdr, ELF_SH_STR(pModElf, pShdrRel->sh_name), (int)pShdrRel->sh_info, (int)pShdrRel->sh_link));
--
-- /** @todo Make RelocateSection a function pointer so we can select the one corresponding to the machine when opening the image. */
- if (pModElf->Ehdr.e_type == ET_REL)
-- rc = RTLDRELF_NAME(RelocateSection)(pModElf, BaseAddr, pfnGetImport, pvUser,
-- pShdr->sh_addr,
-- pShdr->sh_size,
-- (const uint8_t *)pModElf->pvBits + pShdr->sh_offset,
-- (uint8_t *)pvBits + pShdr->sh_addr,
-- (const uint8_t *)pModElf->pvBits + pShdrRel->sh_offset,
-- pShdrRel->sh_size);
-+ {
-+ if (pShdrRel->sh_info >= pModElf->Ehdr.e_shnum)
-+ continue;
-+ const Elf_Shdr *pShdr = &paShdrs[pShdrRel->sh_info]; /* the section to fixup. */
-+ if (!(pShdr->sh_flags & SHF_ALLOC))
-+ continue;
-+
-+ /*
-+ * Relocate the section.
-+ */
-+ Log2(("rtldrELF: %s: Relocation records for #%d [%s] (sh_info=%d sh_link=%d) found in #%d [%s] (sh_info=%d sh_link=%d)\n",
-+ pszLogName, (int)pShdrRel->sh_info, ELF_SH_STR(pModElf, pShdr->sh_name), (int)pShdr->sh_info, (int)pShdr->sh_link,
-+ iShdr, ELF_SH_STR(pModElf, pShdrRel->sh_name), (int)pShdrRel->sh_info, (int)pShdrRel->sh_link));
-+
-+ rc = RTLDRELF_NAME(RelocateSectionRel)(pModElf, BaseAddr, pfnGetImport, pvUser,
-+ pShdr->sh_addr,
-+ pShdr->sh_size,
-+ (const uint8_t *)pModElf->pvBits + pShdr->sh_offset,
-+ (uint8_t *)pvBits + pShdr->sh_addr,
-+ (const uint8_t *)pModElf->pvBits + pShdrRel->sh_offset,
-+ pShdrRel->sh_size);
-+ }
- else
- rc = RTLDRELF_NAME(RelocateSectionExecDyn)(pModElf, BaseAddr, pfnGetImport, pvUser,
-- pShdr->sh_addr,
-- pShdr->sh_size,
-- (const uint8_t *)pModElf->pvBits + pShdr->sh_offset,
-- (uint8_t *)pvBits + pShdr->sh_addr,
-+ 0, (Elf_Size)pModElf->cbImage,
-+ (const uint8_t *)pModElf->pvBits /** @todo file offset ?? */,
-+ (uint8_t *)pvBits,
- (const uint8_t *)pModElf->pvBits + pShdrRel->sh_offset,
- pShdrRel->sh_size);
-+
- if (RT_FAILURE(rc))
- return rc;
- }
-@@ -1016,11 +1246,20 @@ static DECLCALLBACK(int) RTLDRELF_NAME(G
- /*
- * Calc all kinds of pointers before we start iterating the symbol table.
- */
-- const Elf_Sym *paSyms = pModElf->paSyms;
-- unsigned cSyms = pModElf->cSyms;
-+ const Elf_Sym *paSyms = pModElf->Rel.paSyms;
-+ unsigned cSyms = pModElf->Rel.cSyms;
-+ const char *pszzStr = pModElf->Rel.pStr;
-+ unsigned cbStr = pModElf->Rel.cbStr;
-+ if (pModElf->Dyn.cSyms > 0)
-+ {
-+ paSyms = pModElf->Dyn.paSyms;
-+ cSyms = pModElf->Dyn.cSyms;
-+ pszzStr = pModElf->Dyn.pStr;
-+ cbStr = pModElf->Dyn.cbStr;
-+ }
-+
- if (iOrdinal == UINT32_MAX)
- {
-- const char *pStr = pModElf->pStr;
- for (unsigned iSym = 1; iSym < cSyms; iSym++)
- {
- /* Undefined symbols are not exports, they are imports. */
-@@ -1029,18 +1268,13 @@ static DECLCALLBACK(int) RTLDRELF_NAME(G
- || ELF_ST_BIND(paSyms[iSym].st_info) == STB_WEAK))
- {
- /* Validate the name string and try match with it. */
-- if (paSyms[iSym].st_name < pModElf->cbStr)
-- {
-- if (!strcmp(pszSymbol, pStr + paSyms[iSym].st_name))
-- {
-- /* matched! */
-- return RTLDRELF_NAME(ReturnSymbol)(pModElf, &paSyms[iSym], uBaseAddr, pValue);
-- }
-- }
-- else
-+ AssertMsgReturn(paSyms[iSym].st_name < cbStr,
-+ ("String outside string table! iSym=%d paSyms[iSym].st_name=%#x\n", iSym, paSyms[iSym].st_name),
-+ VERR_LDRELF_INVALID_SYMBOL_NAME_OFFSET);
-+ if (!strcmp(pszSymbol, pszzStr + paSyms[iSym].st_name))
- {
-- AssertMsgFailed(("String outside string table! iSym=%d paSyms[iSym].st_name=%#x\n", iSym, paSyms[iSym].st_name));
-- return VERR_LDRELF_INVALID_SYMBOL_NAME_OFFSET;
-+ /* matched! */
-+ return RTLDRELF_NAME(ReturnSymbol)(pModElf, &paSyms[iSym], uBaseAddr, pValue);
- }
- }
- }
-@@ -1127,23 +1361,47 @@ static DECLCALLBACK(int) RTLDRELF_NAME(E
-
-
- /**
-- * Helper that locates the first allocated section.
-+ * Locate the next allocated section by RVA (sh_addr).
-+ *
-+ * This is a helper for EnumSegments and SegOffsetToRva.
- *
- * @returns Pointer to the section header if found, NULL if none.
-- * @param pShdr The section header to start searching at.
-- * @param cLeft The number of section headers left to search. Can be 0.
-+ * @param pModElf The module instance.
-+ * @param iShdrCur The current section header.
- */
--static const Elf_Shdr *RTLDRELF_NAME(GetFirstAllocatedSection)(const Elf_Shdr *pShdr, unsigned cLeft)
-+static const Elf_Shdr *RTLDRELF_NAME(GetNextAllocatedSection)(PRTLDRMODELF pModElf, unsigned iShdrCur)
- {
-- while (cLeft-- > 0)
-+ unsigned const cShdrs = pModElf->Ehdr.e_shnum;
-+ const Elf_Shdr * const paShdrs = pModElf->paShdrs;
-+ if (pModElf->fShdrInOrder)
-+ {
-+ for (unsigned iShdr = iShdrCur + 1; iShdr < cShdrs; iShdr++)
-+ if (paShdrs[iShdr].sh_flags & SHF_ALLOC)
-+ return &paShdrs[iShdr];
-+ }
-+ else
- {
-- if (pShdr->sh_flags & SHF_ALLOC)
-- return pShdr;
-- pShdr++;
-+ Elf_Addr const uEndCur = paShdrs[iShdrCur].sh_addr + paShdrs[iShdrCur].sh_size;
-+ Elf_Addr offBest = ~(Elf_Addr)0;
-+ unsigned iBest = cShdrs;
-+ for (unsigned iShdr = pModElf->iFirstSect; iShdr < cShdrs; iShdr++)
-+ if ((paShdrs[iShdr].sh_flags & SHF_ALLOC) && iShdr != iShdrCur)
-+ {
-+ Elf_Addr const offDelta = paShdrs[iShdr].sh_addr - uEndCur;
-+ if ( offDelta < offBest
-+ && paShdrs[iShdr].sh_addr >= uEndCur)
-+ {
-+ offBest = offDelta;
-+ iBest = iShdr;
-+ }
-+ }
-+ if (iBest < cShdrs)
-+ return &paShdrs[iBest];
- }
- return NULL;
- }
-
-+
- /** @copydoc RTLDROPS::pfnEnumSegments. */
- static DECLCALLBACK(int) RTLDRELF_NAME(EnumSegments)(PRTLDRMODINTERNAL pMod, PFNRTLDRENUMSEGS pfnCallback, void *pvUser)
- {
-@@ -1163,15 +1421,23 @@ static DECLCALLBACK(int) RTLDRELF_NAME(E
- Elf_Addr uPrevMappedRva = 0;
- const Elf_Shdr *paShdrs = pModElf->paShdrs;
- const Elf_Shdr *paOrgShdrs = pModElf->paOrgShdrs;
-- for (unsigned iShdr = 1; iShdr < pModElf->Ehdr.e_shnum; iShdr++)
-+ for (unsigned iShdr = pModElf->iFirstSect; iShdr < pModElf->Ehdr.e_shnum; iShdr++)
- {
- RTLDRSEG Seg;
-- Seg.pszName = ELF_SH_STR(pModElf, paShdrs[iShdr].sh_name);
-- Seg.cchName = (uint32_t)strlen(Seg.pszName);
-- if (Seg.cchName == 0)
-+ if (iShdr != 0)
-+ {
-+ Seg.pszName = ELF_SH_STR(pModElf, paShdrs[iShdr].sh_name);
-+ Seg.cchName = (uint32_t)strlen(Seg.pszName);
-+ if (Seg.cchName == 0)
-+ {
-+ Seg.pszName = szName;
-+ Seg.cchName = (uint32_t)RTStrPrintf(szName, sizeof(szName), "UnamedSect%02u", iShdr);
-+ }
-+ }
-+ else
- {
-- Seg.pszName = szName;
-- Seg.cchName = (uint32_t)RTStrPrintf(szName, sizeof(szName), "UnamedSect%02u", iShdr);
-+ Seg.pszName = ".elf.headers";
-+ Seg.cchName = 12;
- }
- Seg.SelFlat = 0;
- Seg.Sel16bit = 0;
-@@ -1187,14 +1453,11 @@ static DECLCALLBACK(int) RTLDRELF_NAME(E
- {
- Seg.LinkAddress = paOrgShdrs[iShdr].sh_addr;
- Seg.RVA = paShdrs[iShdr].sh_addr;
-- const Elf_Shdr *pShdr2 = RTLDRELF_NAME(GetFirstAllocatedSection)(&paShdrs[iShdr + 1],
-- pModElf->Ehdr.e_shnum - iShdr - 1);
-- if ( pShdr2
-- && pShdr2->sh_addr >= paShdrs[iShdr].sh_addr
-- && Seg.RVA >= uPrevMappedRva)
-+ const Elf_Shdr *pShdr2 = RTLDRELF_NAME(GetNextAllocatedSection)(pModElf, iShdr);
-+ if (pShdr2)
- Seg.cbMapped = pShdr2->sh_addr - paShdrs[iShdr].sh_addr;
- else
-- Seg.cbMapped = RT_MAX(paShdrs[iShdr].sh_size, paShdrs[iShdr].sh_addralign);
-+ Seg.cbMapped = pModElf->cbImage - paShdrs[iShdr].sh_addr;
- uPrevMappedRva = Seg.RVA;
- }
- else
-@@ -1230,10 +1493,11 @@ static DECLCALLBACK(int) RTLDRELF_NAME(L
- PRTLDRMODELF pModElf = (PRTLDRMODELF)pMod;
-
- const Elf_Shdr *pShdrEnd = NULL;
-- unsigned cLeft = pModElf->Ehdr.e_shnum - 1;
-- const Elf_Shdr *pShdr = &pModElf->paOrgShdrs[cLeft];
-+ unsigned cLeft = pModElf->Ehdr.e_shnum - pModElf->iFirstSect;
-+ const Elf_Shdr *pShdr = &pModElf->paOrgShdrs[pModElf->Ehdr.e_shnum];
- while (cLeft-- > 0)
- {
-+ pShdr--;
- if (pShdr->sh_flags & SHF_ALLOC)
- {
- RTLDRADDR offSeg = LinkAddress - pShdr->sh_addr;
-@@ -1246,13 +1510,12 @@ static DECLCALLBACK(int) RTLDRELF_NAME(L
- if (offSeg == pShdr->sh_size)
- pShdrEnd = pShdr;
- }
-- pShdr--;
- }
-
- if (pShdrEnd)
- {
- *poffSeg = pShdrEnd->sh_size;
-- *piSeg = pShdrEnd - pModElf->paOrgShdrs - 1;
-+ *piSeg = pShdrEnd - pModElf->paOrgShdrs - pModElf->iFirstSect;
- return VINF_SUCCESS;
- }
-
-@@ -1268,7 +1531,7 @@ static DECLCALLBACK(int) RTLDRELF_NAME(L
- RTLDRADDR offSeg;
- int rc = RTLDRELF_NAME(LinkAddressToSegOffset)(pMod, LinkAddress, &iSeg, &offSeg);
- if (RT_SUCCESS(rc))
-- *pRva = pModElf->paShdrs[iSeg + 1].sh_addr + offSeg;
-+ *pRva = pModElf->paShdrs[iSeg + pModElf->iFirstSect].sh_addr + offSeg;
- return rc;
- }
-
-@@ -1278,14 +1541,13 @@ static DECLCALLBACK(int) RTLDRELF_NAME(S
- PRTLDRADDR pRva)
- {
- PRTLDRMODELF pModElf = (PRTLDRMODELF)pMod;
-- if (iSeg >= pModElf->Ehdr.e_shnum - 1U)
-+ if (iSeg >= pModElf->Ehdr.e_shnum - pModElf->iFirstSect)
- return VERR_LDR_INVALID_SEG_OFFSET;
-
-- iSeg++; /* skip section 0 */
-+ iSeg += pModElf->iFirstSect; /* skip section 0 if not used */
- if (offSeg > pModElf->paShdrs[iSeg].sh_size)
- {
-- const Elf_Shdr *pShdr2 = RTLDRELF_NAME(GetFirstAllocatedSection)(&pModElf->paShdrs[iSeg + 1],
-- pModElf->Ehdr.e_shnum - iSeg - 1);
-+ const Elf_Shdr *pShdr2 = RTLDRELF_NAME(GetNextAllocatedSection)(pModElf, iSeg);
- if ( !pShdr2
- || offSeg > (pShdr2->sh_addr - pModElf->paShdrs[iSeg].sh_addr))
- return VERR_LDR_INVALID_SEG_OFFSET;
-@@ -1303,13 +1565,13 @@ static DECLCALLBACK(int) RTLDRELF_NAME(S
- static DECLCALLBACK(int) RTLDRELF_NAME(RvaToSegOffset)(PRTLDRMODINTERNAL pMod, RTLDRADDR Rva,
- uint32_t *piSeg, PRTLDRADDR poffSeg)
- {
-- PRTLDRMODELF pModElf = (PRTLDRMODELF)pMod;
--
-+ PRTLDRMODELF pModElf = (PRTLDRMODELF)pMod;
- Elf_Addr PrevAddr = 0;
-- unsigned cLeft = pModElf->Ehdr.e_shnum - 1;
-- const Elf_Shdr *pShdr = &pModElf->paShdrs[cLeft];
-+ unsigned cLeft = pModElf->Ehdr.e_shnum - pModElf->iFirstSect;
-+ const Elf_Shdr *pShdr = &pModElf->paShdrs[pModElf->Ehdr.e_shnum];
- while (cLeft-- > 0)
- {
-+ pShdr--;
- if (pShdr->sh_flags & SHF_ALLOC)
- {
- Elf_Addr cbSeg = PrevAddr ? PrevAddr - pShdr->sh_addr : pShdr->sh_size;
-@@ -1322,7 +1584,6 @@ static DECLCALLBACK(int) RTLDRELF_NAME(R
- }
- PrevAddr = pShdr->sh_addr;
- }
-- pShdr--;
- }
-
- return VERR_LDR_INVALID_RVA;
-@@ -1413,14 +1674,14 @@ static DECLCALLBACK(int) RTLDRELF_NAME(R
- * Apply the relocations.
- */
- if (pThis->Ehdr.e_type == ET_REL)
-- rc = RTLDRELF_NAME(RelocateSection)(pThis, pThis->LinkAddress,
-- RTLDRELF_NAME(GetImportStubCallback), NULL /*pvUser*/,
-- pThis->paShdrs[iDbgInfo].sh_addr,
-- pThis->paShdrs[iDbgInfo].sh_size,
-- (const uint8_t *)pvBuf,
-- (uint8_t *)pvBuf,
-- pbRelocs,
-- pThis->paShdrs[iRelocs].sh_size);
-+ rc = RTLDRELF_NAME(RelocateSectionRel)(pThis, pThis->LinkAddress,
-+ RTLDRELF_NAME(GetImportStubCallback), NULL /*pvUser*/,
-+ pThis->paShdrs[iDbgInfo].sh_addr,
-+ pThis->paShdrs[iDbgInfo].sh_size,
-+ (const uint8_t *)pvBuf,
-+ (uint8_t *)pvBuf,
-+ pbRelocs,
-+ pThis->paShdrs[iRelocs].sh_size);
- else
- rc = RTLDRELF_NAME(RelocateSectionExecDyn)(pThis, pThis->LinkAddress,
- RTLDRELF_NAME(GetImportStubCallback), NULL /*pvUser*/,
-@@ -1562,11 +1823,13 @@ static RTLDROPS RTLDRELF_MID(s_rtldrElf,
- *
- * @returns iprt status code.
- * @param pEhdr Pointer to the ELF header.
-- * @param pszLogName The log name.
- * @param cbRawImage The size of the raw image.
-+ * @param pszLogName The log name.
-+ * @param penmArch Where to return the architecture.
-+ * @param pErrInfo Where to return extended error info. Optional.
- */
--static int RTLDRELF_NAME(ValidateElfHeader)(const Elf_Ehdr *pEhdr, const char *pszLogName, uint64_t cbRawImage,
-- PRTLDRARCH penmArch)
-+static int RTLDRELF_NAME(ValidateElfHeader)(const Elf_Ehdr *pEhdr, uint64_t cbRawImage, const char *pszLogName,
-+ PRTLDRARCH penmArch, PRTERRINFO pErrInfo)
- {
- Log3(("RTLdrELF: e_ident: %.*Rhxs\n"
- "RTLdrELF: e_type: " FMT_ELF_HALF "\n"
-@@ -1588,48 +1851,31 @@ static int RTLDRELF_NAME(ValidateElfHead
- if ( pEhdr->e_ident[EI_MAG0] != ELFMAG0
- || pEhdr->e_ident[EI_MAG1] != ELFMAG1
- || pEhdr->e_ident[EI_MAG2] != ELFMAG2
-- || pEhdr->e_ident[EI_MAG3] != ELFMAG3
-- )
-- {
-- Log(("RTLdrELF: %s: Invalid ELF magic (%.*Rhxs)\n", pszLogName, sizeof(pEhdr->e_ident), pEhdr->e_ident)); NOREF(pszLogName);
-- return VERR_BAD_EXE_FORMAT;
-- }
-+ || pEhdr->e_ident[EI_MAG3] != ELFMAG3)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: Invalid ELF magic (%.*Rhxs)", pszLogName, sizeof(pEhdr->e_ident), pEhdr->e_ident);
- if (pEhdr->e_ident[EI_CLASS] != RTLDRELF_SUFF(ELFCLASS))
-- {
-- Log(("RTLdrELF: %s: Invalid ELF class (%.*Rhxs)\n", pszLogName, sizeof(pEhdr->e_ident), pEhdr->e_ident));
-- return VERR_BAD_EXE_FORMAT;
-- }
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: Invalid ELF class (%.*Rhxs)", pszLogName, sizeof(pEhdr->e_ident), pEhdr->e_ident);
- if (pEhdr->e_ident[EI_DATA] != ELFDATA2LSB)
-- {
-- Log(("RTLdrELF: %s: ELF endian %x is unsupported\n", pszLogName, pEhdr->e_ident[EI_DATA]));
-- return VERR_LDRELF_ODD_ENDIAN;
-- }
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_LDRELF_ODD_ENDIAN,
-+ "%s: ELF endian %x is unsupported", pszLogName, pEhdr->e_ident[EI_DATA]);
- if (pEhdr->e_version != EV_CURRENT)
-- {
-- Log(("RTLdrELF: %s: ELF version %x is unsupported\n", pszLogName, pEhdr->e_version));
-- return VERR_LDRELF_VERSION;
-- }
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_LDRELF_VERSION,
-+ "%s: ELF version %x is unsupported", pszLogName, pEhdr->e_version);
-
- if (sizeof(Elf_Ehdr) != pEhdr->e_ehsize)
-- {
-- Log(("RTLdrELF: %s: Elf header e_ehsize is %d expected %d!\n",
-- pszLogName, pEhdr->e_ehsize, sizeof(Elf_Ehdr)));
-- return VERR_BAD_EXE_FORMAT;
-- }
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: Elf header e_ehsize is %d expected %d!", pszLogName, pEhdr->e_ehsize, sizeof(Elf_Ehdr));
- if ( sizeof(Elf_Phdr) != pEhdr->e_phentsize
-- && ( pEhdr->e_phnum != 0
-- || pEhdr->e_type == ET_DYN))
-- {
-- Log(("RTLdrELF: %s: Elf header e_phentsize is %d expected %d!\n",
-- pszLogName, pEhdr->e_phentsize, sizeof(Elf_Phdr)));
-- return VERR_BAD_EXE_FORMAT;
-- }
-+ && ( pEhdr->e_phnum != 0
-+ || pEhdr->e_type == ET_DYN
-+ || pEhdr->e_type == ET_EXEC))
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: Elf header e_phentsize is %d expected %d!",
-+ pszLogName, pEhdr->e_phentsize, sizeof(Elf_Phdr));
- if (sizeof(Elf_Shdr) != pEhdr->e_shentsize)
-- {
-- Log(("RTLdrELF: %s: Elf header e_shentsize is %d expected %d!\n",
-- pszLogName, pEhdr->e_shentsize, sizeof(Elf_Shdr)));
-- return VERR_BAD_EXE_FORMAT;
-- }
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: Elf header e_shentsize is %d expected %d!",
-+ pszLogName, pEhdr->e_shentsize, sizeof(Elf_Shdr));
-
- switch (pEhdr->e_type)
- {
-@@ -1638,8 +1884,8 @@ static int RTLDRELF_NAME(ValidateElfHead
- case ET_DYN:
- break;
- default:
-- Log(("RTLdrELF: %s: image type %#x is not supported!\n", pszLogName, pEhdr->e_type));
-- return VERR_BAD_EXE_FORMAT;
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: image type %#x is not supported!",
-+ pszLogName, pEhdr->e_type);
- }
-
- switch (pEhdr->e_machine)
-@@ -1655,52 +1901,43 @@ static int RTLDRELF_NAME(ValidateElfHead
- break;
- #endif
- default:
-- Log(("RTLdrELF: %s: machine type %u is not supported!\n", pszLogName, pEhdr->e_machine));
-- return VERR_LDRELF_MACHINE;
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_LDRELF_MACHINE,
-+ "%s: machine type %u is not supported!", pszLogName, pEhdr->e_machine);
- }
-
- if ( pEhdr->e_phoff < pEhdr->e_ehsize
- && !(pEhdr->e_phoff && pEhdr->e_phnum)
- && pEhdr->e_phnum)
-- {
-- Log(("RTLdrELF: %s: The program headers overlap with the ELF header! e_phoff=" FMT_ELF_OFF "\n",
-- pszLogName, pEhdr->e_phoff));
-- return VERR_BAD_EXE_FORMAT;
-- }
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: The program headers overlap with the ELF header! e_phoff=" FMT_ELF_OFF,
-+ pszLogName, pEhdr->e_phoff);
- if ( pEhdr->e_phoff + pEhdr->e_phnum * pEhdr->e_phentsize > cbRawImage
- || pEhdr->e_phoff + pEhdr->e_phnum * pEhdr->e_phentsize < pEhdr->e_phoff)
-- {
-- Log(("RTLdrELF: %s: The program headers extends beyond the file! e_phoff=" FMT_ELF_OFF " e_phnum=" FMT_ELF_HALF "\n",
-- pszLogName, pEhdr->e_phoff, pEhdr->e_phnum));
-- return VERR_BAD_EXE_FORMAT;
-- }
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: The program headers extends beyond the file! e_phoff=" FMT_ELF_OFF " e_phnum=" FMT_ELF_HALF,
-+ pszLogName, pEhdr->e_phoff, pEhdr->e_phnum);
-
-
- if ( pEhdr->e_shoff < pEhdr->e_ehsize
- && !(pEhdr->e_shoff && pEhdr->e_shnum))
-- {
-- Log(("RTLdrELF: %s: The section headers overlap with the ELF header! e_shoff=" FMT_ELF_OFF "\n",
-- pszLogName, pEhdr->e_shoff));
-- return VERR_BAD_EXE_FORMAT;
-- }
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: The section headers overlap with the ELF header! e_shoff=" FMT_ELF_OFF,
-+ pszLogName, pEhdr->e_shoff);
- if ( pEhdr->e_shoff + pEhdr->e_shnum * pEhdr->e_shentsize > cbRawImage
- || pEhdr->e_shoff + pEhdr->e_shnum * pEhdr->e_shentsize < pEhdr->e_shoff)
-- {
-- Log(("RTLdrELF: %s: The section headers extends beyond the file! e_shoff=" FMT_ELF_OFF " e_shnum=" FMT_ELF_HALF "\n",
-- pszLogName, pEhdr->e_shoff, pEhdr->e_shnum));
-- return VERR_BAD_EXE_FORMAT;
-- }
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: The section headers extends beyond the file! e_shoff=" FMT_ELF_OFF " e_shnum=" FMT_ELF_HALF,
-+ pszLogName, pEhdr->e_shoff, pEhdr->e_shnum);
-
- if (pEhdr->e_shstrndx == 0 || pEhdr->e_shstrndx > pEhdr->e_shnum)
-- {
-- Log(("RTLdrELF: %s: The section headers string table is out of bounds! e_shstrndx=" FMT_ELF_HALF " e_shnum=" FMT_ELF_HALF "\n",
-- pszLogName, pEhdr->e_shstrndx, pEhdr->e_shnum));
-- return VERR_BAD_EXE_FORMAT;
-- }
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: The section headers string table is out of bounds! e_shstrndx=" FMT_ELF_HALF " e_shnum=" FMT_ELF_HALF,
-+ pszLogName, pEhdr->e_shstrndx, pEhdr->e_shnum);
-
- return VINF_SUCCESS;
- }
-
-+
- /**
- * Gets the section header name.
- *
-@@ -1741,10 +1978,12 @@ const char *RTLDRELF_NAME(GetSHdrName)(P
- * @param pModElf Pointer to the module structure.
- * @param iShdr The index of section header which should be validated.
- * The section headers are found in the pModElf->paShdrs array.
-- * @param pszLogName The log name.
- * @param cbRawImage The size of the raw image.
-+ * @param pszLogName The log name.
-+ * @param pErrInfo Where to return extended error info. Optional.
- */
--static int RTLDRELF_NAME(ValidateSectionHeader)(PRTLDRMODELF pModElf, unsigned iShdr, const char *pszLogName, uint64_t cbRawImage)
-+static int RTLDRELF_NAME(ValidateSectionHeader)(PRTLDRMODELF pModElf, unsigned iShdr, uint64_t cbRawImage,
-+ const char *pszLogName, PRTERRINFO pErrInfo)
- {
- const Elf_Shdr *pShdr = &pModElf->paShdrs[iShdr];
- char szSectionName[80]; NOREF(szSectionName);
-@@ -1776,37 +2015,29 @@ static int RTLDRELF_NAME(ValidateSection
- || pShdr->sh_link != SHN_UNDEF
- || pShdr->sh_addralign != 0
- || pShdr->sh_entsize != 0 )
-- {
-- Log(("RTLdrELF: %s: Bad #0 section: %.*Rhxs\n", pszLogName, sizeof(*pShdr), pShdr ));
-- return VERR_BAD_EXE_FORMAT;
-- }
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: Bad #0 section: %.*Rhxs", pszLogName, sizeof(*pShdr), pShdr);
- return VINF_SUCCESS;
- }
-
- if (pShdr->sh_name >= pModElf->cbShStr)
-- {
-- Log(("RTLdrELF: %s: Shdr #%d: sh_name (%d) is beyond the end of the section header string table (%d)!\n",
-- pszLogName, iShdr, pShdr->sh_name, pModElf->cbShStr)); NOREF(pszLogName);
-- return VERR_BAD_EXE_FORMAT;
-- }
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: Shdr #%d: sh_name (%d) is beyond the end of the section header string table (%d)!",
-+ pszLogName, iShdr, pShdr->sh_name, pModElf->cbShStr);
-
- if (pShdr->sh_link >= pModElf->Ehdr.e_shnum)
-- {
-- Log(("RTLdrELF: %s: Shdr #%d: sh_link (%d) is beyond the end of the section table (%d)!\n",
-- pszLogName, iShdr, pShdr->sh_link, pModElf->Ehdr.e_shnum)); NOREF(pszLogName);
-- return VERR_BAD_EXE_FORMAT;
-- }
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: Shdr #%d: sh_link (%d) is beyond the end of the section table (%d)!",
-+ pszLogName, iShdr, pShdr->sh_link, pModElf->Ehdr.e_shnum);
-
- switch (pShdr->sh_type)
- {
- /** @todo find specs and check up which sh_info fields indicates section table entries */
- case 12301230:
- if (pShdr->sh_info >= pModElf->Ehdr.e_shnum)
-- {
-- Log(("RTLdrELF: %s: Shdr #%d: sh_info (%d) is beyond the end of the section table (%d)!\n",
-- pszLogName, iShdr, pShdr->sh_link, pModElf->Ehdr.e_shnum));
-- return VERR_BAD_EXE_FORMAT;
-- }
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: Shdr #%d: sh_info (%d) is beyond the end of the section table (%d)!",
-+ pszLogName, iShdr, pShdr->sh_link, pModElf->Ehdr.e_shnum);
- break;
-
- case SHT_NULL:
-@@ -1840,18 +2071,740 @@ static int RTLDRELF_NAME(ValidateSection
- uint64_t offEnd = pShdr->sh_offset + pShdr->sh_size;
- if ( offEnd > cbRawImage
- || offEnd < (uint64_t)pShdr->sh_offset)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: Shdr #%d: sh_offset (" FMT_ELF_OFF ") + sh_size (" FMT_ELF_XWORD " = %RX64) is beyond the end of the file (%RX64)!",
-+ pszLogName, iShdr, pShdr->sh_offset, pShdr->sh_size, offEnd, cbRawImage);
-+ if (pShdr->sh_offset < sizeof(Elf_Ehdr))
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: Shdr #%d: sh_offset (" FMT_ELF_OFF ") + sh_size (" FMT_ELF_XWORD ") is starting in the ELF header!",
-+ pszLogName, iShdr, pShdr->sh_offset, pShdr->sh_size);
-+ }
-+
-+ return VINF_SUCCESS;
-+}
-+
-+
-+/**
-+ * Process the section headers.
-+ *
-+ * @returns iprt status code.
-+ * @param pModElf Pointer to the module structure.
-+ * @param paShdrs The section headers.
-+ * @param cbRawImage The size of the raw image.
-+ * @param pszLogName The log name.
-+ * @param pErrInfo Where to return extended error info. Optional.
-+ */
-+static int RTLDRELF_NAME(ValidateAndProcessSectionHeaders)(PRTLDRMODELF pModElf, Elf_Shdr *paShdrs, uint64_t cbRawImage,
-+ const char *pszLogName, PRTERRINFO pErrInfo)
-+{
-+ Elf_Addr uNextAddr = 0;
-+ for (unsigned i = 0; i < pModElf->Ehdr.e_shnum; i++)
-+ {
-+ int rc = RTLDRELF_NAME(ValidateSectionHeader)(pModElf, i, cbRawImage, pszLogName, pErrInfo);
-+ if (RT_FAILURE(rc))
-+ return rc;
-+
-+ /*
-+ * We're looking for symbol tables.
-+ */
-+ if (paShdrs[i].sh_type == SHT_SYMTAB)
- {
-- Log(("RTLdrELF: %s: Shdr #%d: sh_offset (" FMT_ELF_OFF ") + sh_size (" FMT_ELF_XWORD " = %RX64) is beyond the end of the file (%RX64)!\n",
-- pszLogName, iShdr, pShdr->sh_offset, pShdr->sh_size, offEnd, cbRawImage));
-- return VERR_BAD_EXE_FORMAT;
-+ if (pModElf->Rel.iSymSh != ~0U)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_LDRELF_MULTIPLE_SYMTABS,
-+ "%s: Multiple symbol tabs! iSymSh=%d i=%d", pszLogName, pModElf->Rel.iSymSh, i);
-+ pModElf->Rel.iSymSh = i;
-+ pModElf->Rel.cSyms = (unsigned)(paShdrs[i].sh_size / sizeof(Elf_Sym));
-+ AssertBreakStmt(pModElf->Rel.cSyms == paShdrs[i].sh_size / sizeof(Elf_Sym), rc = VERR_IMAGE_TOO_BIG);
-+ pModElf->Rel.iStrSh = paShdrs[i].sh_link;
-+ pModElf->Rel.cbStr = (unsigned)paShdrs[pModElf->Rel.iStrSh].sh_size;
-+ AssertBreakStmt(pModElf->Rel.cbStr == paShdrs[pModElf->Rel.iStrSh].sh_size, rc = VERR_IMAGE_TOO_BIG);
-+ }
-+ else if (paShdrs[i].sh_type == SHT_DYNSYM)
-+ {
-+ if (pModElf->Dyn.iSymSh != ~0U)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_LDRELF_MULTIPLE_SYMTABS,
-+ "%s: Multiple dynamic symbol tabs! iSymSh=%d i=%d", pszLogName, pModElf->Dyn.iSymSh, i);
-+ if (pModElf->Ehdr.e_type != ET_DYN && pModElf->Ehdr.e_type != ET_EXEC)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: Unexpected SHT_DYNSYM (i=%d) for e_type=%d", pszLogName, i, pModElf->Ehdr.e_type);
-+ pModElf->Dyn.iSymSh = i;
-+ pModElf->Dyn.cSyms = (unsigned)(paShdrs[i].sh_size / sizeof(Elf_Sym));
-+ AssertBreakStmt(pModElf->Dyn.cSyms == paShdrs[i].sh_size / sizeof(Elf_Sym), rc = VERR_IMAGE_TOO_BIG);
-+ pModElf->Dyn.iStrSh = paShdrs[i].sh_link;
-+ pModElf->Dyn.cbStr = (unsigned)paShdrs[pModElf->Dyn.iStrSh].sh_size;
-+ AssertBreakStmt(pModElf->Dyn.cbStr == paShdrs[pModElf->Dyn.iStrSh].sh_size, rc = VERR_IMAGE_TOO_BIG);
- }
-- if (pShdr->sh_offset < sizeof(Elf_Ehdr))
-+ /*
-+ * We're also look for the dynamic section.
-+ */
-+ else if (paShdrs[i].sh_type == SHT_DYNAMIC)
-+ {
-+ if (pModElf->iShDynamic != ~0U)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: Multiple dynamic sections! iShDynamic=%d i=%d",
-+ pszLogName, pModElf->iShDynamic, i);
-+ if (pModElf->Ehdr.e_type != ET_DYN && pModElf->Ehdr.e_type != ET_EXEC)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: Unexpected SHT_DYNAMIC (i=%d) for e_type=%d", pszLogName, i, pModElf->Ehdr.e_type);
-+ if (paShdrs[i].sh_entsize != sizeof(Elf_Dyn))
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: SHT_DYNAMIC (i=%d) sh_entsize=" FMT_ELF_XWORD ", expected %#zx",
-+ pszLogName, i, paShdrs[i].sh_entsize, sizeof(Elf_Dyn));
-+ pModElf->iShDynamic = i;
-+ Elf_Xword const cDynamic = paShdrs[i].sh_size / sizeof(Elf_Dyn);
-+ if (cDynamic > _64K || cDynamic < 2)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: SHT_DYNAMIC (i=%d) sh_size=" FMT_ELF_XWORD " is out of range (2..64K)",
-+ pszLogName, i, paShdrs[i].sh_size);
-+ pModElf->cDynamic = (unsigned)cDynamic;
-+ }
-+
-+ /*
-+ * Special checks for the section string table.
-+ */
-+ if (i == pModElf->Ehdr.e_shstrndx)
- {
-- Log(("RTLdrELF: %s: Shdr #%d: sh_offset (" FMT_ELF_OFF ") + sh_size (" FMT_ELF_XWORD ") is starting in the ELF header!\n",
-- pszLogName, iShdr, pShdr->sh_offset, pShdr->sh_size));
-- return VERR_BAD_EXE_FORMAT;
-+ if (paShdrs[i].sh_type != SHT_STRTAB)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: Section header string table is not a SHT_STRTAB: %#x",
-+ pszLogName, paShdrs[i].sh_type);
-+ if (paShdrs[i].sh_size == 0)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: Section header string table is empty", pszLogName);
- }
-+
-+ /*
-+ * Kluge for the .data..percpu segment in 64-bit linux kernels.
-+ */
-+ if (paShdrs[i].sh_flags & SHF_ALLOC)
-+ {
-+ if ( paShdrs[i].sh_addr == 0
-+ && paShdrs[i].sh_addr < uNextAddr)
-+ {
-+ Elf_Addr uAddr = RT_ALIGN_T(uNextAddr, paShdrs[i].sh_addralign, Elf_Addr);
-+ Log(("RTLdrElf: Out of order section #%d; adjusting sh_addr from " FMT_ELF_ADDR " to " FMT_ELF_ADDR "\n",
-+ i, paShdrs[i].sh_addr, uAddr));
-+ paShdrs[i].sh_addr = uAddr;
-+ }
-+ uNextAddr = paShdrs[i].sh_addr + paShdrs[i].sh_size;
-+ }
-+ } /* for each section header */
-+
-+ return VINF_SUCCESS;
-+}
-+
-+
-+/**
-+ * Process the section headers.
-+ *
-+ * @returns iprt status code.
-+ * @param pModElf Pointer to the module structure.
-+ * @param paShdrs The section headers.
-+ * @param cbRawImage The size of the raw image.
-+ * @param pszLogName The log name.
-+ * @param pErrInfo Where to return extended error info. Optional.
-+ */
-+static int RTLDRELF_NAME(ValidateAndProcessDynamicInfo)(PRTLDRMODELF pModElf, uint64_t cbRawImage, uint32_t fFlags,
-+ const char *pszLogName, PRTERRINFO pErrInfo)
-+{
-+ /*
-+ * Check preconditions.
-+ */
-+ AssertReturn(pModElf->Ehdr.e_type == ET_DYN || pModElf->Ehdr.e_type == ET_EXEC, VERR_INTERNAL_ERROR_2);
-+ if (pModElf->Ehdr.e_phnum <= 1 || pModElf->Ehdr.e_phnum >= _32K)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: e_phnum=%u is out of bounds (2..32K)", pszLogName, pModElf->Ehdr.e_phnum);
-+ if (pModElf->iShDynamic == ~0U)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: no .dynamic section", pszLogName);
-+ AssertReturn(pModElf->cDynamic > 1 && pModElf->cDynamic <= _64K, VERR_INTERNAL_ERROR_3);
-+
-+ /* ASSUME that the sections are ordered by address. That simplifies
-+ validation code further down. */
-+ AssertReturn(pModElf->Ehdr.e_shnum >= 2, VERR_INTERNAL_ERROR_4);
-+ Elf_Shdr const *paShdrs = pModElf->paShdrs;
-+ Elf_Addr uPrevEnd = paShdrs[1].sh_addr + paShdrs[1].sh_size;
-+ for (unsigned i = 2; i < pModElf->Ehdr.e_shnum; i++)
-+ if (paShdrs[i].sh_flags & SHF_ALLOC)
-+ {
-+ if (uPrevEnd > paShdrs[i].sh_addr)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: section %u is out of order: uPrevEnd=" FMT_ELF_ADDR " sh_addr=" FMT_ELF_ADDR,
-+ pszLogName, i, uPrevEnd, paShdrs[i].sh_addr);
-+ uPrevEnd = paShdrs[i].sh_addr + paShdrs[i].sh_size;
-+ }
-+
-+ /* Must have string and symbol tables. */
-+ if (pModElf->Dyn.iStrSh == ~0U)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: No dynamic string table section", pszLogName);
-+ if (pModElf->Dyn.iSymSh == ~0U)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: No dynamic symbol table section", pszLogName);
-+
-+ /*
-+ * Load the program headers.
-+ */
-+ size_t const cbPhdrs = sizeof(pModElf->paPhdrs[0]) * pModElf->Ehdr.e_phnum;
-+ Elf_Phdr *paPhdrs = (Elf_Phdr *)RTMemAllocZ(cbPhdrs);
-+ pModElf->paPhdrs = paPhdrs;
-+ AssertReturn(paPhdrs, VERR_NO_MEMORY);
-+
-+ int rc = pModElf->Core.pReader->pfnRead(pModElf->Core.pReader, paPhdrs, cbPhdrs, pModElf->Ehdr.e_phoff);
-+ if (RT_FAILURE(rc))
-+ return RTERRINFO_LOG_SET_F(pErrInfo, rc, "%s: pfnRead(,,%#zx, " FMT_ELF_OFF ") -> %Rrc",
-+ pszLogName, cbPhdrs, pModElf->Ehdr.e_phoff, rc);
-+
-+ /*
-+ * Validate them.
-+ */
-+ unsigned cbPage = _4K; /** @todo generalize architecture specific stuff using its own code template header. */
-+ switch (pModElf->Core.enmArch)
-+ {
-+ case RTLDRARCH_AMD64:
-+ case RTLDRARCH_X86_32:
-+ break;
-+ default:
-+ AssertFailedBreak(/** @todo page size for got.plt hacks */);
- }
-+ unsigned iLoad = 0;
-+ unsigned iLoadShdr = 1; /* ASSUMES ordered (checked above). */
-+ unsigned cDynamic = 0;
-+ Elf_Addr cbImage = 0;
-+ Elf_Addr uLinkAddress = ~(Elf_Addr)0;
-+ for (unsigned i = 0; i < pModElf->Ehdr.e_phnum; i++)
-+ {
-+ const Elf_Phdr * const pPhdr = &paPhdrs[i];
-+ Log3(("RTLdrELF: Program Header #%d:\n"
-+ "RTLdrELF: p_type: " FMT_ELF_WORD " (%s)\n"
-+ "RTLdrELF: p_flags: " FMT_ELF_WORD "\n"
-+ "RTLdrELF: p_offset: " FMT_ELF_OFF "\n"
-+ "RTLdrELF: p_vaddr: " FMT_ELF_ADDR "\n"
-+ "RTLdrELF: p_paddr: " FMT_ELF_ADDR "\n"
-+ "RTLdrELF: p_filesz: " FMT_ELF_XWORD "\n"
-+ "RTLdrELF: p_memsz: " FMT_ELF_XWORD "\n"
-+ "RTLdrELF: p_align: " FMT_ELF_XWORD "\n",
-+ i,
-+ pPhdr->p_type, rtldrElfGetPhdrType(pPhdr->p_type), pPhdr->p_flags, pPhdr->p_offset,
-+ pPhdr->p_vaddr, pPhdr->p_paddr, pPhdr->p_filesz, pPhdr->p_memsz, pPhdr->p_align));
-+
-+ if (pPhdr->p_type == DT_NULL)
-+ continue;
-+
-+ if ( pPhdr->p_filesz != 0
-+ && ( pPhdr->p_offset >= cbRawImage
-+ || pPhdr->p_filesz > cbRawImage
-+ || pPhdr->p_offset + pPhdr->p_filesz > cbRawImage))
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: Prog Hdr #%u: bogus p_offset=" FMT_ELF_OFF " & p_filesz=" FMT_ELF_XWORD " (file size %#RX64)",
-+ pszLogName, i, pPhdr->p_offset, pPhdr->p_filesz, cbRawImage);
-+
-+ if (pPhdr->p_flags & ~(Elf64_Word)(PF_X | PF_R | PF_W))
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: Prog Hdr #%u: bogus p_flags=" FMT_ELF_WORD,
-+ pszLogName, i, pPhdr->p_flags);
-+
-+ if (!RT_IS_POWER_OF_TWO(pPhdr->p_align))
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: Prog Hdr #%u: bogus p_align=" FMT_ELF_XWORD,
-+ pszLogName, i, pPhdr->p_align);
-+
-+ if ( pPhdr->p_align > 1
-+ && pPhdr->p_memsz > 0
-+ && pPhdr->p_filesz > 0
-+ && (pPhdr->p_offset & (pPhdr->p_align - 1)) != (pPhdr->p_vaddr & (pPhdr->p_align - 1)))
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: Prog Hdr #%u: misaligned p_offset=" FMT_ELF_OFF " p_vaddr=" FMT_ELF_ADDR " p_align=" FMT_ELF_XWORD,
-+ pszLogName, i, pPhdr->p_offset, pPhdr->p_vaddr, pPhdr->p_align);
-+
-+ /* Do some type specfic checks: */
-+ switch (pPhdr->p_type)
-+ {
-+ case PT_LOAD:
-+ {
-+ if (pPhdr->p_memsz < pPhdr->p_filesz)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: Prog Hdr #%u/LOAD#%u: bogus p_memsz=" FMT_ELF_XWORD " or p_filesz=" FMT_ELF_XWORD,
-+ pszLogName, i, iLoad, pPhdr->p_memsz, pPhdr->p_filesz);
-+ cbImage = pPhdr->p_vaddr + pPhdr->p_memsz;
-+ if (iLoad == 0)
-+ uLinkAddress = pPhdr->p_vaddr;
-+
-+ /* Find the corresponding sections, checking their addresses and
-+ file offsets since the rest of the code is still section based
-+ rather than using program headers as it should... */
-+ Elf_Off off = pPhdr->p_offset;
-+ Elf_Addr uAddr = pPhdr->p_vaddr;
-+ Elf_Xword cbMem = pPhdr->p_memsz;
-+ Elf_Xword cbFile = pPhdr->p_filesz;
-+ while (cbMem > 0)
-+ {
-+ if (iLoadShdr < pModElf->Ehdr.e_shnum)
-+ { /* likely */ }
-+ else if (iLoadShdr == pModElf->Ehdr.e_shnum)
-+ {
-+ /** @todo anything else to check here? */
-+ iLoadShdr++;
-+ break;
-+ }
-+ else
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: Prog Hdr #%u/LOAD#%u: Out of sections at " FMT_ELF_ADDR " LB " FMT_ELF_XWORD,
-+ pszLogName, i, iLoad, uAddr, cbMem);
-+ if (!(paShdrs[iLoadShdr].sh_flags & SHF_ALLOC))
-+ {
-+ if ( paShdrs[iLoadShdr].sh_type != SHT_NOBITS
-+ && paShdrs[iLoadShdr].sh_size > 0
-+ && off < paShdrs[iLoadShdr].sh_offset + paShdrs[iLoadShdr].sh_size
-+ && paShdrs[iLoadShdr].sh_offset < off + cbMem)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: Prog Hdr #%u/LOAD#%u: Overlaps with !SHF_ALLOC section at " FMT_ELF_OFF " LB " FMT_ELF_XWORD,
-+ pszLogName, i, iLoad, paShdrs[iLoadShdr].sh_offset, paShdrs[iLoadShdr].sh_size);
-+ pModElf->paShdrExtras[iLoadShdr].idxPhdr = UINT16_MAX;
-+ iLoadShdr++;
-+ continue;
-+ }
-+
-+ if (uAddr != paShdrs[iLoadShdr].sh_addr)
-+ {
-+ /* Before the first section we expect headers to be loaded, so
-+ that the file is simply mapped from file offset zero. */
-+ if ( iLoadShdr == 1
-+ && iLoad == 0
-+ && paShdrs[1].sh_addr == paShdrs[1].sh_offset
-+ && cbFile >= paShdrs[1].sh_offset
-+ && cbMem >= paShdrs[1].sh_offset)
-+ {
-+ /* Modify paShdrs[0] to describe the gap. ".elf.headers" */
-+ pModElf->iFirstSect = 0;
-+ pModElf->paShdrs[0].sh_name = 0;
-+ pModElf->paShdrs[0].sh_type = SHT_PROGBITS;
-+ pModElf->paShdrs[0].sh_flags = SHF_ALLOC
-+ | (pPhdr->p_flags & PF_W ? SHF_WRITE : 0)
-+ | (pPhdr->p_flags & PF_X ? SHF_EXECINSTR : 0);
-+ pModElf->paShdrs[0].sh_addr = uAddr;
-+ pModElf->paShdrs[0].sh_offset = off;
-+ pModElf->paShdrs[0].sh_size = paShdrs[1].sh_offset;
-+ pModElf->paShdrs[0].sh_link = 0;
-+ pModElf->paShdrs[0].sh_info = 0;
-+ pModElf->paShdrs[0].sh_addralign = pPhdr->p_align;
-+ pModElf->paShdrs[0].sh_entsize = 0;
-+ *(Elf_Shdr *)pModElf->paOrgShdrs = pModElf->paShdrs[0]; /* (necessary for segment enumeration) */
-+
-+ uAddr += paShdrs[1].sh_offset;
-+ cbMem -= paShdrs[1].sh_offset;
-+ cbFile -= paShdrs[1].sh_offset;
-+ off = paShdrs[1].sh_offset;
-+ }
-+ /* Alignment padding? Allow up to a page size. */
-+ else if ( paShdrs[iLoadShdr].sh_addr > uAddr
-+ && paShdrs[iLoadShdr].sh_addr - uAddr
-+ < RT_MAX(paShdrs[iLoadShdr].sh_addralign, cbPage /*got.plt hack*/))
-+ {
-+ Elf_Xword cbAlignPadding = paShdrs[iLoadShdr].sh_addr - uAddr;
-+ if (cbAlignPadding >= cbMem)
-+ break;
-+ cbMem -= cbAlignPadding;
-+ uAddr += cbAlignPadding;
-+ if (cbFile > cbAlignPadding)
-+ {
-+ off += cbAlignPadding;
-+ cbFile -= cbAlignPadding;
-+ }
-+ else
-+ {
-+ off += cbFile;
-+ cbFile = 0;
-+ }
-+ }
-+ }
-+
-+ if ( uAddr == paShdrs[iLoadShdr].sh_addr
-+ && cbMem >= paShdrs[iLoadShdr].sh_size
-+ && ( paShdrs[iLoadShdr].sh_type != SHT_NOBITS
-+ ? off == paShdrs[iLoadShdr].sh_offset
-+ && cbFile >= paShdrs[iLoadShdr].sh_size /* this might be too strict... */
-+ : cbFile == 0) )
-+ {
-+ if (paShdrs[iLoadShdr].sh_type != SHT_NOBITS)
-+ {
-+ off += paShdrs[iLoadShdr].sh_size;
-+ cbFile -= paShdrs[iLoadShdr].sh_size;
-+ }
-+ uAddr += paShdrs[iLoadShdr].sh_size;
-+ cbMem -= paShdrs[iLoadShdr].sh_size;
-+ }
-+ else
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: Prog Hdr #%u/LOAD#%u: Mismatch at " FMT_ELF_ADDR " LB " FMT_ELF_XWORD " (file " FMT_ELF_OFF " LB " FMT_ELF_XWORD ") with section #%u " FMT_ELF_ADDR " LB " FMT_ELF_XWORD " (file " FMT_ELF_OFF " sh_type=" FMT_ELF_WORD ")",
-+ pszLogName, i, iLoad, uAddr, cbMem, off, cbFile,
-+ iLoadShdr, paShdrs[iLoadShdr].sh_addr, paShdrs[iLoadShdr].sh_size,
-+ paShdrs[iLoadShdr].sh_offset, paShdrs[iLoadShdr].sh_type);
-+
-+ pModElf->paShdrExtras[iLoadShdr].idxPhdr = iLoad;
-+ iLoadShdr++;
-+ } /* section loop */
-+
-+ iLoad++;
-+ break;
-+ }
-+
-+ case PT_DYNAMIC:
-+ {
-+ const Elf_Shdr *pShdr = &pModElf->paShdrs[pModElf->iShDynamic];
-+ if (pPhdr->p_offset != pShdr->sh_offset)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: Prog Hdr #%u/DYNAMIC: p_offset=" FMT_ELF_OFF " expected " FMT_ELF_OFF,
-+ pszLogName, i, pPhdr->p_offset, pShdr->sh_offset);
-+ if (RT_MAX(pPhdr->p_memsz, pPhdr->p_filesz) != pShdr->sh_size)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: Prog Hdr #%u/DYNAMIC: expected " FMT_ELF_XWORD " for RT_MAX(p_memsz=" FMT_ELF_XWORD ", p_filesz=" FMT_ELF_XWORD ")",
-+ pszLogName, i, pShdr->sh_size, pPhdr->p_memsz, pPhdr->p_filesz);
-+ cDynamic++;
-+ break;
-+ }
-+ }
-+ }
-+
-+ if (iLoad == 0)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, rc, "%s: No PT_LOAD program headers", pszLogName);
-+ if (cDynamic != 1)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, rc, "%s: No program header for the DYNAMIC section", pszLogName);
-+
-+ cbImage -= uLinkAddress;
-+ pModElf->cbImage = (uint64_t)cbImage;
-+ pModElf->LinkAddress = uLinkAddress;
-+ AssertReturn(pModElf->cbImage == cbImage, VERR_INTERNAL_ERROR_5);
-+ Log3(("RTLdrELF: LinkAddress=" FMT_ELF_ADDR " cbImage=" FMT_ELF_ADDR " (from PT_LOAD)\n", uLinkAddress, cbImage));
-+
-+ for (; iLoadShdr < pModElf->Ehdr.e_shnum; iLoadShdr++)
-+ if ( !(paShdrs[iLoadShdr].sh_flags & SHF_ALLOC)
-+ || paShdrs[iLoadShdr].sh_size == 0)
-+ pModElf->paShdrExtras[iLoadShdr].idxPhdr = UINT16_MAX;
-+ else
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: No PT_LOAD for section #%u " FMT_ELF_ADDR " LB " FMT_ELF_XWORD " (file " FMT_ELF_OFF " sh_type=" FMT_ELF_WORD ")",
-+ pszLogName, iLoadShdr, paShdrs[iLoadShdr].sh_addr, paShdrs[iLoadShdr].sh_size,
-+ paShdrs[iLoadShdr].sh_offset, paShdrs[iLoadShdr].sh_type);
-+
-+ /*
-+ * Load and validate the dynamic table. We have got / will get most of the
-+ * info we need from the section table, so we must make sure this matches up.
-+ */
-+ Log3(("RTLdrELF: Dynamic section - %u entries\n", pModElf->cDynamic));
-+ size_t const cbDynamic = pModElf->cDynamic * sizeof(pModElf->paDynamic[0]);
-+ Elf_Dyn * const paDynamic = (Elf_Dyn *)RTMemAlloc(cbDynamic);
-+ AssertReturn(paDynamic, VERR_NO_MEMORY);
-+ pModElf->paDynamic = paDynamic;
-+
-+ rc = pModElf->Core.pReader->pfnRead(pModElf->Core.pReader, paDynamic, cbDynamic, paShdrs[pModElf->iShDynamic].sh_offset);
-+ if (RT_FAILURE(rc))
-+ return RTERRINFO_LOG_SET_F(pErrInfo, rc, "%s: pfnRead(,,%#zx, " FMT_ELF_OFF ") -> %Rrc",
-+ pszLogName, cbDynamic, paShdrs[pModElf->iShDynamic].sh_offset, rc);
-+
-+ for (uint32_t i = 0; i < pModElf->cDynamic; i++)
-+ {
-+#define LOG_VALIDATE_PTR_RET(szName) do { \
-+ Log3(("RTLdrELF: DT[%u]: %16s " FMT_ELF_ADDR "\n", i, szName, paDynamic[i].d_un.d_ptr)); \
-+ if ((uint64_t)paDynamic[i].d_un.d_ptr - uLinkAddress < cbImage) { /* likely */ } \
-+ else return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT[%u]/" szName ": Invalid address " FMT_ELF_ADDR " (valid range: " FMT_ELF_ADDR " LB " FMT_ELF_ADDR ")", \
-+ pszLogName, i, paDynamic[i].d_un.d_ptr, uLinkAddress, cbImage); \
-+ } while (0)
-+#define LOG_VALIDATE_PTR_VAL_RET(szName, uExpected) do { \
-+ Log3(("RTLdrELF: DT[%u]: %16s " FMT_ELF_ADDR "\n", i, szName, (uint64_t)paDynamic[i].d_un.d_ptr)); \
-+ if (paDynamic[i].d_un.d_ptr == (Elf_Addr)(uExpected)) { /* likely */ } \
-+ else return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT[%u]/" szName ": " FMT_ELF_ADDR ", expected " FMT_ELF_ADDR, \
-+ pszLogName, i, paDynamic[i].d_un.d_ptr, (Elf_Addr)(uExpected)); \
-+ } while (0)
-+#define LOG_VALIDATE_STR_RET(szName) do { \
-+ Log3(("RTLdrELF: DT[%u]: %16s %#RX64\n", i, szName, (uint64_t)paDynamic[i].d_un.d_val)); \
-+ if ((uint64_t)paDynamic[i].d_un.d_val < pModElf->Dyn.cbStr) { /* likely */ } \
-+ else return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT[%u]/" szName ": Invalid string table offset %#RX64 (max %#x)", \
-+ pszLogName, i, (uint64_t)paDynamic[i].d_un.d_val, pModElf->Dyn.cbStr); \
-+ } while (0)
-+#define LOG_VALIDATE_VAL_RET(szName, uExpected) do { \
-+ Log3(("RTLdrELF: DT[%u]: %16s %#RX64\n", i, szName, (uint64_t)paDynamic[i].d_un.d_val)); \
-+ if ((uint64_t)paDynamic[i].d_un.d_val == (uint64_t)(uExpected)) { /* likely */ } \
-+ else return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT[%u]/" szName ": %#RX64, expected %#RX64", \
-+ pszLogName, i, (uint64_t)paDynamic[i].d_un.d_val, (uint64_t)(uExpected)); \
-+ } while (0)
-+#define SET_RELOC_TYPE_RET(a_szName, a_uType) do { \
-+ if (pModElf->DynInfo.uRelocType == 0 || pModElf->DynInfo.uRelocType == (a_uType)) \
-+ pModElf->DynInfo.uRelocType = (a_uType); \
-+ else return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT[%u]/" a_szName ": Mixing DT_RELA and DT_REL", pszLogName, i); \
-+ } while (0)
-+#define SET_INFO_FIELD_RET(a_szName, a_Field, a_Value, a_UnsetValue, a_szFmt) do { \
-+ if ((a_Field) == (a_UnsetValue) && (a_Value) != (a_UnsetValue)) \
-+ (a_Field) = (a_Value); /* likely */ \
-+ else if ((a_Field) != (a_UnsetValue)) \
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT[%u]/" a_szName ": Multiple entries (first value " a_szFmt ", second " a_szFmt ")", pszLogName, i, (a_Field), (a_Value)); \
-+ else if ((a_Value) != (a_UnsetValue)) \
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT[%u]/" a_szName ": Unexpected value " a_szFmt, pszLogName, i, (a_Value)); \
-+ } while (0)
-+#define FIND_MATCHING_SECTION_RET(a_szName, a_ExtraMatchExpr, a_idxShFieldToSet) do { \
-+ unsigned iSh; \
-+ for (iSh = 1; iSh < pModElf->Ehdr.e_shnum; iSh++) \
-+ if ( paShdrs[iSh].sh_addr == paDynamic[i].d_un.d_ptr \
-+ && (a_ExtraMatchExpr)) \
-+ { \
-+ (a_idxShFieldToSet) = iSh; \
-+ if (pModElf->paShdrExtras[iSh].idxDt != UINT16_MAX) \
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, \
-+ "%s: DT[%u]/" a_szName ": section #%u (" FMT_ELF_ADDR ") already referenced by DT[%u]", \
-+ pszLogName, i, iSh, paShdrs[iSh].sh_addr, pModElf->paShdrExtras[iSh].idxDt); \
-+ pModElf->paShdrExtras[iSh].idxDt = i; \
-+ pModElf->paShdrExtras[iSh].uDtTag = (uint32_t)paDynamic[i].d_tag; \
-+ break; \
-+ } \
-+ if (iSh < pModElf->Ehdr.e_shnum) { /* likely */ } \
-+ else return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT[%u]/" a_szName ": No matching section for " FMT_ELF_ADDR, pszLogName, i, paDynamic[i].d_un.d_ptr); \
-+ } while (0)
-+#define ONLY_FOR_DEBUG_OR_VALIDATION_RET(a_szName) do { \
-+ if (fFlags & (RTLDR_O_FOR_DEBUG | RTLDR_O_FOR_VALIDATION)) { /* likely */ } \
-+ else return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT[%u]/" a_szName ": Not supported (" FMT_ELF_ADDR ")", pszLogName, i, paDynamic[i].d_un.d_ptr); \
-+ } while (0)
-+#define LOG_NON_VALUE_ENTRY(a_szName) Log3(("RTLdrELF: DT[%u]: %16s (%#RX64)\n", i, a_szName, (uint64_t)paDynamic[i].d_un.d_val))
-+
-+ switch (paDynamic[i].d_tag)
-+ {
-+ case DT_NULL:
-+ LOG_NON_VALUE_ENTRY("DT_NULL");
-+ for (unsigned iNull = i + 1; iNull < pModElf->cDynamic; iNull++)
-+ if (paDynamic[i].d_tag == DT_NULL) /* Not technically a bug, but let's try being extremely strict for now */
-+ LOG_NON_VALUE_ENTRY("DT_NULL");
-+ else if (!(fFlags & (RTLDR_O_FOR_DEBUG | RTLDR_O_FOR_VALIDATION)))
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: DT[%u]/DT_NULL: Dynamic section isn't zero padded (extra #%u of #%u)",
-+ pszLogName, i, iNull - i, pModElf->cDynamic - i);
-+ i = pModElf->cDynamic;
-+ break;
-+ case DT_NEEDED:
-+ LOG_VALIDATE_STR_RET("DT_NEEDED");
-+ break;
-+ case DT_PLTRELSZ:
-+ Log3(("RTLdrELF: DT[%u]: %16s %#RX64 bytes\n", i, "DT_PLTRELSZ", (uint64_t)paDynamic[i].d_un.d_val));
-+ SET_INFO_FIELD_RET("DT_PLTRELSZ", pModElf->DynInfo.cbJmpRelocs, (Elf_Xword)paDynamic[i].d_un.d_val, 0, FMT_ELF_XWORD);
-+ break;
-+ case DT_PLTGOT:
-+ LOG_VALIDATE_PTR_RET("DT_PLTGOT");
-+ break;
-+ case DT_HASH:
-+ LOG_VALIDATE_PTR_RET("DT_HASH");
-+ break;
-+ case DT_STRTAB:
-+ LOG_VALIDATE_PTR_VAL_RET("DT_STRTAB", paShdrs[pModElf->Dyn.iStrSh].sh_addr);
-+ pModElf->paShdrExtras[pModElf->Dyn.iStrSh].idxDt = i;
-+ pModElf->paShdrExtras[pModElf->Dyn.iSymSh].uDtTag = DT_STRTAB;
-+ break;
-+ case DT_SYMTAB:
-+ LOG_VALIDATE_PTR_VAL_RET("DT_SYMTAB", paShdrs[pModElf->Dyn.iSymSh].sh_addr);
-+ pModElf->paShdrExtras[pModElf->Dyn.iSymSh].idxDt = i;
-+ pModElf->paShdrExtras[pModElf->Dyn.iSymSh].uDtTag = DT_SYMTAB;
-+ break;
-+ case DT_RELA:
-+ LOG_VALIDATE_PTR_RET("DT_RELA");
-+ SET_RELOC_TYPE_RET("DT_RELA", DT_RELA);
-+ SET_INFO_FIELD_RET("DT_RELA", pModElf->DynInfo.uPtrRelocs, paDynamic[i].d_un.d_ptr, ~(Elf_Addr)0, FMT_ELF_ADDR);
-+ FIND_MATCHING_SECTION_RET("DT_RELA", paShdrs[iSh].sh_type == SHT_RELA, pModElf->DynInfo.idxShRelocs);
-+ break;
-+ case DT_RELASZ:
-+ Log3(("RTLdrELF: DT[%u]: %16s %#RX64 bytes\n", i, "DT_RELASZ", (uint64_t)paDynamic[i].d_un.d_val));
-+ SET_RELOC_TYPE_RET("DT_RELASZ", DT_RELA);
-+ SET_INFO_FIELD_RET("DT_RELASZ", pModElf->DynInfo.cbRelocs, (Elf_Xword)paDynamic[i].d_un.d_val, 0, FMT_ELF_XWORD);
-+ break;
-+ case DT_RELAENT:
-+ LOG_VALIDATE_VAL_RET("DT_RELAENT", sizeof(Elf_Rela));
-+ SET_RELOC_TYPE_RET("DT_RELAENT", DT_RELA);
-+ SET_INFO_FIELD_RET("DT_RELAENT", pModElf->DynInfo.cbRelocEntry, (unsigned)sizeof(Elf_Rela), 0, "%u");
-+ break;
-+ case DT_STRSZ:
-+ LOG_VALIDATE_VAL_RET("DT_STRSZ", pModElf->Dyn.cbStr);
-+ break;
-+ case DT_SYMENT:
-+ LOG_VALIDATE_VAL_RET("DT_SYMENT", sizeof(Elf_Sym));
-+ break;
-+ case DT_INIT:
-+ LOG_VALIDATE_PTR_RET("DT_INIT");
-+ ONLY_FOR_DEBUG_OR_VALIDATION_RET("DT_INIT");
-+ break;
-+ case DT_FINI:
-+ LOG_VALIDATE_PTR_RET("DT_FINI");
-+ ONLY_FOR_DEBUG_OR_VALIDATION_RET("DT_FINI");
-+ break;
-+ case DT_SONAME:
-+ LOG_VALIDATE_STR_RET("DT_SONAME");
-+ break;
-+ case DT_RPATH:
-+ LOG_VALIDATE_STR_RET("DT_RPATH");
-+ break;
-+ case DT_SYMBOLIC:
-+ LOG_NON_VALUE_ENTRY("DT_SYMBOLIC");
-+ break;
-+ case DT_REL:
-+ LOG_VALIDATE_PTR_RET("DT_REL");
-+ SET_RELOC_TYPE_RET("DT_REL", DT_REL);
-+ SET_INFO_FIELD_RET("DT_REL", pModElf->DynInfo.uPtrRelocs, paDynamic[i].d_un.d_ptr, ~(Elf_Addr)0, FMT_ELF_ADDR);
-+ FIND_MATCHING_SECTION_RET("DT_REL", paShdrs[iSh].sh_type == SHT_REL, pModElf->DynInfo.idxShRelocs);
-+ break;
-+ case DT_RELSZ:
-+ Log3(("RTLdrELF: DT[%u]: %16s %#RX64 bytes\n", i, "DT_RELSZ", (uint64_t)paDynamic[i].d_un.d_val));
-+ SET_RELOC_TYPE_RET("DT_RELSZ", DT_REL);
-+ SET_INFO_FIELD_RET("DT_RELSZ", pModElf->DynInfo.cbRelocs, (Elf_Xword)paDynamic[i].d_un.d_val, 0, FMT_ELF_XWORD);
-+ break;
-+ case DT_RELENT:
-+ LOG_VALIDATE_VAL_RET("DT_RELENT", sizeof(Elf_Rel));
-+ SET_RELOC_TYPE_RET("DT_RELENT", DT_REL);
-+ SET_INFO_FIELD_RET("DT_RELENT", pModElf->DynInfo.cbRelocEntry, (unsigned)sizeof(Elf_Rel), 0, "%u");
-+ break;
-+ case DT_PLTREL:
-+ if (paDynamic[i].d_un.d_val != DT_RELA && paDynamic[i].d_un.d_val != DT_REL)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT[%u]/DT_PLTREL: Invalid value %#RX64",
-+ pszLogName, i, (uint64_t)paDynamic[i].d_un.d_val);
-+ Log3(("RTLdrELF: DT[%u]: %16s DT_REL%s\n", i, "DT_PLTREL", paDynamic[i].d_un.d_val == DT_RELA ? "A" : ""));
-+ SET_INFO_FIELD_RET("DT_PLTREL", pModElf->DynInfo.uJmpRelocType, (unsigned)paDynamic[i].d_un.d_val, 0, "%u");
-+ break;
-+ case DT_DEBUG:
-+ LOG_VALIDATE_PTR_RET("DT_DEBUG");
-+ break;
-+ case DT_TEXTREL:
-+ LOG_NON_VALUE_ENTRY("DT_TEXTREL");
-+ break;
-+ case DT_JMPREL:
-+ LOG_VALIDATE_PTR_RET("DT_JMPREL");
-+ SET_INFO_FIELD_RET("DT_JMPREL", pModElf->DynInfo.uPtrJmpRelocs, paDynamic[i].d_un.d_ptr, ~(Elf_Addr)0, FMT_ELF_ADDR);
-+ FIND_MATCHING_SECTION_RET("DT_JMPREL", 1, pModElf->DynInfo.idxShJmpRelocs);
-+ break;
-+ case DT_BIND_NOW:
-+ LOG_NON_VALUE_ENTRY("DT_BIND_NOW");
-+ break;
-+ case DT_INIT_ARRAY:
-+ LOG_VALIDATE_PTR_RET("DT_INIT_ARRAY");
-+ ONLY_FOR_DEBUG_OR_VALIDATION_RET("DT_INIT_ARRAY");
-+ break;
-+ case DT_FINI_ARRAY:
-+ LOG_VALIDATE_PTR_RET("DT_FINI_ARRAY");
-+ ONLY_FOR_DEBUG_OR_VALIDATION_RET("DT_FINI_ARRAY");
-+ break;
-+ case DT_INIT_ARRAYSZ:
-+ Log3(("RTLdrELF: DT[%u]: %16s %#RX64 bytes\n", i, "DT_INIT_ARRAYSZ", (uint64_t)paDynamic[i].d_un.d_val));
-+ ONLY_FOR_DEBUG_OR_VALIDATION_RET("DT_INIT_ARRAYSZ");
-+ break;
-+ case DT_FINI_ARRAYSZ:
-+ Log3(("RTLdrELF: DT[%u]: %16s %#RX64 bytes\n", i, "DT_FINI_ARRAYSZ", (uint64_t)paDynamic[i].d_un.d_val));
-+ ONLY_FOR_DEBUG_OR_VALIDATION_RET("DT_FINI_ARRAYSZ");
-+ break;
-+ case DT_RUNPATH:
-+ LOG_VALIDATE_STR_RET("DT_RUNPATH");
-+ break;
-+ case DT_FLAGS:
-+ Log3(("RTLdrELF: DT[%u]: %16s %#RX64\n", i, "DT_FLAGS", (uint64_t)paDynamic[i].d_un.d_val));
-+ break;
-+ case DT_PREINIT_ARRAY:
-+ LOG_VALIDATE_PTR_RET("DT_PREINIT_ARRAY");
-+ ONLY_FOR_DEBUG_OR_VALIDATION_RET("DT_PREINIT_ARRAY");
-+ break;
-+ case DT_PREINIT_ARRAYSZ:
-+ Log3(("RTLdrELF: DT[%u]: %16s %#RX64 bytes\n", i, "DT_PREINIT_ARRAYSZ", (uint64_t)paDynamic[i].d_un.d_val));
-+ ONLY_FOR_DEBUG_OR_VALIDATION_RET("DT_PREINIT_ARRAYSZ");
-+ break;
-+ default:
-+ if ( paDynamic[i].d_un.d_val < DT_ENCODING
-+ || (paDynamic[i].d_un.d_val & 1))
-+ Log3(("RTLdrELF: DT[%u]: %#010RX64 %#RX64%s\n", i, (uint64_t)paDynamic[i].d_tag,
-+ (uint64_t)paDynamic[i].d_un.d_val, paDynamic[i].d_un.d_val >= DT_ENCODING ? " (val)" : ""));
-+ else
-+ {
-+ Log3(("RTLdrELF: DT[%u]: %#010RX64 " FMT_ELF_ADDR " (addr)\n",
-+ i, (uint64_t)paDynamic[i].d_tag, paDynamic[i].d_un.d_ptr));
-+ if ((uint64_t)paDynamic[i].d_un.d_ptr - uLinkAddress >= cbImage)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: DT[%u]/%#RX64: Invalid address " FMT_ELF_ADDR " (valid range: " FMT_ELF_ADDR " LB " FMT_ELF_ADDR ")",
-+ pszLogName, i, (uint64_t)paDynamic[i].d_tag,
-+ paDynamic[i].d_un.d_ptr, uLinkAddress, cbImage);
-+ }
-+ break;
-+ }
-+#undef LOG_VALIDATE_VAL_RET
-+#undef LOG_VALIDATE_STR_RET
-+#undef LOG_VALIDATE_PTR_VAL_RET
-+#undef LOG_VALIDATE_PTR_RET
-+#undef SET_RELOC_TYPE_RET
-+#undef SET_INFO_FIELD_RET
-+#undef FIND_MATCHING_SECTION_RET
-+#undef ONLY_FOR_DEBUG_OR_VALIDATION_RET
-+ }
-+
-+ /*
-+ * Validate the relocation information we've gathered.
-+ */
-+ Elf_Word uShTypeArch = SHT_RELA; /** @todo generalize architecture specific stuff using its own code template header. */
-+ switch (pModElf->Core.enmArch)
-+ {
-+ case RTLDRARCH_AMD64:
-+ break;
-+ case RTLDRARCH_X86_32:
-+ uShTypeArch = SHT_REL;
-+ break;
-+ default:
-+ AssertFailedBreak(/** @todo page size for got.plt hacks */);
-+
-+ }
-+
-+ if (pModElf->DynInfo.uRelocType != 0)
-+ {
-+ const char * const pszModifier = pModElf->DynInfo.uRelocType == DT_RELA ? "A" : "";
-+ if (pModElf->DynInfo.uPtrRelocs == ~(Elf_Addr)0)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: Missing DT_REL%s", pszLogName, pszModifier);
-+ if (pModElf->DynInfo.cbRelocs == 0)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: Missing DT_REL%sSZ", pszLogName, pszModifier);
-+ if (pModElf->DynInfo.cbRelocEntry == 0)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: Missing DT_REL%sENT", pszLogName, pszModifier);
-+ Elf_Shdr const *pShdrRelocs = &paShdrs[pModElf->DynInfo.idxShRelocs];
-+ Elf_Word const uShType = pModElf->DynInfo.uJmpRelocType == DT_RELA ? SHT_RELA : SHT_REL;
-+ if (pShdrRelocs->sh_type != uShType)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT_REL%s* does not match section type: %u vs %u",
-+ pszLogName, pszModifier, pShdrRelocs->sh_type, uShType);
-+ if (pShdrRelocs->sh_size != pModElf->DynInfo.cbRelocs)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT_REL%sSZ does not match section size: %u vs %u",
-+ pszLogName, pszModifier, pShdrRelocs->sh_size, pModElf->DynInfo.cbRelocs);
-+ if (uShType != uShTypeArch)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT_REL%s* does not match architecture: %u, arch wants %u",
-+ pszLogName, pszModifier, uShType, uShTypeArch);
-+ }
-+
-+ if ( pModElf->DynInfo.uPtrJmpRelocs != ~(Elf_Addr)0
-+ || pModElf->DynInfo.cbJmpRelocs != 0
-+ || pModElf->DynInfo.uJmpRelocType != 0)
-+ {
-+ if (pModElf->DynInfo.uPtrJmpRelocs == ~(Elf_Addr)0)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: Missing DT_JMPREL", pszLogName);
-+ if (pModElf->DynInfo.cbJmpRelocs == 0)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: Missing DT_PLTRELSZ", pszLogName);
-+ if (pModElf->DynInfo.uJmpRelocType == 0)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: Missing DT_PLTREL", pszLogName);
-+ Elf_Shdr const *pShdrRelocs = &paShdrs[pModElf->DynInfo.idxShJmpRelocs];
-+ Elf_Word const uShType = pModElf->DynInfo.uJmpRelocType == DT_RELA ? SHT_RELA : SHT_REL;
-+ if (pShdrRelocs->sh_type != uShType)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT_PLTREL does not match section type: %u vs %u",
-+ pszLogName, pShdrRelocs->sh_type, uShType);
-+ if (pShdrRelocs->sh_size != pModElf->DynInfo.cbJmpRelocs)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT_PLTRELSZ does not match section size: %u vs %u",
-+ pszLogName, pShdrRelocs->sh_size, pModElf->DynInfo.cbJmpRelocs);
-+ if (uShType != uShTypeArch)
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT, "%s: DT_PLTREL does not match architecture: %u, arch wants %u",
-+ pszLogName, uShType, uShTypeArch);
-+ }
-+
-+ /*
-+ * Check that there aren't any other relocations hiding in the section table.
-+ */
-+ for (uint32_t i = 1; i < pModElf->Ehdr.e_shnum; i++)
-+ if ( (paShdrs[i].sh_type == SHT_REL || paShdrs[i].sh_type == SHT_RELA)
-+ && pModElf->paShdrExtras[i].uDtTag != DT_REL
-+ && pModElf->paShdrExtras[i].uDtTag != DT_RELA
-+ && pModElf->paShdrExtras[i].uDtTag != DT_JMPREL)
-+ {
-+ char szSecHdrNm[80];
-+ return RTERRINFO_LOG_SET_F(pErrInfo, VERR_BAD_EXE_FORMAT,
-+ "%s: section header #%u (%s type=" FMT_ELF_WORD " size=" FMT_ELF_XWORD ") contains relocations not referenced by the dynamic section",
-+ pszLogName, i,
-+ RTLDRELF_NAME(GetSHdrName)(pModElf, paShdrs[i].sh_name, szSecHdrNm, sizeof(szSecHdrNm)),
-+ paShdrs[i].sh_type, paShdrs[i].sh_size);
-+ }
-
- return VINF_SUCCESS;
- }
-@@ -1866,8 +2819,9 @@ static int RTLDRELF_NAME(ValidateSection
- * @param fFlags Reserved, MBZ.
- * @param enmArch Architecture specifier.
- * @param phLdrMod Where to store the handle.
-+ * @param pErrInfo Where to return extended error info. Optional.
- */
--static int RTLDRELF_NAME(Open)(PRTLDRREADER pReader, uint32_t fFlags, RTLDRARCH enmArch, PRTLDRMOD phLdrMod)
-+static int RTLDRELF_NAME(Open)(PRTLDRREADER pReader, uint32_t fFlags, RTLDRARCH enmArch, PRTLDRMOD phLdrMod, PRTERRINFO pErrInfo)
- {
- const char *pszLogName = pReader->pfnLogName(pReader);
- uint64_t cbRawImage = pReader->pfnSize(pReader);
-@@ -1891,21 +2845,42 @@ static int RTLDRELF_NAME(Open)(PRTLDRREA
- #else
- pModElf->Core.enmArch = RTLDRARCH_AMD64;
- #endif
-- //pModElf->pvBits = NULL;
-- //pModElf->Ehdr = {0};
-- //pModElf->paShdrs = NULL;
-- //pModElf->paSyms = NULL;
-- pModElf->iSymSh = ~0U;
-- //pModElf->cSyms = 0;
-- pModElf->iStrSh = ~0U;
-- //pModElf->cbStr = 0;
-- //pModElf->cbImage = 0;
-- //pModElf->LinkAddress = 0;
-- //pModElf->pStr = NULL;
-- //pModElf->cbShStr = 0;
-- //pModElf->pShStr = NULL;
-- //pModElf->iShEhFrame = 0;
-- //pModElf->iShEhFrameHdr = 0;
-+ //pModElf->pvBits = NULL;
-+ //pModElf->Ehdr = {0};
-+ //pModElf->paShdrs = NULL;
-+ //pModElf->Rel.paSyms = NULL;
-+ pModElf->Rel.iSymSh = ~0U;
-+ //pModElf->Rel.cSyms = 0;
-+ pModElf->Rel.iStrSh = ~0U;
-+ //pModElf->Rel.cbStr = 0;
-+ //pModElf->Rel.pStr = NULL;
-+ //pModElf->Dyn.paSyms = NULL;
-+ pModElf->Dyn.iSymSh = ~0U;
-+ //pModElf->Dyn.cSyms = 0;
-+ pModElf->Dyn.iStrSh = ~0U;
-+ //pModElf->Dyn.cbStr = 0;
-+ //pModElf->Dyn.pStr = NULL;
-+ pModElf->iFirstSect = 1;
-+ //pModElf->fShdrInOrder = false;
-+ //pModElf->cbImage = 0;
-+ pModElf->LinkAddress = ~(Elf_Addr)0;
-+ //pModElf->cbShStr = 0;
-+ //pModElf->pShStr = NULL;
-+ //pModElf->iShEhFrame = 0;
-+ //pModElf->iShEhFrameHdr= 0;
-+ pModElf->iShDynamic = ~0U;
-+ //pModElf->cDynamic = 0;
-+ //pModElf->paDynamic = NULL;
-+ //pModElf->paPhdrs = NULL;
-+ pModElf->DynInfo.uPtrRelocs = ~(Elf_Addr)0;
-+ //pModElf->DynInfo.cbRelocs = 0;
-+ //pModElf->DynInfo.cbRelocEntry = 0;
-+ //pModElf->DynInfo.uRelocType = 0;
-+ //pModElf->DynInfo.idxShRelocs = 0;
-+ pModElf->DynInfo.uPtrJmpRelocs = ~(Elf_Addr)0;
-+ //pModElf->DynInfo.cbJmpRelocs = 0;
-+ //pModElf->DynInfo.uJmpRelocType = 0;
-+ //pModElf->DynInfo.idxShJmpRelocs = 0;
-
- /*
- * Read and validate the ELF header and match up the CPU architecture.
-@@ -1914,7 +2889,7 @@ static int RTLDRELF_NAME(Open)(PRTLDRREA
- if (RT_SUCCESS(rc))
- {
- RTLDRARCH enmArchImage = RTLDRARCH_INVALID; /* shut up gcc */
-- rc = RTLDRELF_NAME(ValidateElfHeader)(&pModElf->Ehdr, pszLogName, cbRawImage, &enmArchImage);
-+ rc = RTLDRELF_NAME(ValidateElfHeader)(&pModElf->Ehdr, cbRawImage, pszLogName, &enmArchImage, pErrInfo);
- if (RT_SUCCESS(rc))
- {
- if ( enmArch != RTLDRARCH_WHATEVER
-@@ -1929,7 +2904,7 @@ static int RTLDRELF_NAME(Open)(PRTLDRREA
- * introspection methods.
- */
- size_t const cbShdrs = pModElf->Ehdr.e_shnum * sizeof(Elf_Shdr);
-- Elf_Shdr *paShdrs = (Elf_Shdr *)RTMemAlloc(cbShdrs * 2);
-+ Elf_Shdr *paShdrs = (Elf_Shdr *)RTMemAlloc(cbShdrs * 2 + sizeof(RTLDRMODELFSHX) * pModElf->Ehdr.e_shnum);
- if (paShdrs)
- {
- pModElf->paShdrs = paShdrs;
-@@ -1939,111 +2914,77 @@ static int RTLDRELF_NAME(Open)(PRTLDRREA
- memcpy(&paShdrs[pModElf->Ehdr.e_shnum], paShdrs, cbShdrs);
- pModElf->paOrgShdrs = &paShdrs[pModElf->Ehdr.e_shnum];
-
-+ pModElf->paShdrExtras = (PRTLDRMODELFSHX)&pModElf->paOrgShdrs[pModElf->Ehdr.e_shnum];
-+ memset(pModElf->paShdrExtras, 0xff, sizeof(RTLDRMODELFSHX) * pModElf->Ehdr.e_shnum);
-+
- pModElf->cbShStr = paShdrs[pModElf->Ehdr.e_shstrndx].sh_size;
-
- /*
- * Validate the section headers and find relevant sections.
- */
-- Elf_Addr uNextAddr = 0;
-- for (unsigned i = 0; i < pModElf->Ehdr.e_shnum; i++)
-- {
-- rc = RTLDRELF_NAME(ValidateSectionHeader)(pModElf, i, pszLogName, cbRawImage);
-- if (RT_FAILURE(rc))
-- break;
--
-- /* We're looking for symbol tables. */
-- if (paShdrs[i].sh_type == SHT_SYMTAB)
-- {
-- if (pModElf->iSymSh != ~0U)
-- {
-- Log(("RTLdrElf: %s: Multiple symbol tabs! iSymSh=%d i=%d\n", pszLogName, pModElf->iSymSh, i));
-- rc = VERR_LDRELF_MULTIPLE_SYMTABS;
-- break;
-- }
-- pModElf->iSymSh = i;
-- pModElf->cSyms = (unsigned)(paShdrs[i].sh_size / sizeof(Elf_Sym));
-- AssertBreakStmt(pModElf->cSyms == paShdrs[i].sh_size / sizeof(Elf_Sym), rc = VERR_IMAGE_TOO_BIG);
-- pModElf->iStrSh = paShdrs[i].sh_link;
-- pModElf->cbStr = (unsigned)paShdrs[pModElf->iStrSh].sh_size;
-- AssertBreakStmt(pModElf->cbStr == paShdrs[pModElf->iStrSh].sh_size, rc = VERR_IMAGE_TOO_BIG);
-- }
--
-- /* Special checks for the section string table. */
-- if (i == pModElf->Ehdr.e_shstrndx)
-- {
-- if (paShdrs[i].sh_type != SHT_STRTAB)
-- {
-- Log(("RTLdrElf: Section header string table is not a SHT_STRTAB: %#x\n", paShdrs[i].sh_type));
-- rc = VERR_BAD_EXE_FORMAT;
-- break;
-- }
-- if (paShdrs[i].sh_size == 0)
-- {
-- Log(("RTLdrElf: Section header string table is empty\n"));
-- rc = VERR_BAD_EXE_FORMAT;
-- break;
-- }
-- }
-+ rc = RTLDRELF_NAME(ValidateAndProcessSectionHeaders)(pModElf, paShdrs, cbRawImage, pszLogName, pErrInfo);
-
-- /* Kluge for the .data..percpu segment in 64-bit linux kernels. */
-- if (paShdrs[i].sh_flags & SHF_ALLOC)
-- {
-- if ( paShdrs[i].sh_addr == 0
-- && paShdrs[i].sh_addr < uNextAddr)
-- {
-- Elf_Addr uAddr = RT_ALIGN_T(uNextAddr, paShdrs[i].sh_addralign, Elf_Addr);
-- Log(("RTLdrElf: Out of order section #%d; adjusting sh_addr from " FMT_ELF_ADDR " to " FMT_ELF_ADDR "\n",
-- i, paShdrs[i].sh_addr, uAddr));
-- paShdrs[i].sh_addr = uAddr;
-- }
-- uNextAddr = paShdrs[i].sh_addr + paShdrs[i].sh_size;
-- }
-- } /* for each section header */
-+ /*
-+ * Read validate and process program headers if ET_DYN or ET_EXEC.
-+ */
-+ if (RT_SUCCESS(rc) && (pModElf->Ehdr.e_type == ET_DYN || pModElf->Ehdr.e_type == ET_EXEC))
-+ rc = RTLDRELF_NAME(ValidateAndProcessDynamicInfo)(pModElf, cbRawImage, fFlags, pszLogName, pErrInfo);
-
- /*
-- * Calculate the image base address if the image isn't relocatable.
-+ * Massage the section headers.
- */
-- if (RT_SUCCESS(rc) && pModElf->Ehdr.e_type != ET_REL)
-+ if (RT_SUCCESS(rc))
- {
-- pModElf->LinkAddress = ~(Elf_Addr)0;
-- for (unsigned i = 0; i < pModElf->Ehdr.e_shnum; i++)
-- if ( (paShdrs[i].sh_flags & SHF_ALLOC)
-- && paShdrs[i].sh_addr < pModElf->LinkAddress)
-- pModElf->LinkAddress = paShdrs[i].sh_addr;
-- if (pModElf->LinkAddress == ~(Elf_Addr)0)
-+ if (pModElf->Ehdr.e_type == ET_REL)
- {
-- AssertFailed();
-- rc = VERR_LDR_GENERAL_FAILURE;
-- }
-- if (pModElf->Ehdr.e_type == ET_DYN && pModElf->LinkAddress < 0x1000)
-+ /* Do allocations and figure the image size: */
- pModElf->LinkAddress = 0;
-+ for (unsigned i = 1; i < pModElf->Ehdr.e_shnum; i++)
-+ if (paShdrs[i].sh_flags & SHF_ALLOC)
-+ {
-+ paShdrs[i].sh_addr = paShdrs[i].sh_addralign
-+ ? RT_ALIGN_T(pModElf->cbImage, paShdrs[i].sh_addralign, Elf_Addr)
-+ : (Elf_Addr)pModElf->cbImage;
-+ Elf_Addr EndAddr = paShdrs[i].sh_addr + paShdrs[i].sh_size;
-+ if (pModElf->cbImage < EndAddr)
-+ {
-+ pModElf->cbImage = (size_t)EndAddr;
-+ AssertMsgBreakStmt(pModElf->cbImage == EndAddr, (FMT_ELF_ADDR "\n", EndAddr), rc = VERR_IMAGE_TOO_BIG);
-+ }
-+ Log2(("RTLdrElf: %s: Assigned " FMT_ELF_ADDR " to section #%d\n", pszLogName, paShdrs[i].sh_addr, i));
-+ }
-+ }
-+ else
-+ {
-+ /* Convert sh_addr to RVA: */
-+ Assert(pModElf->LinkAddress != ~(Elf_Addr)0);
-+ for (unsigned i = 0 /*!*/; i < pModElf->Ehdr.e_shnum; i++)
-+ if (paShdrs[i].sh_flags & SHF_ALLOC)
-+ paShdrs[i].sh_addr -= pModElf->LinkAddress;
-+ }
- }
-
- /*
-- * Perform allocations / RVA calculations, determine the image size.
-+ * Check if the sections are in order by address, as that will simplify
-+ * enumeration and address translation.
- */
-- if (RT_SUCCESS(rc))
-- for (unsigned i = 0; i < pModElf->Ehdr.e_shnum; i++)
-- if (paShdrs[i].sh_flags & SHF_ALLOC)
-+ pModElf->fShdrInOrder = true;
-+ Elf_Addr uEndAddr = 0;
-+ for (unsigned i = pModElf->iFirstSect; i < pModElf->Ehdr.e_shnum; i++)
-+ if (paShdrs[i].sh_flags & SHF_ALLOC)
-+ {
-+ if (uEndAddr <= paShdrs[i].sh_addr)
-+ uEndAddr = paShdrs[i].sh_addr + paShdrs[i].sh_size;
-+ else
- {
-- if (pModElf->Ehdr.e_type == ET_REL)
-- paShdrs[i].sh_addr = paShdrs[i].sh_addralign
-- ? RT_ALIGN_T(pModElf->cbImage, paShdrs[i].sh_addralign, Elf_Addr)
-- : (Elf_Addr)pModElf->cbImage;
-- else
-- paShdrs[i].sh_addr -= pModElf->LinkAddress;
-- Elf_Addr EndAddr = paShdrs[i].sh_addr + paShdrs[i].sh_size;
-- if (pModElf->cbImage < EndAddr)
-- {
-- pModElf->cbImage = (size_t)EndAddr;
-- AssertMsgBreakStmt(pModElf->cbImage == EndAddr, (FMT_ELF_ADDR "\n", EndAddr), rc = VERR_IMAGE_TOO_BIG);
-- }
-- Log2(("RTLdrElf: %s: Assigned " FMT_ELF_ADDR " to section #%d\n", pszLogName, paShdrs[i].sh_addr, i));
-+ pModElf->fShdrInOrder = false;
-+ break;
- }
-+ }
-
-- Log2(("RTLdrElf: iSymSh=%u cSyms=%u iStrSh=%u cbStr=%u rc=%Rrc cbImage=%#zx LinkAddress=" FMT_ELF_ADDR "\n",
-- pModElf->iSymSh, pModElf->cSyms, pModElf->iStrSh, pModElf->cbStr, rc,
-- pModElf->cbImage, pModElf->LinkAddress));
-+ Log2(("RTLdrElf: iSymSh=%u cSyms=%u iStrSh=%u cbStr=%u rc=%Rrc cbImage=%#zx LinkAddress=" FMT_ELF_ADDR " fShdrInOrder=%RTbool\n",
-+ pModElf->Rel.iSymSh, pModElf->Rel.cSyms, pModElf->Rel.iStrSh, pModElf->Rel.cbStr, rc,
-+ pModElf->cbImage, pModElf->LinkAddress, pModElf->fShdrInOrder));
- if (RT_SUCCESS(rc))
- {
- pModElf->Core.pOps = &RTLDRELF_MID(s_rtldrElf,Ops);
-@@ -2077,6 +3018,7 @@ static int RTLDRELF_NAME(Open)(PRTLDRREA
- #undef RTLDRELF_MID
-
- #undef FMT_ELF_ADDR
-+#undef FMT_ELF_ADDR7
- #undef FMT_ELF_HALF
- #undef FMT_ELF_SHALF
- #undef FMT_ELF_OFF
-@@ -2102,6 +3044,8 @@ static int RTLDRELF_NAME(Open)(PRTLDRREA
- #undef Elf_Size
- #undef Elf_Sword
- #undef Elf_Word
-+#undef Elf_Xword
-+#undef Elf_Sxword
-
- #undef RTLDRMODELF
- #undef PRTLDRMODELF
---- a/include/iprt/memobj.h
-+++ b/include/iprt/memobj.h
-@@ -127,7 +127,10 @@ RTR0DECL(int) RTR0MemObjFree(RTR0MEMOBJ
- * @returns IPRT status code.
- * @param pMemObj Where to store the ring-0 memory object handle.
- * @param cb Number of bytes to allocate. This is rounded up to nearest page.
-- * @param fExecutable Flag indicating whether it should be permitted to executed code in the memory object.
-+ * @param fExecutable Flag indicating whether it should be permitted to
-+ * executed code in the memory object. The user must
-+ * use RTR0MemObjProtect after initialization the
-+ * allocation to actually make it executable.
- */
- #define RTR0MemObjAllocPage(pMemObj, cb, fExecutable) \
- RTR0MemObjAllocPageTag((pMemObj), (cb), (fExecutable), RTMEM_TAG)
-@@ -140,7 +143,10 @@ RTR0DECL(int) RTR0MemObjFree(RTR0MEMOBJ
- * @returns IPRT status code.
- * @param pMemObj Where to store the ring-0 memory object handle.
- * @param cb Number of bytes to allocate. This is rounded up to nearest page.
-- * @param fExecutable Flag indicating whether it should be permitted to executed code in the memory object.
-+ * @param fExecutable Flag indicating whether it should be permitted to
-+ * executed code in the memory object. The user must
-+ * use RTR0MemObjProtect after initialization the
-+ * allocation to actually make it executable.
- * @param pszTag Allocation tag used for statistics and such.
- */
- RTR0DECL(int) RTR0MemObjAllocPageTag(PRTR0MEMOBJ pMemObj, size_t cb, bool fExecutable, const char *pszTag);
-@@ -154,7 +160,10 @@ RTR0DECL(int) RTR0MemObjAllocPageTag(PRT
- * @returns IPRT status code.
- * @param pMemObj Where to store the ring-0 memory object handle.
- * @param cb Number of bytes to allocate. This is rounded up to nearest page.
-- * @param fExecutable Flag indicating whether it should be permitted to executed code in the memory object.
-+ * @param fExecutable Flag indicating whether it should be permitted to
-+ * executed code in the memory object. The user must
-+ * use RTR0MemObjProtect after initialization the
-+ * allocation to actually make it executable.
- */
- #define RTR0MemObjAllocLow(pMemObj, cb, fExecutable) \
- RTR0MemObjAllocLowTag((pMemObj), (cb), (fExecutable), RTMEM_TAG)
-@@ -168,7 +177,10 @@ RTR0DECL(int) RTR0MemObjAllocPageTag(PRT
- * @returns IPRT status code.
- * @param pMemObj Where to store the ring-0 memory object handle.
- * @param cb Number of bytes to allocate. This is rounded up to nearest page.
-- * @param fExecutable Flag indicating whether it should be permitted to executed code in the memory object.
-+ * @param fExecutable Flag indicating whether it should be permitted to
-+ * executed code in the memory object. The user must
-+ * use RTR0MemObjProtect after initialization the
-+ * allocation to actually make it executable.
- * @param pszTag Allocation tag used for statistics and such.
- */
- RTR0DECL(int) RTR0MemObjAllocLowTag(PRTR0MEMOBJ pMemObj, size_t cb, bool fExecutable, const char *pszTag);
-@@ -182,7 +194,10 @@ RTR0DECL(int) RTR0MemObjAllocLowTag(PRTR
- * @returns IPRT status code.
- * @param pMemObj Where to store the ring-0 memory object handle.
- * @param cb Number of bytes to allocate. This is rounded up to nearest page.
-- * @param fExecutable Flag indicating whether it should be permitted to executed code in the memory object.
-+ * @param fExecutable Flag indicating whether it should be permitted to
-+ * executed code in the memory object. The user must
-+ * use RTR0MemObjProtect after initialization the
-+ * allocation to actually make it executable.
- */
- #define RTR0MemObjAllocCont(pMemObj, cb, fExecutable) \
- RTR0MemObjAllocContTag((pMemObj), (cb), (fExecutable), RTMEM_TAG)
-@@ -196,7 +211,10 @@ RTR0DECL(int) RTR0MemObjAllocLowTag(PRTR
- * @returns IPRT status code.
- * @param pMemObj Where to store the ring-0 memory object handle.
- * @param cb Number of bytes to allocate. This is rounded up to nearest page.
-- * @param fExecutable Flag indicating whether it should be permitted to executed code in the memory object.
-+ * @param fExecutable Flag indicating whether it should be permitted to
-+ * executed code in the memory object. The user must
-+ * use RTR0MemObjProtect after initialization the
-+ * allocation to actually make it executable.
- * @param pszTag Allocation tag used for statistics and such.
- */
- RTR0DECL(int) RTR0MemObjAllocContTag(PRTR0MEMOBJ pMemObj, size_t cb, bool fExecutable, const char *pszTag);
---- a/src/VBox/Runtime/r0drv/linux/alloc-r0drv-linux.c
-+++ b/src/VBox/Runtime/r0drv/linux/alloc-r0drv-linux.c
-@@ -38,7 +38,7 @@
-
-
- #if (defined(RT_ARCH_AMD64) || defined(DOXYGEN_RUNNING)) && !defined(RTMEMALLOC_EXEC_HEAP)
--# if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 23)
-+# if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 23) && LINUX_VERSION_CODE < KERNEL_VERSION(5, 8, 0)
- /**
- * Starting with 2.6.23 we can use __get_vm_area and map_vm_area to allocate
- * memory in the moduel range. This is preferrable to the exec heap below.
---- a/include/VBox/sup.h
-+++ b/include/VBox/sup.h
-@@ -1553,8 +1553,11 @@ SUPR3DECL(int) SUPR3GetSymbolR0(void *pv
- *
- * @returns VBox status code.
- * @deprecated Use SUPR3LoadModule(pszFilename, "VMMR0.r0", &pvImageBase)
-+ * @param pszFilename Full path to the VMMR0.r0 file (silly).
-+ * @param pErrInfo Where to return extended error information.
-+ * Optional.
- */
--SUPR3DECL(int) SUPR3LoadVMM(const char *pszFilename);
-+SUPR3DECL(int) SUPR3LoadVMM(const char *pszFilename, PRTERRINFO pErrInfo);
-
- /**
- * Unloads R0 HC VMM code.
---- a/src/VBox/Devices/Network/testcase/tstIntNet-1.cpp
-+++ b/src/VBox/Devices/Network/testcase/tstIntNet-1.cpp
-@@ -846,7 +846,7 @@ extern "C" DECLEXPORT(int) TrustedMain(i
- return 1;
- }
-
-- rc = SUPR3LoadVMM(szAbsPath);
-+ rc = SUPR3LoadVMM(szAbsPath, NULL);
- if (RT_FAILURE(rc))
- {
- RTPrintf("tstIntNet-1: SUPR3LoadVMM(\"%s\") -> %Rrc\n", szAbsPath, rc);
---- a/src/VBox/NetworkServices/Dhcpd/VBoxNetDhcpd.cpp
-+++ b/src/VBox/NetworkServices/Dhcpd/VBoxNetDhcpd.cpp
-@@ -259,7 +259,7 @@ int VBoxNetDhcpd::vmmInit()
- if (RT_SUCCESS(rc))
- rc = RTPathAppend(szPathVMMR0, sizeof(szPathVMMR0), "VMMR0.r0");
- if (RT_SUCCESS(rc))
-- rc = SUPR3LoadVMM(szPathVMMR0);
-+ rc = SUPR3LoadVMM(szPathVMMR0, NULL /*pErrInfo*/);
- return rc;
- }
-
---- a/src/VBox/NetworkServices/NetLib/VBoxNetBaseService.cpp
-+++ b/src/VBox/NetworkServices/NetLib/VBoxNetBaseService.cpp
-@@ -383,7 +383,7 @@ int VBoxNetBaseService::tryGoOnline(void
- return rc;
- }
-
-- rc = SUPR3LoadVMM(strcat(szPath, "/VMMR0.r0"));
-+ rc = SUPR3LoadVMM(strcat(szPath, "/VMMR0.r0"), NULL);
- if (RT_FAILURE(rc))
- {
- LogRel(("VBoxNetBaseService: SUPR3LoadVMM(\"%s\") -> %Rrc\n", szPath, rc));
---- a/src/VBox/VMM/testcase/tstGlobalConfig.cpp
-+++ b/src/VBox/VMM/testcase/tstGlobalConfig.cpp
-@@ -102,7 +102,7 @@ extern "C" DECLEXPORT(int) TrustedMain(i
- return 1;
- }
-
-- rc = SUPR3LoadVMM("./VMMR0.r0");
-+ rc = SUPR3LoadVMM("./VMMR0.r0", NULL /*pErrInfo*/);
- if (RT_SUCCESS(rc))
- {
- Req.pSession = pSession;
---- a/src/VBox/HostDrivers/Support/SUPLibLdr.cpp
-+++ b/src/VBox/HostDrivers/Support/SUPLibLdr.cpp
-@@ -334,6 +334,372 @@ static DECLCALLBACK(int) supLoadModuleCr
- }
-
-
-+/** Argument package for supLoadModuleCompileSegmentsCB. */
-+typedef struct SUPLDRCOMPSEGTABARGS
-+{
-+ uint32_t uStartRva;
-+ uint32_t uEndRva;
-+ uint32_t fProt;
-+ uint32_t iSegs;
-+ uint32_t cSegsAlloc;
-+ PSUPLDRSEG paSegs;
-+ PRTERRINFO pErrInfo;
-+} SUPLDRCOMPSEGTABARGS, *PSUPLDRCOMPSEGTABARGS;
-+
-+/**
-+ * @callback_method_impl{FNRTLDRENUMSEGS,
-+ * Compile list of segments with the same memory protection.}
-+ */
-+static DECLCALLBACK(int) supLoadModuleCompileSegmentsCB(RTLDRMOD hLdrMod, PCRTLDRSEG pSeg, void *pvUser)
-+{
-+ PSUPLDRCOMPSEGTABARGS pArgs = (PSUPLDRCOMPSEGTABARGS)pvUser;
-+ AssertCompile(RTMEM_PROT_READ == SUPLDR_PROT_READ);
-+ AssertCompile(RTMEM_PROT_WRITE == SUPLDR_PROT_WRITE);
-+ AssertCompile(RTMEM_PROT_EXEC == SUPLDR_PROT_EXEC);
-+ RT_NOREF(hLdrMod);
-+
-+ Log2(("supLoadModuleCompileSegmentsCB: %RTptr/%RTptr LB %RTptr/%RTptr prot %#x %s\n",
-+ pSeg->LinkAddress, pSeg->RVA, pSeg->cbMapped, pSeg->cb, pSeg->fProt, pSeg->pszName));
-+
-+ /* Ignore segments not part of the loaded image. */
-+ if (pSeg->RVA == NIL_RTLDRADDR || pSeg->cbMapped == 0)
-+ {
-+ Log2(("supLoadModuleCompileSegmentsCB: -> skipped\n"));
-+ return VINF_SUCCESS;
-+ }
-+
-+ /* We currently ASSUME that all relevant segments are in ascending RVA order. */
-+ AssertReturn(pSeg->RVA >= pArgs->uEndRva,
-+ RTERRINFO_LOG_REL_SET_F(pArgs->pErrInfo, VERR_BAD_EXE_FORMAT, "Out of order segment: %p LB %#zx #%.*s",
-+ pSeg->RVA, pSeg->cb, pSeg->cchName, pSeg->pszName));
-+
-+ /* We ASSUME the cbMapped field is implemented. */
-+ AssertReturn(pSeg->cbMapped != NIL_RTLDRADDR, VERR_INTERNAL_ERROR_2);
-+ AssertReturn(pSeg->cbMapped < _1G, VERR_INTERNAL_ERROR_4);
-+ uint32_t cbMapped = (uint32_t)pSeg->cbMapped;
-+ AssertReturn(pSeg->RVA < _1G, VERR_INTERNAL_ERROR_3);
-+ uint32_t uRvaSeg = (uint32_t)pSeg->RVA;
-+
-+ /*
-+ * If the protection is the same as the previous segment,
-+ * just update uEndRva and continue.
-+ */
-+ uint32_t fProt = pSeg->fProt;
-+#if defined(RT_ARCH_AMD64) || defined(RT_ARCH_X86)
-+ if (fProt & RTMEM_PROT_EXEC)
-+ fProt |= fProt & RTMEM_PROT_READ;
-+#endif
-+ if (pSeg->fProt == pArgs->fProt)
-+ {
-+ pArgs->uEndRva = uRvaSeg + cbMapped;
-+ Log2(("supLoadModuleCompileSegmentsCB: -> merged, end %#x\n", pArgs->uEndRva));
-+ return VINF_SUCCESS;
-+ }
-+
-+ /*
-+ * The protection differs, so commit current segment and start a new one.
-+ * However, if the new segment and old segment share a page, this becomes
-+ * a little more complicated...
-+ */
-+ if (pArgs->uStartRva < pArgs->uEndRva)
-+ {
-+ if (((pArgs->uEndRva - 1) >> PAGE_SHIFT) != (uRvaSeg >> PAGE_SHIFT))
-+ {
-+ /* No common page, so make the new segment start on a page boundrary. */
-+ cbMapped += uRvaSeg & PAGE_OFFSET_MASK;
-+ uRvaSeg &= ~(uint32_t)PAGE_OFFSET_MASK;
-+ Assert(pArgs->uEndRva <= uRvaSeg);
-+ Log2(("supLoadModuleCompileSegmentsCB: -> new, no common\n"));
-+ }
-+ else if ((fProt & pArgs->fProt) == fProt)
-+ {
-+ /* The current segment includes the memory protections of the
-+ previous, so include the common page in it: */
-+ uint32_t const cbCommon = PAGE_SIZE - (uRvaSeg & PAGE_OFFSET_MASK);
-+ if (cbCommon >= cbMapped)
-+ {
-+ pArgs->uEndRva = uRvaSeg + cbMapped;
-+ Log2(("supLoadModuleCompileSegmentsCB: -> merge, %#x common, upgrading prot to %#x, end %#x\n",
-+ cbCommon, pArgs->fProt, pArgs->uEndRva));
-+ return VINF_SUCCESS; /* New segment was smaller than a page. */
-+ }
-+ cbMapped -= cbCommon;
-+ uRvaSeg += cbCommon;
-+ Assert(pArgs->uEndRva <= uRvaSeg);
-+ Log2(("supLoadModuleCompileSegmentsCB: -> new, %#x common into previous\n", cbCommon));
-+ }
-+ else if ((fProt & pArgs->fProt) == pArgs->fProt)
-+ {
-+ /* The new segment includes the memory protections of the
-+ previous, so include the common page in it: */
-+ cbMapped += uRvaSeg & PAGE_OFFSET_MASK;
-+ uRvaSeg &= ~(uint32_t)PAGE_OFFSET_MASK;
-+ if (uRvaSeg == pArgs->uStartRva)
-+ {
-+ pArgs->fProt = fProt;
-+ pArgs->uEndRva = uRvaSeg + cbMapped;
-+ Log2(("supLoadModuleCompileSegmentsCB: -> upgrade current protection, end %#x\n", pArgs->uEndRva));
-+ return VINF_SUCCESS; /* Current segment was smaller than a page. */
-+ }
-+ Log2(("supLoadModuleCompileSegmentsCB: -> new, %#x common into new\n", (uint32_t)(pSeg->RVA & PAGE_OFFSET_MASK)));
-+ }
-+ else
-+ {
-+ /* Create a new segment for the common page with the combined protection. */
-+ Log2(("supLoadModuleCompileSegmentsCB: -> it's complicated...\n"));
-+ pArgs->uEndRva &= ~(uint32_t)PAGE_OFFSET_MASK;
-+ if (pArgs->uEndRva > pArgs->uStartRva)
-+ {
-+ Log2(("supLoadModuleCompileSegmentsCB: SUP Seg #%u: %#x LB %#x prot %#x\n",
-+ pArgs->iSegs, pArgs->uStartRva, pArgs->uEndRva - pArgs->uStartRva, pArgs->fProt));
-+ if (pArgs->paSegs)
-+ {
-+ AssertReturn(pArgs->iSegs < pArgs->cSegsAlloc, VERR_INTERNAL_ERROR_5);
-+ pArgs->paSegs[pArgs->iSegs].off = pArgs->uStartRva;
-+ pArgs->paSegs[pArgs->iSegs].cb = pArgs->uEndRva - pArgs->uStartRva;
-+ pArgs->paSegs[pArgs->iSegs].fProt = pArgs->fProt;
-+ pArgs->paSegs[pArgs->iSegs].fUnused = 0;
-+ }
-+ pArgs->iSegs++;
-+ pArgs->uStartRva = pArgs->uEndRva;
-+ }
-+ pArgs->fProt |= fProt;
-+
-+ uint32_t const cbCommon = PAGE_SIZE - (uRvaSeg & PAGE_OFFSET_MASK);
-+ if (cbCommon >= cbMapped)
-+ {
-+ fProt |= pArgs->fProt;
-+ pArgs->uEndRva = uRvaSeg + cbMapped;
-+ return VINF_SUCCESS; /* New segment was smaller than a page. */
-+ }
-+ cbMapped -= cbCommon;
-+ uRvaSeg += cbCommon;
-+ Assert(uRvaSeg - pArgs->uStartRva == PAGE_SIZE);
-+ }
-+
-+ /* The current segment should end where the new one starts, no gaps. */
-+ pArgs->uEndRva = uRvaSeg;
-+
-+ /* Emit the current segment */
-+ Log2(("supLoadModuleCompileSegmentsCB: SUP Seg #%u: %#x LB %#x prot %#x\n",
-+ pArgs->iSegs, pArgs->uStartRva, pArgs->uEndRva - pArgs->uStartRva, pArgs->fProt));
-+ if (pArgs->paSegs)
-+ {
-+ AssertReturn(pArgs->iSegs < pArgs->cSegsAlloc, VERR_INTERNAL_ERROR_5);
-+ pArgs->paSegs[pArgs->iSegs].off = pArgs->uStartRva;
-+ pArgs->paSegs[pArgs->iSegs].cb = pArgs->uEndRva - pArgs->uStartRva;
-+ pArgs->paSegs[pArgs->iSegs].fProt = pArgs->fProt;
-+ pArgs->paSegs[pArgs->iSegs].fUnused = 0;
-+ }
-+ pArgs->iSegs++;
-+ }
-+ /* else: current segment is empty */
-+
-+ /* Start the new segment. */
-+ Assert(!(uRvaSeg & PAGE_OFFSET_MASK));
-+ pArgs->fProt = fProt;
-+ pArgs->uStartRva = uRvaSeg;
-+ pArgs->uEndRva = uRvaSeg + cbMapped;
-+ return VINF_SUCCESS;
-+}
-+
-+
-+/**
-+ * Worker for supLoadModule().
-+ */
-+static int supLoadModuleInner(RTLDRMOD hLdrMod, PSUPLDRLOAD pLoadReq, uint32_t cbImageWithEverything,
-+ RTR0PTR uImageBase, size_t cbImage, const char *pszModule, const char *pszFilename,
-+ bool fNativeLoader, bool fIsVMMR0, const char *pszSrvReqHandler,
-+ uint32_t offSymTab, uint32_t cSymbols,
-+ uint32_t offStrTab, size_t cbStrTab,
-+ uint32_t offSegTab, uint32_t cSegments,
-+ PRTERRINFO pErrInfo)
-+{
-+ /*
-+ * Get the image bits.
-+ */
-+ SUPLDRRESIMPARGS Args = { pszModule, pErrInfo };
-+ int rc = RTLdrGetBits(hLdrMod, &pLoadReq->u.In.abImage[0], uImageBase, supLoadModuleResolveImport, &Args);
-+ if (RT_FAILURE(rc))
-+ {
-+ LogRel(("SUP: RTLdrGetBits failed for %s (%s). rc=%Rrc\n", pszModule, pszFilename, rc));
-+ if (!RTErrInfoIsSet(pErrInfo))
-+ RTErrInfoSetF(pErrInfo, rc, "RTLdrGetBits failed");
-+ return rc;
-+ }
-+
-+ /*
-+ * Get the entry points.
-+ */
-+ RTUINTPTR VMMR0EntryFast = 0;
-+ RTUINTPTR VMMR0EntryEx = 0;
-+ RTUINTPTR SrvReqHandler = 0;
-+ RTUINTPTR ModuleInit = 0;
-+ RTUINTPTR ModuleTerm = 0;
-+ const char *pszEp = NULL;
-+ if (fIsVMMR0)
-+ {
-+ rc = RTLdrGetSymbolEx(hLdrMod, &pLoadReq->u.In.abImage[0], uImageBase,
-+ UINT32_MAX, pszEp = "VMMR0EntryFast", &VMMR0EntryFast);
-+ if (RT_SUCCESS(rc))
-+ rc = RTLdrGetSymbolEx(hLdrMod, &pLoadReq->u.In.abImage[0], uImageBase,
-+ UINT32_MAX, pszEp = "VMMR0EntryEx", &VMMR0EntryEx);
-+ }
-+ else if (pszSrvReqHandler)
-+ rc = RTLdrGetSymbolEx(hLdrMod, &pLoadReq->u.In.abImage[0], uImageBase,
-+ UINT32_MAX, pszEp = pszSrvReqHandler, &SrvReqHandler);
-+ if (RT_SUCCESS(rc))
-+ {
-+ int rc2 = RTLdrGetSymbolEx(hLdrMod, &pLoadReq->u.In.abImage[0], uImageBase,
-+ UINT32_MAX, pszEp = "ModuleInit", &ModuleInit);
-+ if (RT_FAILURE(rc2))
-+ ModuleInit = 0;
-+
-+ rc2 = RTLdrGetSymbolEx(hLdrMod, &pLoadReq->u.In.abImage[0], uImageBase,
-+ UINT32_MAX, pszEp = "ModuleTerm", &ModuleTerm);
-+ if (RT_FAILURE(rc2))
-+ ModuleTerm = 0;
-+ }
-+ if (RT_FAILURE(rc))
-+ {
-+ LogRel(("SUP: Failed to get entry point '%s' for %s (%s) rc=%Rrc\n", pszEp, pszModule, pszFilename, rc));
-+ return RTErrInfoSetF(pErrInfo, rc, "Failed to resolve entry point '%s'", pszEp);
-+ }
-+
-+ /*
-+ * Create the symbol and string tables.
-+ */
-+ SUPLDRCREATETABSARGS CreateArgs;
-+ CreateArgs.cbImage = cbImage;
-+ CreateArgs.pSym = (PSUPLDRSYM)&pLoadReq->u.In.abImage[offSymTab];
-+ CreateArgs.pszBase = (char *)&pLoadReq->u.In.abImage[offStrTab];
-+ CreateArgs.psz = CreateArgs.pszBase;
-+ rc = RTLdrEnumSymbols(hLdrMod, 0, NULL, 0, supLoadModuleCreateTabsCB, &CreateArgs);
-+ if (RT_FAILURE(rc))
-+ {
-+ LogRel(("SUP: RTLdrEnumSymbols failed for %s (%s) rc=%Rrc\n", pszModule, pszFilename, rc));
-+ return RTErrInfoSetF(pErrInfo, rc, "RTLdrEnumSymbols #2 failed");
-+ }
-+ AssertRelease((size_t)(CreateArgs.psz - CreateArgs.pszBase) <= cbStrTab);
-+ AssertRelease((size_t)(CreateArgs.pSym - (PSUPLDRSYM)&pLoadReq->u.In.abImage[offSymTab]) <= cSymbols);
-+
-+ /*
-+ * Create the segment table.
-+ */
-+ SUPLDRCOMPSEGTABARGS SegArgs;
-+ SegArgs.uStartRva = 0;
-+ SegArgs.uEndRva = 0;
-+ SegArgs.fProt = RTMEM_PROT_READ;
-+ SegArgs.iSegs = 0;
-+ SegArgs.cSegsAlloc = cSegments;
-+ SegArgs.paSegs = (PSUPLDRSEG)&pLoadReq->u.In.abImage[offSegTab];
-+ SegArgs.pErrInfo = pErrInfo;
-+ rc = RTLdrEnumSegments(hLdrMod, supLoadModuleCompileSegmentsCB, &SegArgs);
-+ if (RT_FAILURE(rc))
-+ {
-+ LogRel(("SUP: RTLdrEnumSegments failed for %s (%s) rc=%Rrc\n", pszModule, pszFilename, rc));
-+ return RTErrInfoSetF(pErrInfo, rc, "RTLdrEnumSegments #2 failed");
-+ }
-+ SegArgs.uEndRva = (uint32_t)cbImage;
-+ AssertReturn(SegArgs.uEndRva == cbImage, VERR_OUT_OF_RANGE);
-+ if (SegArgs.uEndRva > SegArgs.uStartRva)
-+ {
-+ SegArgs.paSegs[SegArgs.iSegs].off = SegArgs.uStartRva;
-+ SegArgs.paSegs[SegArgs.iSegs].cb = SegArgs.uEndRva - SegArgs.uStartRva;
-+ SegArgs.paSegs[SegArgs.iSegs].fProt = SegArgs.fProt;
-+ SegArgs.paSegs[SegArgs.iSegs].fUnused = 0;
-+ SegArgs.iSegs++;
-+ }
-+ for (uint32_t i = 0; i < SegArgs.iSegs; i++)
-+ LogRel(("SUP: seg #%u: %c%c%c %#010RX32 LB %#010RX32\n", i, /** @todo LogRel2 */
-+ SegArgs.paSegs[i].fProt & SUPLDR_PROT_READ ? 'R' : ' ',
-+ SegArgs.paSegs[i].fProt & SUPLDR_PROT_WRITE ? 'W' : ' ',
-+ SegArgs.paSegs[i].fProt & SUPLDR_PROT_EXEC ? 'X' : ' ',
-+ SegArgs.paSegs[i].off, SegArgs.paSegs[i].cb));
-+ AssertRelease(SegArgs.iSegs == cSegments);
-+ AssertRelease(SegArgs.cSegsAlloc == cSegments);
-+
-+ /*
-+ * Upload the image.
-+ */
-+ pLoadReq->Hdr.u32Cookie = g_u32Cookie;
-+ pLoadReq->Hdr.u32SessionCookie = g_u32SessionCookie;
-+ pLoadReq->Hdr.cbIn = SUP_IOCTL_LDR_LOAD_SIZE_IN(cbImageWithEverything);
-+ pLoadReq->Hdr.cbOut = SUP_IOCTL_LDR_LOAD_SIZE_OUT;
-+ pLoadReq->Hdr.fFlags = SUPREQHDR_FLAGS_MAGIC | SUPREQHDR_FLAGS_EXTRA_IN;
-+ pLoadReq->Hdr.rc = VERR_INTERNAL_ERROR;
-+
-+ pLoadReq->u.In.pfnModuleInit = (RTR0PTR)ModuleInit;
-+ pLoadReq->u.In.pfnModuleTerm = (RTR0PTR)ModuleTerm;
-+ if (fIsVMMR0)
-+ {
-+ pLoadReq->u.In.eEPType = SUPLDRLOADEP_VMMR0;
-+ pLoadReq->u.In.EP.VMMR0.pvVMMR0 = uImageBase;
-+ pLoadReq->u.In.EP.VMMR0.pvVMMR0EntryFast= (RTR0PTR)VMMR0EntryFast;
-+ pLoadReq->u.In.EP.VMMR0.pvVMMR0EntryEx = (RTR0PTR)VMMR0EntryEx;
-+ }
-+ else if (pszSrvReqHandler)
-+ {
-+ pLoadReq->u.In.eEPType = SUPLDRLOADEP_SERVICE;
-+ pLoadReq->u.In.EP.Service.pfnServiceReq = (RTR0PTR)SrvReqHandler;
-+ pLoadReq->u.In.EP.Service.apvReserved[0] = NIL_RTR0PTR;
-+ pLoadReq->u.In.EP.Service.apvReserved[1] = NIL_RTR0PTR;
-+ pLoadReq->u.In.EP.Service.apvReserved[2] = NIL_RTR0PTR;
-+ }
-+ else
-+ pLoadReq->u.In.eEPType = SUPLDRLOADEP_NOTHING;
-+ pLoadReq->u.In.offStrTab = offStrTab;
-+ pLoadReq->u.In.cbStrTab = (uint32_t)cbStrTab;
-+ AssertRelease(pLoadReq->u.In.cbStrTab == cbStrTab);
-+ pLoadReq->u.In.cbImageBits = (uint32_t)cbImage;
-+ pLoadReq->u.In.offSymbols = offSymTab;
-+ pLoadReq->u.In.cSymbols = cSymbols;
-+ pLoadReq->u.In.offSegments = offSegTab;
-+ pLoadReq->u.In.cSegments = cSegments;
-+ pLoadReq->u.In.cbImageWithEverything = cbImageWithEverything;
-+ pLoadReq->u.In.pvImageBase = uImageBase;
-+ if (!g_uSupFakeMode)
-+ {
-+ rc = suplibOsIOCtl(&g_supLibData, SUP_IOCTL_LDR_LOAD, pLoadReq, SUP_IOCTL_LDR_LOAD_SIZE(cbImageWithEverything));
-+ if (RT_SUCCESS(rc))
-+ rc = pLoadReq->Hdr.rc;
-+ else
-+ LogRel(("SUP: SUP_IOCTL_LDR_LOAD ioctl for %s (%s) failed rc=%Rrc\n", pszModule, pszFilename, rc));
-+ }
-+ else
-+ rc = VINF_SUCCESS;
-+ if ( RT_SUCCESS(rc)
-+ || rc == VERR_ALREADY_LOADED /* A competing process. */
-+ )
-+ {
-+ LogRel(("SUP: Loaded %s (%s) at %#RKv - ModuleInit at %RKv and ModuleTerm at %RKv%s\n",
-+ pszModule, pszFilename, uImageBase, (RTR0PTR)ModuleInit, (RTR0PTR)ModuleTerm,
-+ fNativeLoader ? " using the native ring-0 loader" : ""));
-+ if (fIsVMMR0)
-+ {
-+ g_pvVMMR0 = uImageBase;
-+ LogRel(("SUP: VMMR0EntryEx located at %RKv and VMMR0EntryFast at %RKv\n", (RTR0PTR)VMMR0EntryEx, (RTR0PTR)VMMR0EntryFast));
-+ }
-+#ifdef RT_OS_WINDOWS
-+ LogRel(("SUP: windbg> .reload /f %s=%#RKv\n", pszFilename, uImageBase));
-+#endif
-+ return VINF_SUCCESS;
-+ }
-+
-+ /*
-+ * Failed, bail out.
-+ */
-+ LogRel(("SUP: Loading failed for %s (%s) rc=%Rrc\n", pszModule, pszFilename, rc));
-+ if ( pLoadReq->u.Out.uErrorMagic == SUPLDRLOAD_ERROR_MAGIC
-+ && pLoadReq->u.Out.szError[0] != '\0')
-+ {
-+ LogRel(("SUP: %s\n", pLoadReq->u.Out.szError));
-+ return RTErrInfoSet(pErrInfo, rc, pLoadReq->u.Out.szError);
-+ }
-+ return RTErrInfoSet(pErrInfo, rc, "SUP_IOCTL_LDR_LOAD failed");
-+}
-+
-+
- /**
- * Worker for SUPR3LoadModule().
- *
-@@ -356,6 +722,7 @@ static int supLoadModule(const char *psz
- AssertPtrReturn(pszFilename, VERR_INVALID_PARAMETER);
- AssertPtrReturn(pszModule, VERR_INVALID_PARAMETER);
- AssertPtrReturn(ppvImageBase, VERR_INVALID_PARAMETER);
-+ /** @todo abspath it right into SUPLDROPEN */
- AssertReturn(strlen(pszModule) < RT_SIZEOFMEMB(SUPLDROPEN, u.In.szName), VERR_FILENAME_TOO_LONG);
- char szAbsFilename[RT_SIZEOFMEMB(SUPLDROPEN, u.In.szFilename)];
- rc = RTPathAbs(pszFilename, szAbsFilename, sizeof(szAbsFilename));
-@@ -371,8 +738,8 @@ static int supLoadModule(const char *psz
- * Open image file and figure its size.
- */
- RTLDRMOD hLdrMod;
-- rc = RTLdrOpen(pszFilename, 0, RTLDRARCH_HOST, &hLdrMod);
-- if (!RT_SUCCESS(rc))
-+ rc = RTLdrOpenEx(pszFilename, 0 /*fFlags*/, RTLDRARCH_HOST, &hLdrMod, pErrInfo);
-+ if (RT_FAILURE(rc))
- {
- LogRel(("SUP: RTLdrOpen failed for %s (%s) %Rrc\n", pszModule, pszFilename, rc));
- return rc;
-@@ -385,230 +752,109 @@ static int supLoadModule(const char *psz
- rc = RTLdrEnumSymbols(hLdrMod, 0, NULL, 0, supLoadModuleCalcSizeCB, &CalcArgs);
- if (RT_SUCCESS(rc))
- {
-- const uint32_t offSymTab = RT_ALIGN_32(CalcArgs.cbImage, 8);
-- const uint32_t offStrTab = offSymTab + CalcArgs.cSymbols * sizeof(SUPLDRSYM);
-- const uint32_t cbImageWithTabs = RT_ALIGN_32(offStrTab + CalcArgs.cbStrings, 8);
--
- /*
-- * Open the R0 image.
-+ * Figure out the number of segments needed first.
- */
-- SUPLDROPEN OpenReq;
-- OpenReq.Hdr.u32Cookie = g_u32Cookie;
-- OpenReq.Hdr.u32SessionCookie = g_u32SessionCookie;
-- OpenReq.Hdr.cbIn = SUP_IOCTL_LDR_OPEN_SIZE_IN;
-- OpenReq.Hdr.cbOut = SUP_IOCTL_LDR_OPEN_SIZE_OUT;
-- OpenReq.Hdr.fFlags = SUPREQHDR_FLAGS_DEFAULT;
-- OpenReq.Hdr.rc = VERR_INTERNAL_ERROR;
-- OpenReq.u.In.cbImageWithTabs = cbImageWithTabs;
-- OpenReq.u.In.cbImageBits = (uint32_t)CalcArgs.cbImage;
-- strcpy(OpenReq.u.In.szName, pszModule);
-- strcpy(OpenReq.u.In.szFilename, pszFilename);
-- if (!g_uSupFakeMode)
-- {
-- rc = suplibOsIOCtl(&g_supLibData, SUP_IOCTL_LDR_OPEN, &OpenReq, SUP_IOCTL_LDR_OPEN_SIZE);
-- if (RT_SUCCESS(rc))
-- rc = OpenReq.Hdr.rc;
-- }
-- else
-- {
-- OpenReq.u.Out.fNeedsLoading = true;
-- OpenReq.u.Out.pvImageBase = 0xef423420;
-- }
-- *ppvImageBase = (void *)OpenReq.u.Out.pvImageBase;
-- if ( RT_SUCCESS(rc)
-- && OpenReq.u.Out.fNeedsLoading)
-+ SUPLDRCOMPSEGTABARGS SegArgs;
-+ SegArgs.uStartRva = 0;
-+ SegArgs.uEndRva = 0;
-+ SegArgs.fProt = RTMEM_PROT_READ;
-+ SegArgs.iSegs = 0;
-+ SegArgs.cSegsAlloc = 0;
-+ SegArgs.paSegs = NULL;
-+ SegArgs.pErrInfo = pErrInfo;
-+ rc = RTLdrEnumSegments(hLdrMod, supLoadModuleCompileSegmentsCB, &SegArgs);
-+ if (RT_SUCCESS(rc))
- {
-+ Assert(SegArgs.uEndRva <= RTLdrSize(hLdrMod));
-+ SegArgs.uEndRva = (uint32_t)CalcArgs.cbImage; /* overflow is checked later */
-+ if (SegArgs.uEndRva > SegArgs.uStartRva)
-+ {
-+ Log2(("supLoadModule: SUP Seg #%u: %#x LB %#x prot %#x\n",
-+ SegArgs.iSegs, SegArgs.uStartRva, SegArgs.uEndRva - SegArgs.uStartRva, SegArgs.fProt));
-+ SegArgs.iSegs++;
-+ }
-+
-+ const uint32_t offSymTab = RT_ALIGN_32(CalcArgs.cbImage, 8);
-+ const uint32_t offStrTab = offSymTab + CalcArgs.cSymbols * sizeof(SUPLDRSYM);
-+ const uint32_t offSegTab = RT_ALIGN_32(offStrTab + CalcArgs.cbStrings, 8);
-+ const uint32_t cbImageWithEverything = RT_ALIGN_32(offSegTab + sizeof(SUPLDRSEG) * SegArgs.iSegs, 8);
-+
- /*
-- * We need to load it.
-- * Allocate memory for the image bits.
-+ * Open the R0 image.
- */
-- PSUPLDRLOAD pLoadReq = (PSUPLDRLOAD)RTMemTmpAlloc(SUP_IOCTL_LDR_LOAD_SIZE(cbImageWithTabs));
-- if (pLoadReq)
-+ SUPLDROPEN OpenReq;
-+ OpenReq.Hdr.u32Cookie = g_u32Cookie;
-+ OpenReq.Hdr.u32SessionCookie = g_u32SessionCookie;
-+ OpenReq.Hdr.cbIn = SUP_IOCTL_LDR_OPEN_SIZE_IN;
-+ OpenReq.Hdr.cbOut = SUP_IOCTL_LDR_OPEN_SIZE_OUT;
-+ OpenReq.Hdr.fFlags = SUPREQHDR_FLAGS_DEFAULT;
-+ OpenReq.Hdr.rc = VERR_INTERNAL_ERROR;
-+ OpenReq.u.In.cbImageWithEverything = cbImageWithEverything;
-+ OpenReq.u.In.cbImageBits = (uint32_t)CalcArgs.cbImage;
-+ strcpy(OpenReq.u.In.szName, pszModule);
-+ strcpy(OpenReq.u.In.szFilename, pszFilename);
-+ if (!g_uSupFakeMode)
-+ {
-+ rc = suplibOsIOCtl(&g_supLibData, SUP_IOCTL_LDR_OPEN, &OpenReq, SUP_IOCTL_LDR_OPEN_SIZE);
-+ if (RT_SUCCESS(rc))
-+ rc = OpenReq.Hdr.rc;
-+ }
-+ else
-+ {
-+ OpenReq.u.Out.fNeedsLoading = true;
-+ OpenReq.u.Out.pvImageBase = 0xef423420;
-+ }
-+ *ppvImageBase = (void *)OpenReq.u.Out.pvImageBase;
-+ if ( RT_SUCCESS(rc)
-+ && OpenReq.u.Out.fNeedsLoading)
- {
- /*
-- * Get the image bits.
-+ * We need to load it.
-+ *
-+ * Allocate the request and pass it to an inner work function
-+ * that populates it and sends it off to the driver.
- */
--
-- SUPLDRRESIMPARGS Args = { pszModule, pErrInfo };
-- rc = RTLdrGetBits(hLdrMod, &pLoadReq->u.In.abImage[0], (uintptr_t)OpenReq.u.Out.pvImageBase,
-- supLoadModuleResolveImport, &Args);
--
-- if (RT_SUCCESS(rc))
-+ const uint32_t cbLoadReq = SUP_IOCTL_LDR_LOAD_SIZE(cbImageWithEverything);
-+ PSUPLDRLOAD pLoadReq = (PSUPLDRLOAD)RTMemTmpAlloc(cbLoadReq);
-+ if (pLoadReq)
- {
-- /*
-- * Get the entry points.
-- */
-- RTUINTPTR VMMR0EntryFast = 0;
-- RTUINTPTR VMMR0EntryEx = 0;
-- RTUINTPTR SrvReqHandler = 0;
-- RTUINTPTR ModuleInit = 0;
-- RTUINTPTR ModuleTerm = 0;
-- const char *pszEp = NULL;
-- if (fIsVMMR0)
-- {
-- rc = RTLdrGetSymbolEx(hLdrMod, &pLoadReq->u.In.abImage[0], (uintptr_t)OpenReq.u.Out.pvImageBase,
-- UINT32_MAX, pszEp = "VMMR0EntryFast", &VMMR0EntryFast);
-- if (RT_SUCCESS(rc))
-- rc = RTLdrGetSymbolEx(hLdrMod, &pLoadReq->u.In.abImage[0], (uintptr_t)OpenReq.u.Out.pvImageBase,
-- UINT32_MAX, pszEp = "VMMR0EntryEx", &VMMR0EntryEx);
-- }
-- else if (pszSrvReqHandler)
-- rc = RTLdrGetSymbolEx(hLdrMod, &pLoadReq->u.In.abImage[0], (uintptr_t)OpenReq.u.Out.pvImageBase,
-- UINT32_MAX, pszEp = pszSrvReqHandler, &SrvReqHandler);
-- if (RT_SUCCESS(rc))
-- {
-- int rc2 = RTLdrGetSymbolEx(hLdrMod, &pLoadReq->u.In.abImage[0], (uintptr_t)OpenReq.u.Out.pvImageBase,
-- UINT32_MAX, pszEp = "ModuleInit", &ModuleInit);
-- if (RT_FAILURE(rc2))
-- ModuleInit = 0;
--
-- rc2 = RTLdrGetSymbolEx(hLdrMod, &pLoadReq->u.In.abImage[0], (uintptr_t)OpenReq.u.Out.pvImageBase,
-- UINT32_MAX, pszEp = "ModuleTerm", &ModuleTerm);
-- if (RT_FAILURE(rc2))
-- ModuleTerm = 0;
-- }
-- if (RT_SUCCESS(rc))
-- {
-- /*
-- * Create the symbol and string tables.
-- */
-- SUPLDRCREATETABSARGS CreateArgs;
-- CreateArgs.cbImage = CalcArgs.cbImage;
-- CreateArgs.pSym = (PSUPLDRSYM)&pLoadReq->u.In.abImage[offSymTab];
-- CreateArgs.pszBase = (char *)&pLoadReq->u.In.abImage[offStrTab];
-- CreateArgs.psz = CreateArgs.pszBase;
-- rc = RTLdrEnumSymbols(hLdrMod, 0, NULL, 0, supLoadModuleCreateTabsCB, &CreateArgs);
-- if (RT_SUCCESS(rc))
-- {
-- AssertRelease((size_t)(CreateArgs.psz - CreateArgs.pszBase) <= CalcArgs.cbStrings);
-- AssertRelease((size_t)(CreateArgs.pSym - (PSUPLDRSYM)&pLoadReq->u.In.abImage[offSymTab]) <= CalcArgs.cSymbols);
--
-- /*
-- * Upload the image.
-- */
-- pLoadReq->Hdr.u32Cookie = g_u32Cookie;
-- pLoadReq->Hdr.u32SessionCookie = g_u32SessionCookie;
-- pLoadReq->Hdr.cbIn = SUP_IOCTL_LDR_LOAD_SIZE_IN(cbImageWithTabs);
-- pLoadReq->Hdr.cbOut = SUP_IOCTL_LDR_LOAD_SIZE_OUT;
-- pLoadReq->Hdr.fFlags = SUPREQHDR_FLAGS_MAGIC | SUPREQHDR_FLAGS_EXTRA_IN;
-- pLoadReq->Hdr.rc = VERR_INTERNAL_ERROR;
--
-- pLoadReq->u.In.pfnModuleInit = (RTR0PTR)ModuleInit;
-- pLoadReq->u.In.pfnModuleTerm = (RTR0PTR)ModuleTerm;
-- if (fIsVMMR0)
-- {
-- pLoadReq->u.In.eEPType = SUPLDRLOADEP_VMMR0;
-- pLoadReq->u.In.EP.VMMR0.pvVMMR0 = OpenReq.u.Out.pvImageBase;
-- pLoadReq->u.In.EP.VMMR0.pvVMMR0EntryFast= (RTR0PTR)VMMR0EntryFast;
-- pLoadReq->u.In.EP.VMMR0.pvVMMR0EntryEx = (RTR0PTR)VMMR0EntryEx;
-- }
-- else if (pszSrvReqHandler)
-- {
-- pLoadReq->u.In.eEPType = SUPLDRLOADEP_SERVICE;
-- pLoadReq->u.In.EP.Service.pfnServiceReq = (RTR0PTR)SrvReqHandler;
-- pLoadReq->u.In.EP.Service.apvReserved[0] = NIL_RTR0PTR;
-- pLoadReq->u.In.EP.Service.apvReserved[1] = NIL_RTR0PTR;
-- pLoadReq->u.In.EP.Service.apvReserved[2] = NIL_RTR0PTR;
-- }
-- else
-- pLoadReq->u.In.eEPType = SUPLDRLOADEP_NOTHING;
-- pLoadReq->u.In.offStrTab = offStrTab;
-- pLoadReq->u.In.cbStrTab = (uint32_t)CalcArgs.cbStrings;
-- AssertRelease(pLoadReq->u.In.cbStrTab == CalcArgs.cbStrings);
-- pLoadReq->u.In.cbImageBits = (uint32_t)CalcArgs.cbImage;
-- pLoadReq->u.In.offSymbols = offSymTab;
-- pLoadReq->u.In.cSymbols = CalcArgs.cSymbols;
-- pLoadReq->u.In.cbImageWithTabs = cbImageWithTabs;
-- pLoadReq->u.In.pvImageBase = OpenReq.u.Out.pvImageBase;
-- if (!g_uSupFakeMode)
-- {
-- rc = suplibOsIOCtl(&g_supLibData, SUP_IOCTL_LDR_LOAD, pLoadReq, SUP_IOCTL_LDR_LOAD_SIZE(cbImageWithTabs));
-- if (RT_SUCCESS(rc))
-- rc = pLoadReq->Hdr.rc;
-- else
-- LogRel(("SUP: SUP_IOCTL_LDR_LOAD ioctl for %s (%s) failed rc=%Rrc\n", pszModule, pszFilename, rc));
-- }
-- else
-- rc = VINF_SUCCESS;
-- if ( RT_SUCCESS(rc)
-- || rc == VERR_ALREADY_LOADED /* A competing process. */
-- )
-- {
-- LogRel(("SUP: Loaded %s (%s) at %#RKv - ModuleInit at %RKv and ModuleTerm at %RKv%s\n",
-- pszModule, pszFilename, OpenReq.u.Out.pvImageBase, (RTR0PTR)ModuleInit, (RTR0PTR)ModuleTerm,
-- OpenReq.u.Out.fNativeLoader ? " using the native ring-0 loader" : ""));
-- if (fIsVMMR0)
-- {
-- g_pvVMMR0 = OpenReq.u.Out.pvImageBase;
-- LogRel(("SUP: VMMR0EntryEx located at %RKv and VMMR0EntryFast at %RKv\n", (RTR0PTR)VMMR0EntryEx, (RTR0PTR)VMMR0EntryFast));
-- }
--#ifdef RT_OS_WINDOWS
-- LogRel(("SUP: windbg> .reload /f %s=%#RKv\n", pszFilename, OpenReq.u.Out.pvImageBase));
--#endif
--
-- RTMemTmpFree(pLoadReq);
-- RTLdrClose(hLdrMod);
-- return VINF_SUCCESS;
-- }
--
-- /*
-- * Failed, bail out.
-- */
-- LogRel(("SUP: Loading failed for %s (%s) rc=%Rrc\n", pszModule, pszFilename, rc));
-- if ( pLoadReq->u.Out.uErrorMagic == SUPLDRLOAD_ERROR_MAGIC
-- && pLoadReq->u.Out.szError[0] != '\0')
-- {
-- LogRel(("SUP: %s\n", pLoadReq->u.Out.szError));
-- RTErrInfoSet(pErrInfo, rc, pLoadReq->u.Out.szError);
-- }
-- else
-- RTErrInfoSet(pErrInfo, rc, "SUP_IOCTL_LDR_LOAD failed");
-- }
-- else
-- {
-- LogRel(("SUP: RTLdrEnumSymbols failed for %s (%s) rc=%Rrc\n", pszModule, pszFilename, rc));
-- RTErrInfoSetF(pErrInfo, rc, "RTLdrEnumSymbols #2 failed");
-- }
-- }
-- else
-- {
-- LogRel(("SUP: Failed to get entry point '%s' for %s (%s) rc=%Rrc\n", pszEp, pszModule, pszFilename, rc));
-- RTErrInfoSetF(pErrInfo, rc, "Failed to resolve entry point '%s'", pszEp);
-- }
-+ rc = supLoadModuleInner(hLdrMod, pLoadReq, cbImageWithEverything, OpenReq.u.Out.pvImageBase, CalcArgs.cbImage,
-+ pszModule, pszFilename, OpenReq.u.Out.fNativeLoader, fIsVMMR0, pszSrvReqHandler,
-+ offSymTab, CalcArgs.cSymbols,
-+ offStrTab, CalcArgs.cbStrings,
-+ offSegTab, SegArgs.iSegs,
-+ pErrInfo);
-+ RTMemTmpFree(pLoadReq);
- }
- else
- {
-- LogRel(("SUP: RTLdrGetBits failed for %s (%s). rc=%Rrc\n", pszModule, pszFilename, rc));
-- if (!RTErrInfoIsSet(pErrInfo))
-- RTErrInfoSetF(pErrInfo, rc, "RTLdrGetBits failed");
-+ AssertMsgFailed(("failed to allocated %u bytes for SUPLDRLOAD_IN structure!\n", SUP_IOCTL_LDR_LOAD_SIZE(cbImageWithEverything)));
-+ rc = RTErrInfoSetF(pErrInfo, VERR_NO_TMP_MEMORY, "Failed to allocate %u bytes for the load request",
-+ SUP_IOCTL_LDR_LOAD_SIZE(cbImageWithEverything));
- }
-- RTMemTmpFree(pLoadReq);
- }
-- else
-+ /*
-+ * Already loaded?
-+ */
-+ else if (RT_SUCCESS(rc))
- {
-- AssertMsgFailed(("failed to allocated %u bytes for SUPLDRLOAD_IN structure!\n", SUP_IOCTL_LDR_LOAD_SIZE(cbImageWithTabs)));
-- rc = VERR_NO_TMP_MEMORY;
-- RTErrInfoSetF(pErrInfo, rc, "Failed to allocate %u bytes for the load request", SUP_IOCTL_LDR_LOAD_SIZE(cbImageWithTabs));
-- }
-- }
-- /*
-- * Already loaded?
-- */
-- else if (RT_SUCCESS(rc))
-- {
-- if (fIsVMMR0)
-- g_pvVMMR0 = OpenReq.u.Out.pvImageBase;
-- LogRel(("SUP: Opened %s (%s) at %#RKv%s.\n", pszModule, pszFilename, OpenReq.u.Out.pvImageBase,
-- OpenReq.u.Out.fNativeLoader ? " loaded by the native ring-0 loader" : ""));
-+ if (fIsVMMR0)
-+ g_pvVMMR0 = OpenReq.u.Out.pvImageBase;
-+ LogRel(("SUP: Opened %s (%s) at %#RKv%s.\n", pszModule, pszFilename, OpenReq.u.Out.pvImageBase,
-+ OpenReq.u.Out.fNativeLoader ? " loaded by the native ring-0 loader" : ""));
- #ifdef RT_OS_WINDOWS
-- LogRel(("SUP: windbg> .reload /f %s=%#RKv\n", pszFilename, OpenReq.u.Out.pvImageBase));
-+ LogRel(("SUP: windbg> .reload /f %s=%#RKv\n", pszFilename, OpenReq.u.Out.pvImageBase));
- #endif
-+ }
-+ /*
-+ * No, failed.
-+ */
-+ else
-+ RTErrInfoSet(pErrInfo, rc, "SUP_IOCTL_LDR_OPEN failed");
- }
-- /*
-- * No, failed.
-- */
-- else
-- RTErrInfoSet(pErrInfo, rc, "SUP_IOCTL_LDR_OPEN failed");
-+ else if (!RTErrInfoIsSet(pErrInfo) && pErrInfo)
-+ RTErrInfoSetF(pErrInfo, rc, "RTLdrEnumSegments #1 failed");
- }
- else
- RTErrInfoSetF(pErrInfo, rc, "RTLdrEnumSymbols #1 failed");
-@@ -682,10 +928,10 @@ SUPR3DECL(int) SUPR3GetSymbolR0(void *pv
- }
-
-
--SUPR3DECL(int) SUPR3LoadVMM(const char *pszFilename)
-+SUPR3DECL(int) SUPR3LoadVMM(const char *pszFilename, PRTERRINFO pErrInfo)
- {
- void *pvImageBase;
-- return SUPR3LoadModule(pszFilename, "VMMR0.r0", &pvImageBase, NULL /*pErrInfo*/);
-+ return SUPR3LoadModule(pszFilename, "VMMR0.r0", &pvImageBase, pErrInfo);
- }
-
-
---- a/src/VBox/HostDrivers/Support/testcase/tstInt.cpp
-+++ b/src/VBox/HostDrivers/Support/testcase/tstInt.cpp
-@@ -76,7 +76,8 @@ int main(int argc, char **argv)
- /*
- * Load VMM code.
- */
-- rc = SUPR3LoadVMM(szAbsFile);
-+ RTERRINFOSTATIC ErrInfo;
-+ rc = SUPR3LoadVMM(szAbsFile, RTErrInfoInitStatic(&ErrInfo));
- if (RT_SUCCESS(rc))
- {
- /*
-@@ -208,7 +209,7 @@ int main(int argc, char **argv)
- }
- else
- {
-- RTPrintf("tstInt: SUPR3LoadVMM failed with rc=%Rrc\n", rc);
-+ RTPrintf("tstInt: SUPR3LoadVMM failed with rc=%Rrc%#RTeim\n", rc, &ErrInfo.Core);
- rcRet++;
- }
-
---- a/src/VBox/Devices/Makefile.kmk
-+++ b/src/VBox/Devices/Makefile.kmk
-@@ -52,7 +52,7 @@ if !defined(VBOX_ONLY_EXTPACKS)
- if1of ($(KBUILD_TARGET_ARCH), $(VBOX_SUPPORTED_HOST_ARCHS))
- LIBRARIES += ServicesR0
- DLLS += VBoxDDU VBoxDD VBoxDD2
-- SYSMODS += VBoxDDR0
-+ $(if-expr defined(VBOX_WITH_VBOXR0_AS_DLL),DLLS,SYSMODS) += VBoxDDR0
- ifdef VBOX_WITH_RAW_MODE
- SYSMODS += VBoxDDRC
- endif
-@@ -1370,7 +1370,7 @@ if defined(VBOX_WITH_EXTPACK) && defined
- USB/DevXHCI.cpp
- $(call VBOX_SET_VER_INFO_DLL,VBoxEhciR3,PUEL Extension Pack - EHCI Device)
-
-- SYSMODS += VBoxEhciR0
-+ $(if-expr defined(VBOX_WITH_VBOXR0_AS_DLL),DLLS,SYSMODS) += VBoxEhciR0
- VBoxEhciR0_TEMPLATE = VBoxR0ExtPackPuel
- VBoxEhciR0_SOURCES = \
- USB/DevEHCI.cpp \
-@@ -1406,7 +1406,7 @@ if defined(VBOX_WITH_EXTPACK) && defined
- VBoxPciRawDrv_SOURCES = Bus/DrvPciRaw.cpp
- $(call VBOX_SET_VER_INFO_DLL,VBoxPciRawDrv,PUEL Extension Pack - PCI Passthrough Driver)
-
-- SYSMODS += VBoxPciRawR0
-+ $(if-expr defined(VBOX_WITH_VBOXR0_AS_DLL),DLLS,SYSMODS) += VBoxPciRawR0
- VBoxPciRawR0_TEMPLATE = VBoxR0ExtPackPuel
- VBoxPciRawR0_SOURCES = Bus/DevPciRaw.cpp
- $(call VBOX_SET_VER_INFO_R0,VBoxPciRawR0,PUEL Extension Pack - PCI Passthrough Driver$(COMMA) ring-0)
-@@ -1424,7 +1424,7 @@ if defined(VBOX_WITH_EXTPACK) && defined
- Storage/DevNVMe.cpp
- $(call VBOX_SET_VER_INFO_DLL,VBoxNvmeR3,PUEL Extension Pack - NVMe Device)
-
-- SYSMODS += VBoxNvmeR0
-+ $(if-expr defined(VBOX_WITH_VBOXR0_AS_DLL),DLLS,SYSMODS) += VBoxNvmeR0
- VBoxNvmeR0_TEMPLATE = VBoxR0ExtPackPuel
- VBoxNvmeR0_SOURCES = \
- Storage/DevNVMe.cpp
---- a/src/VBox/ExtPacks/VBoxDTrace/Makefile.kmk
-+++ b/src/VBox/ExtPacks/VBoxDTrace/Makefile.kmk
-@@ -242,7 +242,7 @@ if defined(VBOX_WITH_EXTPACK_VBOXDTRACE)
- # The ring-0 part of VBoxDTrace.
- #
- ifneq ($(KBUILD_TARGET),solaris) # disabled on solaris - neiter needed nor currently able to build it here.
-- SYSMODS += VBoxDTraceR0
-+ $(if-expr defined(VBOX_WITH_VBOXR0_AS_DLL),DLLS,SYSMODS) += VBoxDTraceR0
- endif
- VBoxDTraceR0_TEMPLATE = VBoxR0ExtPackDTrace
- VBoxDTraceR0_DEFS = IN_VBOXDTRACE_R0 IN_RT_R0
---- a/src/VBox/ExtPacks/BusMouseSample/Makefile.kmk
-+++ b/src/VBox/ExtPacks/BusMouseSample/Makefile.kmk
-@@ -83,7 +83,7 @@ DLLS += VBoxBusMouseR3
- VBoxBusMouseR3_TEMPLATE = VBoxR3ExtPackBusMouse
- VBoxBusMouseR3_SOURCES = DevBusMouse.cpp
-
--SYSMODS += VBoxBusMouseR0
-+$(if-expr defined(VBOX_WITH_VBOXR0_AS_DLL),DLLS,SYSMODS) += VBoxBusMouseR0
- VBoxBusMouseR0_TEMPLATE = VBoxR0ExtPackBusMouse
- VBoxBusMouseR0_SOURCES = DevBusMouse.cpp
-
---- a/src/VBox/Runtime/testcase/Makefile.kmk
-+++ b/src/VBox/Runtime/testcase/Makefile.kmk
-@@ -210,13 +210,13 @@ if1of ($(KBUILD_TARGET_ARCH), amd64 x86)
- tstRTR0ThreadDriver
- endif
- if1of ($(KBUILD_TARGET_ARCH), $(VBOX_SUPPORTED_HOST_ARCHS))
-- SYSMODS += \
-+ $(if-expr defined(VBOX_WITH_VBOXR0_AS_DLL),DLLS,SYSMODS) += \
- tstLdrObjR0
- ifdef VBOX_WITH_RAW_MODE
- SYSMODS += tstLdrObj
- endif
- endif
-- SYSMODS += \
-+ $(if-expr defined(VBOX_WITH_VBOXR0_AS_DLL),DLLS,SYSMODS) += \
- tstRTR0MemUserKernel \
- tstRTR0SemMutex \
- tstRTR0Timer \
-@@ -224,7 +224,7 @@ if1of ($(KBUILD_TARGET_ARCH), amd64 x86)
- tstRTR0Thread
- if1of ($(KBUILD_TARGET), solaris darwin)
- PROGRAMS += tstRTR0DbgKrnlInfoDriver
-- SYSMODS += tstRTR0DbgKrnlInfo
-+ $(if-expr defined(VBOX_WITH_VBOXR0_AS_DLL),DLLS,SYSMODS) += tstRTR0DbgKrnlInfo
- endif # VBOX_SUPPORTED_HOST_ARCHS only
-
- endif
---- a/src/VBox/VMM/Makefile.kmk
-+++ b/src/VBox/VMM/Makefile.kmk
-@@ -435,7 +435,7 @@ ifndef VBOX_ONLY_EXTPACKS
- #
- # VMMR0.r0
- #
--SYSMODS += VMMR0
-+$(if-expr defined(VBOX_WITH_VBOXR0_AS_DLL),DLLS,SYSMODS) += VMMR0
- VMMR0_TEMPLATE = VBoxR0
- VMMR0_SYSSUFF = .r0
-
---- a/src/VBox/ValidationKit/utils/misc/Makefile.kmk
-+++ b/src/VBox/ValidationKit/utils/misc/Makefile.kmk
-@@ -31,7 +31,7 @@ PROGRAMS += LoadGenerator
- LoadGenerator_TEMPLATE = VBoxValidationKitR3Host
- LoadGenerator_SOURCES = loadgenerator.cpp
-
--SYSMODS += loadgeneratorR0
-+$(if-expr defined(VBOX_WITH_VBOXR0_AS_DLL),DLLS,SYSMODS) += loadgeneratorR0
- loadgeneratorR0_TEMPLATE = VBoxValidationKitR0
- loadgeneratorR0_SOURCES = loadgeneratorR0.cpp
-
---- a/src/VBox/HostDrivers/Support/SUPLib.cpp
-+++ b/src/VBox/HostDrivers/Support/SUPLib.cpp
-@@ -275,9 +275,9 @@ SUPR3DECL(int) SUPR3InitEx(bool fUnrestr
- CookieReq.Hdr.rc = VERR_INTERNAL_ERROR;
- strcpy(CookieReq.u.In.szMagic, SUPCOOKIE_MAGIC);
- CookieReq.u.In.u32ReqVersion = SUPDRV_IOC_VERSION;
-- const uint32_t uMinVersion = (SUPDRV_IOC_VERSION & 0xffff0000) == 0x002d0000
-+ const uint32_t uMinVersion = /*(SUPDRV_IOC_VERSION & 0xffff0000) == 0x002d0000
- ? 0x002d0001
-- : SUPDRV_IOC_VERSION & 0xffff0000;
-+ :*/ SUPDRV_IOC_VERSION & 0xffff0000;
- CookieReq.u.In.u32MinVersion = uMinVersion;
- rc = suplibOsIOCtl(&g_supLibData, SUP_IOCTL_COOKIE, &CookieReq, SUP_IOCTL_COOKIE_SIZE);
- if ( RT_SUCCESS(rc)
---- a/src/VBox/HostDrivers/Support/SUPDrvIOC.h
-+++ b/src/VBox/HostDrivers/Support/SUPDrvIOC.h
-@@ -220,9 +220,10 @@ typedef SUPREQHDR *PSUPREQHDR;
- * -# When increment the major number, execute all pending work.
- *
- * @todo Pending work on next major version change:
-- * - Move SUP_IOCTL_FAST_DO_NOP and SUP_VMMR0_DO_NEM_RUN after NEM.
-+ * - Nothing.
-+ * @note 0x002f0000 is used by 6.0. The next version number must be 0x00300000.
- */
--#define SUPDRV_IOC_VERSION 0x002d0001
-+#define SUPDRV_IOC_VERSION 0x002e0000
-
- /** SUP_IOCTL_COOKIE. */
- typedef struct SUPCOOKIE
-@@ -314,8 +315,8 @@ typedef struct SUPLDROPEN
- {
- struct
- {
-- /** Size of the image we'll be loading (including tables). */
-- uint32_t cbImageWithTabs;
-+ /** Size of the image we'll be loading (including all tables). */
-+ uint32_t cbImageWithEverything;
- /** The size of the image bits. (Less or equal to cbImageWithTabs.) */
- uint32_t cbImageBits;
- /** Image name.
-@@ -390,6 +391,29 @@ typedef SUPLDRSYM *PSUPLDRSYM;
- /** Pointer to a const symbol table entry. */
- typedef SUPLDRSYM const *PCSUPLDRSYM;
-
-+#define SUPLDR_PROT_READ 1 /**< Grant read access (RTMEM_PROT_READ). */
-+#define SUPLDR_PROT_WRITE 2 /**< Grant write access (RTMEM_PROT_WRITE). */
-+#define SUPLDR_PROT_EXEC 4 /**< Grant execute access (RTMEM_PROT_EXEC). */
-+
-+/**
-+ * A segment table entry - chiefly for conveying memory protection.
-+ */
-+typedef struct SUPLDRSEG
-+{
-+ /** The RVA of the segment. */
-+ uint32_t off;
-+ /** The size of the segment. */
-+ uint32_t cb : 28;
-+ /** The segment protection (SUPLDR_PROT_XXX). */
-+ uint32_t fProt : 3;
-+ /** MBZ. */
-+ uint32_t fUnused;
-+} SUPLDRSEG;
-+/** Pointer to a segment table entry. */
-+typedef SUPLDRSEG *PSUPLDRSEG;
-+/** Pointer to a const segment table entry. */
-+typedef SUPLDRSEG const *PCSUPLDRSEG;
-+
- /**
- * SUPLDRLOAD::u::In::EP type.
- */
-@@ -443,7 +467,7 @@ typedef struct SUPLDRLOAD
- /** The size of the image bits (starting at offset 0 and
- * approaching offSymbols). */
- uint32_t cbImageBits;
-- /** The offset of the symbol table. */
-+ /** The offset of the symbol table (SUPLDRSYM array). */
- uint32_t offSymbols;
- /** The number of entries in the symbol table. */
- uint32_t cSymbols;
-@@ -451,8 +475,12 @@ typedef struct SUPLDRLOAD
- uint32_t offStrTab;
- /** Size of the string table. */
- uint32_t cbStrTab;
-+ /** Offset to the segment table (SUPLDRSEG array). */
-+ uint32_t offSegments;
-+ /** Number of segments. */
-+ uint32_t cSegments;
- /** Size of image data in achImage. */
-- uint32_t cbImageWithTabs;
-+ uint32_t cbImageWithEverything;
- /** The image data. */
- uint8_t abImage[1];
- } In;
---- a/src/VBox/HostDrivers/Support/SUPDrvInternal.h
-+++ b/src/VBox/HostDrivers/Support/SUPDrvInternal.h
-@@ -145,6 +145,12 @@
- # define SUPDRV_USE_MUTEX_FOR_GIP
- #endif
-
-+#if defined(RT_OS_LINUX) /** @todo make everyone do this */
-+/** Use the RTR0MemObj API rather than the RTMemExecAlloc for the images.
-+ * This is a good idea in general, but a necessity for @bugref{9801}. */
-+# define SUPDRV_USE_MEMOBJ_FOR_LDR_IMAGE
-+#endif
-+
-
- /**
- * OS debug print macro.
-@@ -326,15 +332,20 @@ typedef struct SUPDRVLDRIMAGE
- struct SUPDRVLDRIMAGE * volatile pNext;
- /** Pointer to the image. */
- void *pvImage;
-+#ifdef SUPDRV_USE_MEMOBJ_FOR_LDR_IMAGE
-+ /** The memory object for the module allocation. */
-+ RTR0MEMOBJ hMemObjImage;
-+#else
- /** Pointer to the allocated image buffer.
- * pvImage is 32-byte aligned or it may governed by the native loader (this
- * member is NULL then). */
- void *pvImageAlloc;
-+#endif
- /** Magic value (SUPDRVLDRIMAGE_MAGIC). */
- uint32_t uMagic;
- /** Size of the image including the tables. This is mainly for verification
- * of the load request. */
-- uint32_t cbImageWithTabs;
-+ uint32_t cbImageWithEverything;
- /** Size of the image. */
- uint32_t cbImageBits;
- /** The number of entries in the symbol table. */
-@@ -345,6 +356,10 @@ typedef struct SUPDRVLDRIMAGE
- char *pachStrTab;
- /** Size of the string table. */
- uint32_t cbStrTab;
-+ /** Number of segments. */
-+ uint32_t cSegments;
-+ /** Segments (for memory protection). */
-+ PSUPLDRSEG paSegments;
- /** Pointer to the optional module initialization callback. */
- PFNR0MODULEINIT pfnModuleInit;
- /** Pointer to the optional module termination callback. */
---- a/src/VBox/HostDrivers/Support/SUPDrv.cpp
-+++ b/src/VBox/HostDrivers/Support/SUPDrv.cpp
-@@ -1734,11 +1734,10 @@ static int supdrvIOCtlInnerUnrestricted(
- /* validate */
- PSUPLDROPEN pReq = (PSUPLDROPEN)pReqHdr;
- REQ_CHECK_SIZES(SUP_IOCTL_LDR_OPEN);
-- REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, pReq->u.In.cbImageWithTabs > 0);
-- REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, pReq->u.In.cbImageWithTabs < 16*_1M);
-+ REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, pReq->u.In.cbImageWithEverything > 0);
-+ REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, pReq->u.In.cbImageWithEverything < 16*_1M);
- REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, pReq->u.In.cbImageBits > 0);
-- REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, pReq->u.In.cbImageBits > 0);
-- REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, pReq->u.In.cbImageBits < pReq->u.In.cbImageWithTabs);
-+ REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, pReq->u.In.cbImageBits < pReq->u.In.cbImageWithEverything);
- REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, pReq->u.In.szName[0]);
- REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, RTStrEnd(pReq->u.In.szName, sizeof(pReq->u.In.szName)));
- REQ_CHECK_EXPR(SUP_IOCTL_LDR_OPEN, supdrvIsLdrModuleNameValid(pReq->u.In.szName));
-@@ -1754,19 +1753,29 @@ static int supdrvIOCtlInnerUnrestricted(
- /* validate */
- PSUPLDRLOAD pReq = (PSUPLDRLOAD)pReqHdr;
- REQ_CHECK_EXPR(Name, pReq->Hdr.cbIn >= SUP_IOCTL_LDR_LOAD_SIZE_IN(32));
-- REQ_CHECK_SIZES_EX(SUP_IOCTL_LDR_LOAD, SUP_IOCTL_LDR_LOAD_SIZE_IN(pReq->u.In.cbImageWithTabs), SUP_IOCTL_LDR_LOAD_SIZE_OUT);
-- REQ_CHECK_EXPR(SUP_IOCTL_LDR_LOAD, pReq->u.In.cSymbols <= 16384);
-+ REQ_CHECK_SIZES_EX(SUP_IOCTL_LDR_LOAD, SUP_IOCTL_LDR_LOAD_SIZE_IN(pReq->u.In.cbImageWithEverything), SUP_IOCTL_LDR_LOAD_SIZE_OUT);
- REQ_CHECK_EXPR_FMT( !pReq->u.In.cSymbols
-- || ( pReq->u.In.offSymbols < pReq->u.In.cbImageWithTabs
-- && pReq->u.In.offSymbols + pReq->u.In.cSymbols * sizeof(SUPLDRSYM) <= pReq->u.In.cbImageWithTabs),
-- ("SUP_IOCTL_LDR_LOAD: offSymbols=%#lx cSymbols=%#lx cbImageWithTabs=%#lx\n", (long)pReq->u.In.offSymbols,
-- (long)pReq->u.In.cSymbols, (long)pReq->u.In.cbImageWithTabs));
-+ || ( pReq->u.In.cSymbols <= 16384
-+ && pReq->u.In.offSymbols >= pReq->u.In.cbImageBits
-+ && pReq->u.In.offSymbols < pReq->u.In.cbImageWithEverything
-+ && pReq->u.In.offSymbols + pReq->u.In.cSymbols * sizeof(SUPLDRSYM) <= pReq->u.In.cbImageWithEverything),
-+ ("SUP_IOCTL_LDR_LOAD: offSymbols=%#lx cSymbols=%#lx cbImageWithEverything=%#lx\n", (long)pReq->u.In.offSymbols,
-+ (long)pReq->u.In.cSymbols, (long)pReq->u.In.cbImageWithEverything));
- REQ_CHECK_EXPR_FMT( !pReq->u.In.cbStrTab
-- || ( pReq->u.In.offStrTab < pReq->u.In.cbImageWithTabs
-- && pReq->u.In.offStrTab + pReq->u.In.cbStrTab <= pReq->u.In.cbImageWithTabs
-- && pReq->u.In.cbStrTab <= pReq->u.In.cbImageWithTabs),
-- ("SUP_IOCTL_LDR_LOAD: offStrTab=%#lx cbStrTab=%#lx cbImageWithTabs=%#lx\n", (long)pReq->u.In.offStrTab,
-- (long)pReq->u.In.cbStrTab, (long)pReq->u.In.cbImageWithTabs));
-+ || ( pReq->u.In.offStrTab < pReq->u.In.cbImageWithEverything
-+ && pReq->u.In.offStrTab >= pReq->u.In.cbImageBits
-+ && pReq->u.In.offStrTab + pReq->u.In.cbStrTab <= pReq->u.In.cbImageWithEverything
-+ && pReq->u.In.cbStrTab <= pReq->u.In.cbImageWithEverything),
-+ ("SUP_IOCTL_LDR_LOAD: offStrTab=%#lx cbStrTab=%#lx cbImageWithEverything=%#lx\n", (long)pReq->u.In.offStrTab,
-+ (long)pReq->u.In.cbStrTab, (long)pReq->u.In.cbImageWithEverything));
-+ REQ_CHECK_EXPR_FMT( pReq->u.In.cSegments >= 1
-+ && pReq->u.In.cSegments <= 128
-+ && pReq->u.In.cSegments <= pReq->u.In.cbImageBits / PAGE_SIZE
-+ && pReq->u.In.offSegments >= pReq->u.In.cbImageBits
-+ && pReq->u.In.offSegments < pReq->u.In.cbImageWithEverything
-+ && pReq->u.In.offSegments + pReq->u.In.cSegments * sizeof(SUPLDRSEG) <= pReq->u.In.cbImageWithEverything,
-+ ("SUP_IOCTL_LDR_LOAD: offSegments=%#lx cSegments=%#lx cbImageWithEverything=%#lx\n", (long)pReq->u.In.offSegments,
-+ (long)pReq->u.In.cSegments, (long)pReq->u.In.cbImageWithEverything));
-
- if (pReq->u.In.cSymbols)
- {
-@@ -1774,15 +1783,37 @@ static int supdrvIOCtlInnerUnrestricted(
- PSUPLDRSYM paSyms = (PSUPLDRSYM)&pReq->u.In.abImage[pReq->u.In.offSymbols];
- for (i = 0; i < pReq->u.In.cSymbols; i++)
- {
-- REQ_CHECK_EXPR_FMT(paSyms[i].offSymbol < pReq->u.In.cbImageWithTabs,
-- ("SUP_IOCTL_LDR_LOAD: sym #%ld: symb off %#lx (max=%#lx)\n", (long)i, (long)paSyms[i].offSymbol, (long)pReq->u.In.cbImageWithTabs));
-+ REQ_CHECK_EXPR_FMT(paSyms[i].offSymbol < pReq->u.In.cbImageWithEverything,
-+ ("SUP_IOCTL_LDR_LOAD: sym #%ld: symb off %#lx (max=%#lx)\n", (long)i, (long)paSyms[i].offSymbol, (long)pReq->u.In.cbImageWithEverything));
- REQ_CHECK_EXPR_FMT(paSyms[i].offName < pReq->u.In.cbStrTab,
-- ("SUP_IOCTL_LDR_LOAD: sym #%ld: name off %#lx (max=%#lx)\n", (long)i, (long)paSyms[i].offName, (long)pReq->u.In.cbImageWithTabs));
-+ ("SUP_IOCTL_LDR_LOAD: sym #%ld: name off %#lx (max=%#lx)\n", (long)i, (long)paSyms[i].offName, (long)pReq->u.In.cbImageWithEverything));
- REQ_CHECK_EXPR_FMT(RTStrEnd((char const *)&pReq->u.In.abImage[pReq->u.In.offStrTab + paSyms[i].offName],
- pReq->u.In.cbStrTab - paSyms[i].offName),
-- ("SUP_IOCTL_LDR_LOAD: sym #%ld: unterminated name! (%#lx / %#lx)\n", (long)i, (long)paSyms[i].offName, (long)pReq->u.In.cbImageWithTabs));
-+ ("SUP_IOCTL_LDR_LOAD: sym #%ld: unterminated name! (%#lx / %#lx)\n", (long)i, (long)paSyms[i].offName, (long)pReq->u.In.cbImageWithEverything));
- }
- }
-+ {
-+ uint32_t i;
-+ uint32_t offPrevEnd = 0;
-+ PSUPLDRSEG paSegs = (PSUPLDRSEG)&pReq->u.In.abImage[pReq->u.In.offSegments];
-+ for (i = 0; i < pReq->u.In.cSegments; i++)
-+ {
-+ REQ_CHECK_EXPR_FMT(paSegs[i].off < pReq->u.In.cbImageBits && !(paSegs[i].off & PAGE_OFFSET_MASK),
-+ ("SUP_IOCTL_LDR_LOAD: seg #%ld: off %#lx (max=%#lx)\n", (long)i, (long)paSegs[i].off, (long)pReq->u.In.cbImageBits));
-+ REQ_CHECK_EXPR_FMT(paSegs[i].cb <= pReq->u.In.cbImageBits,
-+ ("SUP_IOCTL_LDR_LOAD: seg #%ld: cb %#lx (max=%#lx)\n", (long)i, (long)paSegs[i].cb, (long)pReq->u.In.cbImageBits));
-+ REQ_CHECK_EXPR_FMT(paSegs[i].off + paSegs[i].cb <= pReq->u.In.cbImageBits,
-+ ("SUP_IOCTL_LDR_LOAD: seg #%ld: off %#lx + cb %#lx = %#lx (max=%#lx)\n", (long)i, (long)paSegs[i].off, (long)paSegs[i].cb, (long)(paSegs[i].off + paSegs[i].cb), (long)pReq->u.In.cbImageBits));
-+ REQ_CHECK_EXPR_FMT(paSegs[i].fProt != 0,
-+ ("SUP_IOCTL_LDR_LOAD: seg #%ld: off %#lx + cb %#lx\n", (long)i, (long)paSegs[i].off, (long)paSegs[i].cb));
-+ REQ_CHECK_EXPR_FMT(paSegs[i].fUnused == 0, ("SUP_IOCTL_LDR_LOAD: seg #%ld: fUnused=1\n", (long)i));
-+ REQ_CHECK_EXPR_FMT(offPrevEnd == paSegs[i].off,
-+ ("SUP_IOCTL_LDR_LOAD: seg #%ld: off %#lx offPrevEnd %#lx\n", (long)i, (long)paSegs[i].off, (long)offPrevEnd));
-+ offPrevEnd = paSegs[i].off + paSegs[i].cb;
-+ }
-+ REQ_CHECK_EXPR_FMT(offPrevEnd == pReq->u.In.cbImageBits,
-+ ("SUP_IOCTL_LDR_LOAD: offPrevEnd %#lx cbImageBits %#lx\n", (long)i, (long)offPrevEnd, (long)pReq->u.In.cbImageBits));
-+ }
-
- /* execute */
- pReq->Hdr.rc = supdrvIOCtl_LdrLoad(pDevExt, pSession, pReq);
-@@ -5021,7 +5052,7 @@ static int supdrvIOCtl_LdrOpen(PSUPDRVDE
- size_t cchName = strlen(pReq->u.In.szName); /* (caller checked < 32). */
- SUPDRV_CHECK_SMAP_SETUP();
- SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
-- LogFlow(("supdrvIOCtl_LdrOpen: szName=%s cbImageWithTabs=%d\n", pReq->u.In.szName, pReq->u.In.cbImageWithTabs));
-+ LogFlow(("supdrvIOCtl_LdrOpen: szName=%s cbImageWithEverything=%d\n", pReq->u.In.szName, pReq->u.In.cbImageWithEverything));
-
- /*
- * Check if we got an instance of the image already.
-@@ -5035,7 +5066,8 @@ static int supdrvIOCtl_LdrOpen(PSUPDRVDE
- {
- if (RT_LIKELY(pImage->cUsage < UINT32_MAX / 2U))
- {
-- /** @todo check cbImageBits and cbImageWithTabs here, if they differs that indicates that the images are different. */
-+ /** @todo check cbImageBits and cbImageWithEverything here, if they differs
-+ * that indicates that the images are different. */
- pImage->cUsage++;
- pReq->u.Out.pvImageBase = pImage->pvImage;
- pReq->u.Out.fNeedsLoading = pImage->uState == SUP_IOCTL_LDR_OPEN;
-@@ -5078,13 +5110,19 @@ static int supdrvIOCtl_LdrOpen(PSUPDRVDE
- */
- pImage = (PSUPDRVLDRIMAGE)pv;
- pImage->pvImage = NULL;
-+#ifdef SUPDRV_USE_MEMOBJ_FOR_LDR_IMAGE
-+ pImage->hMemObjImage = NIL_RTR0MEMOBJ;
-+#else
- pImage->pvImageAlloc = NULL;
-- pImage->cbImageWithTabs = pReq->u.In.cbImageWithTabs;
-+#endif
-+ pImage->cbImageWithEverything = pReq->u.In.cbImageWithEverything;
- pImage->cbImageBits = pReq->u.In.cbImageBits;
- pImage->cSymbols = 0;
- pImage->paSymbols = NULL;
- pImage->pachStrTab = NULL;
- pImage->cbStrTab = 0;
-+ pImage->cSegments = 0;
-+ pImage->paSegments = NULL;
- pImage->pfnModuleInit = NULL;
- pImage->pfnModuleTerm = NULL;
- pImage->pfnServiceReqHandler = NULL;
-@@ -5102,10 +5140,19 @@ static int supdrvIOCtl_LdrOpen(PSUPDRVDE
- rc = supdrvOSLdrOpen(pDevExt, pImage, pReq->u.In.szFilename);
- if (rc == VERR_NOT_SUPPORTED)
- {
-+#ifdef SUPDRV_USE_MEMOBJ_FOR_LDR_IMAGE
-+ rc = RTR0MemObjAllocPage(&pImage->hMemObjImage, pImage->cbImageBits, true /*fExecutable*/);
-+ if (RT_SUCCESS(rc))
-+ {
-+ pImage->pvImage = RTR0MemObjAddress(pImage->hMemObjImage);
-+ pImage->fNative = false;
-+ }
-+#else
- pImage->pvImageAlloc = RTMemExecAlloc(pImage->cbImageBits + 31);
- pImage->pvImage = RT_ALIGN_P(pImage->pvImageAlloc, 32);
- pImage->fNative = false;
- rc = pImage->pvImageAlloc ? VINF_SUCCESS : VERR_NO_EXEC_MEMORY;
-+#endif
- SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
- }
- if (RT_FAILURE(rc))
-@@ -5138,41 +5185,90 @@ static int supdrvIOCtl_LdrOpen(PSUPDRVDE
-
-
- /**
-+ * Formats a load error message.
-+ *
-+ * @returns @a rc
-+ * @param rc Return code.
-+ * @param pReq The request.
-+ * @param pszFormat The error message format string.
-+ * @param ... Argument to the format string.
-+ */
-+int VBOXCALL supdrvLdrLoadError(int rc, PSUPLDRLOAD pReq, const char *pszFormat, ...)
-+{
-+ va_list va;
-+ va_start(va, pszFormat);
-+ pReq->u.Out.uErrorMagic = SUPLDRLOAD_ERROR_MAGIC;
-+ RTStrPrintfV(pReq->u.Out.szError, sizeof(pReq->u.Out.szError), pszFormat, va);
-+ va_end(va);
-+ Log(("SUP_IOCTL_LDR_LOAD: %s [rc=%Rrc]\n", pReq->u.Out.szError, rc));
-+ return rc;
-+}
-+
-+
-+/**
- * Worker that validates a pointer to an image entrypoint.
- *
-+ * Calls supdrvLdrLoadError on error.
-+ *
- * @returns IPRT status code.
- * @param pDevExt The device globals.
- * @param pImage The loader image.
- * @param pv The pointer into the image.
- * @param fMayBeNull Whether it may be NULL.
-- * @param fCheckNative Whether to check with the native loaders.
-- * @param pszSymbol The entrypoint name or log name. If the symbol
-+ * @param pszSymbol The entrypoint name or log name. If the symbol is
- * capitalized it signifies a specific symbol, otherwise it
- * for logging.
- * @param pbImageBits The image bits prepared by ring-3.
-+ * @param pReq The request for passing to supdrvLdrLoadError.
- *
-- * @remarks Will leave the lock on failure.
-+ * @note Will leave the loader lock on failure!
- */
- static int supdrvLdrValidatePointer(PSUPDRVDEVEXT pDevExt, PSUPDRVLDRIMAGE pImage, void *pv, bool fMayBeNull,
-- bool fCheckNative, const uint8_t *pbImageBits, const char *pszSymbol)
-+ const uint8_t *pbImageBits, const char *pszSymbol, PSUPLDRLOAD pReq)
- {
- if (!fMayBeNull || pv)
- {
-- if ((uintptr_t)pv - (uintptr_t)pImage->pvImage >= pImage->cbImageBits)
-+ uint32_t iSeg;
-+
-+ /* Must be within the image bits: */
-+ uintptr_t const uRva = (uintptr_t)pv - (uintptr_t)pImage->pvImage;
-+ if (uRva >= pImage->cbImageBits)
- {
- supdrvLdrUnlock(pDevExt);
-- Log(("Out of range (%p LB %#x): %s=%p\n", pImage->pvImage, pImage->cbImageBits, pszSymbol, pv));
-- return VERR_INVALID_PARAMETER;
-+ return supdrvLdrLoadError(VERR_INVALID_PARAMETER, pReq,
-+ "Invalid entry point address %p given for %s: RVA %#zx, image size %#zx",
-+ pv, pszSymbol, uRva, pImage->cbImageBits);
- }
-
-- if (pImage->fNative && fCheckNative)
-+ /* Must be in an executable segment: */
-+ for (iSeg = 0; iSeg < pImage->cSegments; iSeg++)
-+ if (uRva - pImage->paSegments[iSeg].off < (uintptr_t)pImage->paSegments[iSeg].cb)
-+ {
-+ if (pImage->paSegments[iSeg].fProt & SUPLDR_PROT_EXEC)
-+ break;
-+ supdrvLdrUnlock(pDevExt);
-+ return supdrvLdrLoadError(VERR_INVALID_PARAMETER, pReq,
-+ "Bad entry point %p given for %s: not executable (seg #%u: %#RX32 LB %#RX32 prot %#x)",
-+ pv, pszSymbol, iSeg, pImage->paSegments[iSeg].off, pImage->paSegments[iSeg].cb,
-+ pImage->paSegments[iSeg].fProt);
-+ }
-+ if (iSeg >= pImage->cSegments)
- {
-+ supdrvLdrUnlock(pDevExt);
-+ return supdrvLdrLoadError(VERR_INVALID_PARAMETER, pReq,
-+ "Bad entry point %p given for %s: no matching segment found (RVA %#zx)!",
-+ pv, pszSymbol, uRva);
-+ }
-+
-+ if (pImage->fNative)
-+ {
-+ /** @todo pass pReq along to the native code. */
- int rc = supdrvOSLdrValidatePointer(pDevExt, pImage, pv, pbImageBits, pszSymbol);
- if (RT_FAILURE(rc))
- {
- supdrvLdrUnlock(pDevExt);
-- Log(("Bad entry point address: %s=%p (rc=%Rrc)\n", pszSymbol, pv, rc));
-- return rc;
-+ return supdrvLdrLoadError(VERR_INVALID_PARAMETER, pReq,
-+ "Bad entry point address %p for %s: rc=%Rrc\n", pv, pszSymbol, rc);
- }
- }
- }
-@@ -5223,27 +5319,6 @@ int VBOXCALL supdrvLdrLoadError(int rc,
-
-
- /**
-- * Formats a load error message.
-- *
-- * @returns @a rc
-- * @param rc Return code.
-- * @param pReq The request.
-- * @param pszFormat The error message format string.
-- * @param ... Argument to the format string.
-- */
--int VBOXCALL supdrvLdrLoadError(int rc, PSUPLDRLOAD pReq, const char *pszFormat, ...)
--{
-- va_list va;
-- va_start(va, pszFormat);
-- pReq->u.Out.uErrorMagic = SUPLDRLOAD_ERROR_MAGIC;
-- RTStrPrintfV(pReq->u.Out.szError, sizeof(pReq->u.Out.szError), pszFormat, va);
-- va_end(va);
-- Log(("SUP_IOCTL_LDR_LOAD: %s [rc=%Rrc]\n", pReq->u.Out.szError, rc));
-- return rc;
--}
--
--
--/**
- * Loads the image bits.
- *
- * This is the 2nd step of the loading.
-@@ -5259,7 +5334,7 @@ static int supdrvIOCtl_LdrLoad(PSUPDRVDE
- PSUPDRVLDRIMAGE pImage;
- int rc;
- SUPDRV_CHECK_SMAP_SETUP();
-- LogFlow(("supdrvIOCtl_LdrLoad: pvImageBase=%p cbImageWithBits=%d\n", pReq->u.In.pvImageBase, pReq->u.In.cbImageWithTabs));
-+ LogFlow(("supdrvIOCtl_LdrLoad: pvImageBase=%p cbImageWithEverything=%d\n", pReq->u.In.pvImageBase, pReq->u.In.cbImageWithEverything));
- SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
-
- /*
-@@ -5281,12 +5356,12 @@ static int supdrvIOCtl_LdrLoad(PSUPDRVDE
- /*
- * Validate input.
- */
-- if ( pImage->cbImageWithTabs != pReq->u.In.cbImageWithTabs
-- || pImage->cbImageBits != pReq->u.In.cbImageBits)
-+ if ( pImage->cbImageWithEverything != pReq->u.In.cbImageWithEverything
-+ || pImage->cbImageBits != pReq->u.In.cbImageBits)
- {
- supdrvLdrUnlock(pDevExt);
-- return supdrvLdrLoadError(VERR_INVALID_HANDLE, pReq, "Image size mismatch found: %d(prep) != %d(load) or %d != %d",
-- pImage->cbImageWithTabs, pReq->u.In.cbImageWithTabs, pImage->cbImageBits, pReq->u.In.cbImageBits);
-+ return supdrvLdrLoadError(VERR_INVALID_HANDLE, pReq, "Image size mismatch found: %u(prep) != %u(load) or %u != %u",
-+ pImage->cbImageWithEverything, pReq->u.In.cbImageWithEverything, pImage->cbImageBits, pReq->u.In.cbImageBits);
- }
-
- if (pImage->uState != SUP_IOCTL_LDR_OPEN)
-@@ -5306,35 +5381,56 @@ static int supdrvIOCtl_LdrLoad(PSUPDRVDE
- return supdrvLdrLoadError(VERR_PERMISSION_DENIED, pReq, "Loader is locked down");
- }
-
-+ /*
-+ * Copy the segments before we start using supdrvLdrValidatePointer for entrypoint validation.
-+ */
-+ pImage->cSegments = pReq->u.In.cSegments;
-+ {
-+ size_t cbSegments = pImage->cSegments * sizeof(SUPLDRSEG);
-+ pImage->paSegments = (PSUPLDRSEG)RTMemDup(&pReq->u.In.abImage[pReq->u.In.offSegments], cbSegments);
-+ if (pImage->paSegments) /* Align the last segment size to avoid upsetting RTR0MemObjProtect. */ /** @todo relax RTR0MemObjProtect */
-+ pImage->paSegments[pImage->cSegments - 1].cb = RT_ALIGN_32(pImage->paSegments[pImage->cSegments - 1].cb, PAGE_SIZE);
-+ else
-+ {
-+ supdrvLdrUnlock(pDevExt);
-+ return supdrvLdrLoadError(VERR_NO_MEMORY, pReq, "Out of memory for segment table: %#x", cbSegments);
-+ }
-+ SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
-+ }
-+
-+ /*
-+ * Validate entrypoints.
-+ */
- switch (pReq->u.In.eEPType)
- {
- case SUPLDRLOADEP_NOTHING:
- break;
-
- case SUPLDRLOADEP_VMMR0:
-- rc = supdrvLdrValidatePointer( pDevExt, pImage, pReq->u.In.EP.VMMR0.pvVMMR0, false, false, pReq->u.In.abImage, "pvVMMR0");
-- if (RT_SUCCESS(rc))
-- rc = supdrvLdrValidatePointer(pDevExt, pImage, pReq->u.In.EP.VMMR0.pvVMMR0EntryFast, false, true, pReq->u.In.abImage, "VMMR0EntryFast");
-- if (RT_SUCCESS(rc))
-- rc = supdrvLdrValidatePointer(pDevExt, pImage, pReq->u.In.EP.VMMR0.pvVMMR0EntryEx, false, true, pReq->u.In.abImage, "VMMR0EntryEx");
-+ if (pReq->u.In.EP.VMMR0.pvVMMR0 != pImage->pvImage)
-+ {
-+ supdrvLdrUnlock(pDevExt);
-+ return supdrvLdrLoadError(VERR_INVALID_PARAMETER, pReq, "Invalid pvVMMR0 pointer: %p, expected %p", pReq->u.In.EP.VMMR0.pvVMMR0, pImage->pvImage);
-+ }
-+ rc = supdrvLdrValidatePointer(pDevExt, pImage, pReq->u.In.EP.VMMR0.pvVMMR0EntryFast, false, pReq->u.In.abImage, "VMMR0EntryFast", pReq);
-+ if (RT_FAILURE(rc))
-+ return rc;
-+ rc = supdrvLdrValidatePointer(pDevExt, pImage, pReq->u.In.EP.VMMR0.pvVMMR0EntryEx, false, pReq->u.In.abImage, "VMMR0EntryEx", pReq);
- if (RT_FAILURE(rc))
-- return supdrvLdrLoadError(rc, pReq, "Invalid VMMR0 pointer");
-+ return rc;
- break;
-
- case SUPLDRLOADEP_SERVICE:
-- rc = supdrvLdrValidatePointer(pDevExt, pImage, pReq->u.In.EP.Service.pfnServiceReq, false, true, pReq->u.In.abImage, "pfnServiceReq");
-+ rc = supdrvLdrValidatePointer(pDevExt, pImage, pReq->u.In.EP.Service.pfnServiceReq, false, pReq->u.In.abImage, "pfnServiceReq", pReq);
- if (RT_FAILURE(rc))
-- return supdrvLdrLoadError(rc, pReq, "Invalid pfnServiceReq pointer: %p", pReq->u.In.EP.Service.pfnServiceReq);
-+ return rc;
- if ( pReq->u.In.EP.Service.apvReserved[0] != NIL_RTR0PTR
- || pReq->u.In.EP.Service.apvReserved[1] != NIL_RTR0PTR
- || pReq->u.In.EP.Service.apvReserved[2] != NIL_RTR0PTR)
- {
- supdrvLdrUnlock(pDevExt);
-- return supdrvLdrLoadError(VERR_INVALID_PARAMETER, pReq,
-- "Out of range (%p LB %#x): apvReserved={%p,%p,%p} MBZ!",
-- pImage->pvImage, pReq->u.In.cbImageWithTabs,
-- pReq->u.In.EP.Service.apvReserved[0],
-- pReq->u.In.EP.Service.apvReserved[1],
-+ return supdrvLdrLoadError(VERR_INVALID_PARAMETER, pReq, "apvReserved={%p,%p,%p} MBZ!",
-+ pReq->u.In.EP.Service.apvReserved[0], pReq->u.In.EP.Service.apvReserved[1],
- pReq->u.In.EP.Service.apvReserved[2]);
- }
- break;
-@@ -5344,12 +5440,12 @@ static int supdrvIOCtl_LdrLoad(PSUPDRVDE
- return supdrvLdrLoadError(VERR_INVALID_PARAMETER, pReq, "Invalid eEPType=%d", pReq->u.In.eEPType);
- }
-
-- rc = supdrvLdrValidatePointer(pDevExt, pImage, pReq->u.In.pfnModuleInit, true, true, pReq->u.In.abImage, "ModuleInit");
-+ rc = supdrvLdrValidatePointer(pDevExt, pImage, pReq->u.In.pfnModuleInit, true, pReq->u.In.abImage, "ModuleInit", pReq);
- if (RT_FAILURE(rc))
-- return supdrvLdrLoadError(rc, pReq, "Invalid pfnModuleInit pointer: %p", pReq->u.In.pfnModuleInit);
-- rc = supdrvLdrValidatePointer(pDevExt, pImage, pReq->u.In.pfnModuleTerm, true, true, pReq->u.In.abImage, "ModuleTerm");
-+ return rc;
-+ rc = supdrvLdrValidatePointer(pDevExt, pImage, pReq->u.In.pfnModuleTerm, true, pReq->u.In.abImage, "ModuleTerm", pReq);
- if (RT_FAILURE(rc))
-- return supdrvLdrLoadError(rc, pReq, "Invalid pfnModuleTerm pointer: %p", pReq->u.In.pfnModuleTerm);
-+ return rc;
- SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
-
- /*
-@@ -5361,10 +5457,8 @@ static int supdrvIOCtl_LdrLoad(PSUPDRVDE
- pImage->cbStrTab = pReq->u.In.cbStrTab;
- if (pImage->cbStrTab)
- {
-- pImage->pachStrTab = (char *)RTMemAlloc(pImage->cbStrTab);
-- if (pImage->pachStrTab)
-- memcpy(pImage->pachStrTab, &pReq->u.In.abImage[pReq->u.In.offStrTab], pImage->cbStrTab);
-- else
-+ pImage->pachStrTab = (char *)RTMemDup(&pReq->u.In.abImage[pReq->u.In.offStrTab], pImage->cbStrTab);
-+ if (!pImage->pachStrTab)
- rc = supdrvLdrLoadError(VERR_NO_MEMORY, pReq, "Out of memory for string table: %#x", pImage->cbStrTab);
- SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
- }
-@@ -5373,17 +5467,15 @@ static int supdrvIOCtl_LdrLoad(PSUPDRVDE
- if (RT_SUCCESS(rc) && pImage->cSymbols)
- {
- size_t cbSymbols = pImage->cSymbols * sizeof(SUPLDRSYM);
-- pImage->paSymbols = (PSUPLDRSYM)RTMemAlloc(cbSymbols);
-- if (pImage->paSymbols)
-- memcpy(pImage->paSymbols, &pReq->u.In.abImage[pReq->u.In.offSymbols], cbSymbols);
-- else
-+ pImage->paSymbols = (PSUPLDRSYM)RTMemDup(&pReq->u.In.abImage[pReq->u.In.offSymbols], cbSymbols);
-+ if (!pImage->paSymbols)
- rc = supdrvLdrLoadError(VERR_NO_MEMORY, pReq, "Out of memory for symbol table: %#x", cbSymbols);
- SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
- }
- }
-
- /*
-- * Copy the bits / complete native loading.
-+ * Copy the bits and apply permissions / complete native loading.
- */
- if (RT_SUCCESS(rc))
- {
-@@ -5395,7 +5487,26 @@ static int supdrvIOCtl_LdrLoad(PSUPDRVDE
- rc = supdrvOSLdrLoad(pDevExt, pImage, pReq->u.In.abImage, pReq);
- else
- {
-+#ifdef SUPDRV_USE_MEMOBJ_FOR_LDR_IMAGE
-+ uint32_t i;
- memcpy(pImage->pvImage, &pReq->u.In.abImage[0], pImage->cbImageBits);
-+
-+ for (i = 0; i < pImage->cSegments; i++)
-+ {
-+ rc = RTR0MemObjProtect(pImage->hMemObjImage, pImage->paSegments[i].off, pImage->paSegments[i].cb,
-+ pImage->paSegments[i].fProt);
-+ if (RT_SUCCESS(rc))
-+ continue;
-+ if (rc == VERR_NOT_SUPPORTED)
-+ rc = VINF_SUCCESS;
-+ else
-+ rc = supdrvLdrLoadError(rc, pReq, "RTR0MemObjProtect failed on seg#%u %#RX32 LB %#RX32 fProt=%#x",
-+ i, pImage->paSegments[i].off, pImage->paSegments[i].cb, pImage->paSegments[i].fProt);
-+ break;
-+ }
-+#else
-+ memcpy(pImage->pvImage, &pReq->u.In.abImage[0], pImage->cbImageBits);
-+#endif
- Log(("vboxdrv: Loaded '%s' at %p\n", pImage->szName, pImage->pvImage));
- }
- SUPDRV_CHECK_SMAP_CHECK(pDevExt, RT_NOTHING);
-@@ -5990,12 +6101,20 @@ static void supdrvLdrFree(PSUPDRVDEVEXT
- pImage->pDevExt = NULL;
- pImage->pNext = NULL;
- pImage->uState = SUP_IOCTL_LDR_FREE;
-+#ifdef SUPDRV_USE_MEMOBJ_FOR_LDR_IMAGE
-+ RTR0MemObjFree(pImage->hMemObjImage, true /*fMappings*/);
-+ pImage->hMemObjImage = NIL_RTR0MEMOBJ;
-+#else
- RTMemExecFree(pImage->pvImageAlloc, pImage->cbImageBits + 31);
- pImage->pvImageAlloc = NULL;
-+#endif
-+ pImage->pvImage = NULL;
- RTMemFree(pImage->pachStrTab);
- pImage->pachStrTab = NULL;
- RTMemFree(pImage->paSymbols);
- pImage->paSymbols = NULL;
-+ RTMemFree(pImage->paSegments);
-+ pImage->paSegments = NULL;
- RTMemFree(pImage);
- }
-
---- a/src/VBox/Runtime/r0drv/linux/the-linux-kernel.h
-+++ b/src/VBox/Runtime/r0drv/linux/the-linux-kernel.h
-@@ -176,6 +176,11 @@
- # include <asm/set_memory.h>
- #endif
-
-+/* for __flush_tlb_all() */
-+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2, 6, 28) && (defined(RT_ARCH_AMD64) || defined(RT_ARCH_X86))
-+# include <asm/tlbflush.h>
-+#endif
-+
- #if LINUX_VERSION_CODE >= KERNEL_VERSION(3, 7, 0)
- # include <asm/smap.h>
- #else
diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.12.bb b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.14.bb
similarity index 94%
rename from meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.12.bb
rename to meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.14.bb
index 6c036d403c..35dc4953bb 100644
--- a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.12.bb
+++ b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.14.bb
@@ -12,11 +12,10 @@ COMPATIBLE_MACHINE = "(qemux86|qemux86-64)"
VBOX_NAME = "VirtualBox-${PV}"
SRC_URI = "http://download.virtualbox.org/virtualbox/${PV}/${VBOX_NAME}.tar.bz2 \
- file://021-linux-5-8.patch \
file://Makefile.utils \
"
-SRC_URI[md5sum] = "3c351f7fd6376e0bb3c8489505a9450c"
-SRC_URI[sha256sum] = "05eff0321daa72f6d00fb121a6b4211f39964778823806fa0b7b751667dec362"
+SRC_URI[md5sum] = "6e4313df24fd00b0dc0437c3746b940d"
+SRC_URI[sha256sum] = "91fa05bcfce36316ca93e3927c9550ea66286fff4c5bec900b753fca278ce1a0"
S ?= "${WORKDIR}/vbox_module"
S_task-patch = "${WORKDIR}/${VBOX_NAME}"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [dunfell 05/15] vboxguestdrivers: upgrade 6.1.14 -> 6.1.16
2021-07-25 4:52 [dunfell 00/15] Patch review July 24th Armin Kuster
` (3 preceding siblings ...)
2021-07-25 4:52 ` [dunfell 04/15] vboxguestdrivers: upgrade 6.1.12 -> 6.1.14 Drop kernel 5.8 compatibility patch, now part of upstream codebase Armin Kuster
@ 2021-07-25 4:52 ` Armin Kuster
2021-07-25 4:52 ` [dunfell 06/15] vboxguestdrivers: fix build against kernel v5.10+ Armin Kuster
` (9 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Armin Kuster @ 2021-07-25 4:52 UTC (permalink / raw)
To: openembedded-devel
From: Gianfranco Costamagna <costamagna.gianfranco@gmail.com>
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 7839164921ddb340a1bff322a1274c6022cb8565)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
...{vboxguestdrivers_6.1.14.bb => vboxguestdrivers_6.1.16.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta-oe/recipes-support/vboxguestdrivers/{vboxguestdrivers_6.1.14.bb => vboxguestdrivers_6.1.16.bb} (95%)
diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.14.bb b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.16.bb
similarity index 95%
rename from meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.14.bb
rename to meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.16.bb
index 35dc4953bb..9282f663b4 100644
--- a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.14.bb
+++ b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.16.bb
@@ -14,8 +14,8 @@ VBOX_NAME = "VirtualBox-${PV}"
SRC_URI = "http://download.virtualbox.org/virtualbox/${PV}/${VBOX_NAME}.tar.bz2 \
file://Makefile.utils \
"
-SRC_URI[md5sum] = "6e4313df24fd00b0dc0437c3746b940d"
-SRC_URI[sha256sum] = "91fa05bcfce36316ca93e3927c9550ea66286fff4c5bec900b753fca278ce1a0"
+SRC_URI[md5sum] = "a12a647f6c114f2cb1571089b36841fe"
+SRC_URI[sha256sum] = "49c1990da16d8a3d5bda8cdb961ec8195a901e67e4c79aea44c1521a5fc2f9f1"
S ?= "${WORKDIR}/vbox_module"
S_task-patch = "${WORKDIR}/${VBOX_NAME}"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [dunfell 06/15] vboxguestdrivers: fix build against kernel v5.10+
2021-07-25 4:52 [dunfell 00/15] Patch review July 24th Armin Kuster
` (4 preceding siblings ...)
2021-07-25 4:52 ` [dunfell 05/15] vboxguestdrivers: upgrade 6.1.14 -> 6.1.16 Armin Kuster
@ 2021-07-25 4:52 ` Armin Kuster
2021-07-25 4:52 ` [dunfell 07/15] vboxguestdrivers: upgrade 6.1.16 -> 6.1.18 Armin Kuster
` (8 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Armin Kuster @ 2021-07-25 4:52 UTC (permalink / raw)
To: openembedded-devel
From: Bruce Ashfield <bruce.ashfield@gmail.com>
We need to adjust the vboxguest drivers to build against kernels
5.10+.
These are backports from the virtual box SVN repository and can be
dropped in future uprevs.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 22eaac640f80df44108a5565127181c94645a032)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
...-linux-drm-Adjustment-for-Linux-5.10.patch | 321 ++++++++++++++++++
...0drv-linux.c-Changes-to-support-the-.patch | 119 +++++++
...justment-for-linux-5.10-TASK_SIZE_MA.patch | 46 +++
.../vboxguestdrivers_6.1.16.bb | 3 +
4 files changed, 489 insertions(+)
create mode 100644 meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0001-Additions-linux-drm-Adjustment-for-Linux-5.10.patch
create mode 100644 meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0001-Runtime-memobj-r0drv-linux.c-Changes-to-support-the-.patch
create mode 100644 meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0001-linser-vboxsf-Adjustment-for-linux-5.10-TASK_SIZE_MA.patch
diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0001-Additions-linux-drm-Adjustment-for-Linux-5.10.patch b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0001-Additions-linux-drm-Adjustment-for-Linux-5.10.patch
new file mode 100644
index 0000000000..a444901f8c
--- /dev/null
+++ b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0001-Additions-linux-drm-Adjustment-for-Linux-5.10.patch
@@ -0,0 +1,321 @@
+From b6c765d693a0833b94cb2e91b32842570c3458d2 Mon Sep 17 00:00:00 2001
+From: vboxsync <vboxsync@cfe28804-0f27-0410-a406-dd0f0b0b656f>
+Date: Tue, 15 Dec 2020 22:29:56 +0000
+Subject: [PATCH] Additions/linux/drm: Adjustment for Linux 5.10.
+
+Upstream-Status: Backport
+
+git-svn-id: http://www.virtualbox.org/svn/vbox@87092 cfe28804-0f27-0410-a406-dd0f0b0b656f
+
+Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
+
+---
+ src/VBox/Additions/linux/drm/vbox_drv.h | 10 +-
+ src/VBox/Additions/linux/drm/vbox_fb.c | 2 +-
+ .../src/VBox/Additions/linux/drm/vbox_mode.c | 2 +-
+ src/VBox/Additions/linux/drm/vbox_ttm.c | 99 +++++++++++++++++--
+ 4 files changed, 99 insertions(+), 14 deletions(-)
+
+diff --git a/src/VBox/Additions/linux/drm/vbox_drv.h b/src/VBox/Additions/linux/drm/vbox_drv.h
+index 8c85371749..7937f2f2d2 100644
+--- a/src/VBox/Additions/linux/drm/vbox_drv.h
++++ b/src/VBox/Additions/linux/drm/vbox_drv.h
+@@ -175,6 +175,9 @@
+ #include <drm/ttm/ttm_placement.h>
+ #include <drm/ttm/ttm_memory.h>
+ #include <drm/ttm/ttm_module.h>
++#if RTLNX_VER_MIN(5,10,0)
++# include <drm/ttm/ttm_resource.h>
++#endif
+
+ #include "vboxvideo_guest.h"
+ #include "vboxvideo_vbe.h"
+@@ -444,7 +447,10 @@ int vbox_bo_create(struct drm_device *dev, int size, int align,
+ int vbox_gem_create(struct drm_device *dev,
+ u32 size, bool iskernel, struct drm_gem_object **obj);
+
+-int vbox_bo_pin(struct vbox_bo *bo, u32 pl_flag, u64 *gpu_addr);
++#define VBOX_MEM_TYPE_VRAM 0x1
++#define VBOX_MEM_TYPE_SYSTEM 0x2
++
++int vbox_bo_pin(struct vbox_bo *bo, u32 mem_type, u64 *gpu_addr);
+ int vbox_bo_unpin(struct vbox_bo *bo);
+
+ static inline int vbox_bo_reserve(struct vbox_bo *bo, bool no_wait)
+@@ -469,7 +475,7 @@ static inline void vbox_bo_unreserve(struct vbox_bo *bo)
+ ttm_bo_unreserve(&bo->bo);
+ }
+
+-void vbox_ttm_placement(struct vbox_bo *bo, int domain);
++void vbox_ttm_placement(struct vbox_bo *bo, u32 mem_type);
+ int vbox_bo_push_sysram(struct vbox_bo *bo);
+ int vbox_mmap(struct file *filp, struct vm_area_struct *vma);
+
+diff --git a/src/VBox/Additions/linux/drm/vbox_fb.c b/src/VBox/Additions/linux/drm/vbox_fb.c
+index adead98d3d..7182d9da1a 100644
+--- a/src/VBox/Additions/linux/drm/vbox_fb.c
++++ b/src/VBox/Additions/linux/drm/vbox_fb.c
+@@ -295,7 +295,7 @@ static int vboxfb_create(struct drm_fb_helper *helper,
+ if (ret)
+ return ret;
+
+- ret = vbox_bo_pin(bo, TTM_PL_FLAG_VRAM, NULL);
++ ret = vbox_bo_pin(bo, VBOX_MEM_TYPE_VRAM, NULL);
+ if (ret) {
+ vbox_bo_unreserve(bo);
+ return ret;
+diff --git a/src/VBox/Additions/linux/drm/vbox_mode.c b/src/VBox/Additions/linux/drm/vbox_mode.c
+index ce7d135cb6..5557db5ef8 100644
+--- a/src/VBox/Additions/linux/drm/vbox_mode.c
++++ b/src/VBox/Additions/linux/drm/vbox_mode.c
+@@ -227,7 +227,7 @@ static int vbox_crtc_set_base(struct drm_crtc *crtc,
+ if (ret)
+ return ret;
+
+- ret = vbox_bo_pin(bo, TTM_PL_FLAG_VRAM, &gpu_addr);
++ ret = vbox_bo_pin(bo, VBOX_MEM_TYPE_VRAM, &gpu_addr);
+ vbox_bo_unreserve(bo);
+ if (ret)
+ return ret;
+diff --git a/src/VBox/Additions/linux/drm/vbox_ttm.c b/src/VBox/Additions/linux/drm/vbox_ttm.c
+index bf87aabc05..5eac926a42 100644
+--- a/src/VBox/Additions/linux/drm/vbox_ttm.c
++++ b/src/VBox/Additions/linux/drm/vbox_ttm.c
+@@ -41,6 +41,7 @@
+ #define PLACEMENT_FLAGS(placement) ((placement).flags)
+ #endif
+
++
+ static inline struct vbox_private *vbox_bdev(struct ttm_bo_device *bd)
+ {
+ return container_of(bd, struct vbox_private, ttm.bdev);
+@@ -125,6 +126,7 @@ static bool vbox_ttm_bo_is_vbox_bo(struct ttm_buffer_object *bo)
+ return false;
+ }
+
++#if RTLNX_VER_MAX(5,10,0)
+ static int
+ vbox_bo_init_mem_type(struct ttm_bo_device *bdev, u32 type,
+ struct ttm_mem_type_manager *man)
+@@ -148,6 +150,7 @@ vbox_bo_init_mem_type(struct ttm_bo_device *bdev, u32 type,
+
+ return 0;
+ }
++#endif
+
+ static void
+ vbox_bo_evict_flags(struct ttm_buffer_object *bo, struct ttm_placement *pl)
+@@ -157,7 +160,7 @@ vbox_bo_evict_flags(struct ttm_buffer_object *bo, struct ttm_placement *pl)
+ if (!vbox_ttm_bo_is_vbox_bo(bo))
+ return;
+
+- vbox_ttm_placement(vboxbo, TTM_PL_FLAG_SYSTEM);
++ vbox_ttm_placement(vboxbo, VBOX_MEM_TYPE_SYSTEM);
+ *pl = vboxbo->placement;
+ }
+
+@@ -167,11 +170,12 @@ static int vbox_bo_verify_access(struct ttm_buffer_object *bo,
+ return 0;
+ }
+
++#if RTLNX_VER_MAX(5,10,0)
+ static int vbox_ttm_io_mem_reserve(struct ttm_bo_device *bdev,
+ struct ttm_mem_reg *mem)
+ {
+- struct ttm_mem_type_manager *man = &bdev->man[mem->mem_type];
+ struct vbox_private *vbox = vbox_bdev(bdev);
++ struct ttm_mem_type_manager *man = &bdev->man[mem->mem_type];
+
+ mem->bus.addr = NULL;
+ mem->bus.offset = 0;
+@@ -194,12 +198,53 @@ static int vbox_ttm_io_mem_reserve(struct ttm_bo_device *bdev,
+ }
+ return 0;
+ }
++#else
++static int vbox_ttm_io_mem_reserve(struct ttm_bo_device *bdev,
++ struct ttm_resource *mem)
++{
++ struct vbox_private *vbox = vbox_bdev(bdev);
++ mem->bus.addr = NULL;
++ mem->bus.offset = 0;
++ mem->size = mem->num_pages << PAGE_SHIFT;
++ mem->start = 0;
++ mem->bus.is_iomem = false;
++ switch (mem->mem_type) {
++ case TTM_PL_SYSTEM:
++ /* system memory */
++ return 0;
++ case TTM_PL_VRAM:
++ mem->bus.offset = mem->start << PAGE_SHIFT;
++ mem->start = pci_resource_start(vbox->dev->pdev, 0);
++ mem->bus.is_iomem = true;
++ break;
++ default:
++ return -EINVAL;
++ }
++ return 0;
++}
++#endif
+
++
++
++#if RTLNX_VER_MIN(5,10,0)
++static void vbox_ttm_io_mem_free(struct ttm_bo_device *bdev,
++ struct ttm_resource *mem)
++{
++}
++#else
+ static void vbox_ttm_io_mem_free(struct ttm_bo_device *bdev,
+ struct ttm_mem_reg *mem)
+ {
+ }
++#endif
+
++#if RTLNX_VER_MIN(5,10,0)
++static void vbox_ttm_tt_destroy(struct ttm_bo_device *bdev, struct ttm_tt *tt)
++{
++ ttm_tt_fini(tt);
++ kfree(tt);
++}
++#else
+ static void vbox_ttm_backend_destroy(struct ttm_tt *tt)
+ {
+ ttm_tt_fini(tt);
+@@ -209,6 +254,7 @@ static void vbox_ttm_backend_destroy(struct ttm_tt *tt)
+ static struct ttm_backend_func vbox_tt_backend_func = {
+ .destroy = &vbox_ttm_backend_destroy,
+ };
++#endif
+
+ #if RTLNX_VER_MAX(4,17,0) && !RTLNX_RHEL_MAJ_PREREQ(7,6) && !RTLNX_SUSE_MAJ_PREREQ(15,1) && !RTLNX_SUSE_MAJ_PREREQ(12,5)
+ static struct ttm_tt *vbox_ttm_tt_create(struct ttm_bo_device *bdev,
+@@ -226,7 +272,9 @@ static struct ttm_tt *vbox_ttm_tt_create(struct ttm_buffer_object *bo,
+ if (!tt)
+ return NULL;
+
++#if RTLNX_VER_MAX(5,10,0)
+ tt->func = &vbox_tt_backend_func;
++#endif
+ #if RTLNX_VER_MAX(4,17,0) && !RTLNX_RHEL_MAJ_PREREQ(7,6) && !RTLNX_SUSE_MAJ_PREREQ(15,1) && !RTLNX_SUSE_MAJ_PREREQ(12,5)
+ if (ttm_tt_init(tt, bdev, size, page_flags, dummy_read_page)) {
+ #else
+@@ -261,11 +309,16 @@ static void vbox_ttm_tt_unpopulate(struct ttm_tt *ttm)
+
+ static struct ttm_bo_driver vbox_bo_driver = {
+ .ttm_tt_create = vbox_ttm_tt_create,
++#if RTLNX_VER_MIN(5,10,0)
++ .ttm_tt_destroy = vbox_ttm_tt_destroy,
++#endif
+ #if RTLNX_VER_MAX(4,17,0)
+ .ttm_tt_populate = vbox_ttm_tt_populate,
+ .ttm_tt_unpopulate = vbox_ttm_tt_unpopulate,
+ #endif
++#if RTLNX_VER_MAX(5,10,0)
+ .init_mem_type = vbox_bo_init_mem_type,
++#endif
+ #if RTLNX_VER_MIN(4,10,0) || RTLNX_RHEL_MAJ_PREREQ(7,4)
+ .eviction_valuable = ttm_bo_eviction_valuable,
+ #endif
+@@ -318,8 +371,13 @@ int vbox_mm_init(struct vbox_private *vbox)
+ #endif
+ }
+
++#if RTLNX_VER_MIN(5,10,0)
++ ret = ttm_range_man_init(bdev, TTM_PL_VRAM, false,
++ vbox->available_vram_size >> PAGE_SHIFT);
++#else
+ ret = ttm_bo_init_mm(bdev, TTM_PL_VRAM,
+ vbox->available_vram_size >> PAGE_SHIFT);
++#endif
+ if (ret) {
+ DRM_ERROR("Failed ttm VRAM init: %d\n", ret);
+ goto err_device_release;
+@@ -359,7 +417,7 @@ void vbox_mm_fini(struct vbox_private *vbox)
+ #endif
+ }
+
+-void vbox_ttm_placement(struct vbox_bo *bo, int domain)
++void vbox_ttm_placement(struct vbox_bo *bo, u32 mem_type)
+ {
+ u32 c = 0;
+ #if RTLNX_VER_MAX(3,18,0) && !RTLNX_RHEL_MAJ_PREREQ(7,2)
+@@ -372,15 +430,36 @@ void vbox_ttm_placement(struct vbox_bo *bo, int domain)
+ bo->placement.placement = bo->placements;
+ bo->placement.busy_placement = bo->placements;
+
+- if (domain & TTM_PL_FLAG_VRAM)
++ if (mem_type & VBOX_MEM_TYPE_VRAM) {
++#if RTLNX_VER_MIN(5,10,0)
++ bo->placements[c].mem_type = TTM_PL_VRAM;
++ PLACEMENT_FLAGS(bo->placements[c++]) =
++ TTM_PL_FLAG_WC | TTM_PL_FLAG_UNCACHED;
++#else
+ PLACEMENT_FLAGS(bo->placements[c++]) =
+ TTM_PL_FLAG_WC | TTM_PL_FLAG_UNCACHED | TTM_PL_FLAG_VRAM;
+- if (domain & TTM_PL_FLAG_SYSTEM)
++#endif
++ }
++ if (mem_type & VBOX_MEM_TYPE_SYSTEM) {
++#if RTLNX_VER_MIN(5,10,0)
++ bo->placements[c].mem_type = TTM_PL_SYSTEM;
++ PLACEMENT_FLAGS(bo->placements[c++]) =
++ TTM_PL_MASK_CACHING;
++#else
+ PLACEMENT_FLAGS(bo->placements[c++]) =
+ TTM_PL_MASK_CACHING | TTM_PL_FLAG_SYSTEM;
+- if (!c)
++#endif
++ }
++ if (!c) {
++#if RTLNX_VER_MIN(5,10,0)
++ bo->placements[c].mem_type = TTM_PL_SYSTEM;
++ PLACEMENT_FLAGS(bo->placements[c++]) =
++ TTM_PL_MASK_CACHING;
++#else
+ PLACEMENT_FLAGS(bo->placements[c++]) =
+ TTM_PL_MASK_CACHING | TTM_PL_FLAG_SYSTEM;
++#endif
++ }
+
+ bo->placement.num_placement = c;
+ bo->placement.num_busy_placement = c;
+@@ -414,7 +493,7 @@ int vbox_bo_create(struct drm_device *dev, int size, int align,
+ vboxbo->bo.bdev->dev_mapping = dev->dev_mapping;
+ #endif
+
+- vbox_ttm_placement(vboxbo, TTM_PL_FLAG_VRAM | TTM_PL_FLAG_SYSTEM);
++ vbox_ttm_placement(vboxbo, VBOX_MEM_TYPE_VRAM | VBOX_MEM_TYPE_SYSTEM);
+
+ acc_size = ttm_bo_dma_acc_size(&vbox->ttm.bdev, size,
+ sizeof(struct vbox_bo));
+@@ -452,7 +531,7 @@ static inline u64 vbox_bo_gpu_offset(struct vbox_bo *bo)
+ #endif
+ }
+
+-int vbox_bo_pin(struct vbox_bo *bo, u32 pl_flag, u64 *gpu_addr)
++int vbox_bo_pin(struct vbox_bo *bo, u32 mem_type, u64 *gpu_addr)
+ {
+ #if RTLNX_VER_MIN(4,16,0) || RTLNX_RHEL_MAJ_PREREQ(7,6) || RTLNX_SUSE_MAJ_PREREQ(15,1) || RTLNX_SUSE_MAJ_PREREQ(12,5)
+ struct ttm_operation_ctx ctx = { false, false };
+@@ -467,7 +546,7 @@ int vbox_bo_pin(struct vbox_bo *bo, u32 pl_flag, u64 *gpu_addr)
+ return 0;
+ }
+
+- vbox_ttm_placement(bo, pl_flag);
++ vbox_ttm_placement(bo, mem_type);
+
+ for (i = 0; i < bo->placement.num_placement; i++)
+ PLACEMENT_FLAGS(bo->placements[i]) |= TTM_PL_FLAG_NO_EVICT;
+@@ -540,7 +619,7 @@ int vbox_bo_push_sysram(struct vbox_bo *bo)
+ if (bo->kmap.virtual)
+ ttm_bo_kunmap(&bo->kmap);
+
+- vbox_ttm_placement(bo, TTM_PL_FLAG_SYSTEM);
++ vbox_ttm_placement(bo, VBOX_MEM_TYPE_SYSTEM);
+
+ for (i = 0; i < bo->placement.num_placement; i++)
+ PLACEMENT_FLAGS(bo->placements[i]) |= TTM_PL_FLAG_NO_EVICT;
+--
+2.19.1
+
diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0001-Runtime-memobj-r0drv-linux.c-Changes-to-support-the-.patch b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0001-Runtime-memobj-r0drv-linux.c-Changes-to-support-the-.patch
new file mode 100644
index 0000000000..db27cb883b
--- /dev/null
+++ b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0001-Runtime-memobj-r0drv-linux.c-Changes-to-support-the-.patch
@@ -0,0 +1,119 @@
+From 2a6e3cf63f58e289802a11faad5fb495e2d04e97 Mon Sep 17 00:00:00 2001
+From: vboxsync <vboxsync@cfe28804-0f27-0410-a406-dd0f0b0b656f>
+Date: Wed, 9 Dec 2020 18:59:04 +0000
+Subject: [PATCH] Runtime/memobj-r0drv-linux.c: Changes to support the upcoming
+ 5.10 kernel, bugref:9879
+
+Upstream-Status: Backport
+
+git-svn-id: http://www.virtualbox.org/svn/vbox@87074 cfe28804-0f27-0410-a406-dd0f0b0b656f
+
+Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
+---
+ .../Runtime/r0drv/linux/memobj-r0drv-linux.c | 68 ++++++++++++++++++-
+ 1 file changed, 67 insertions(+), 1 deletion(-)
+
+--- a/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c
++++ b/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c
+@@ -56,9 +56,19 @@
+ * Whether we use alloc_vm_area (3.2+) for executable memory.
+ * This is a must for 5.8+, but we enable it all the way back to 3.2.x for
+ * better W^R compliance (fExecutable flag). */
+-#if RTLNX_VER_MIN(3,2,0) || defined(DOXYGEN_RUNNING)
++#if RTLNX_VER_RANGE(3,2,0, 5,10,0) || defined(DOXYGEN_RUNNING)
+ # define IPRT_USE_ALLOC_VM_AREA_FOR_EXEC
+ #endif
++/** @def IPRT_USE_APPLY_TO_PAGE_RANGE_FOR_EXEC
++ * alloc_vm_area was removed with 5.10 so we have to resort to a different way
++ * to allocate executable memory.
++ * It would be possible to remove IPRT_USE_ALLOC_VM_AREA_FOR_EXEC and use
++ * this path execlusively for 3.2+ but no time to test it really works on every
++ * supported kernel, so better play safe for now.
++ */
++#if RTLNX_VER_MIN(5,10,0) || defined(DOXYGEN_RUNNING)
++# define IPRT_USE_APPLY_TO_PAGE_RANGE_FOR_EXEC
++#endif
+
+ /*
+ * 2.6.29+ kernels don't work with remap_pfn_range() anymore because
+@@ -502,6 +512,46 @@ static void rtR0MemObjLinuxFreePages(PRT
+ }
+
+
++#ifdef IPRT_USE_APPLY_TO_PAGE_RANGE_FOR_EXEC
++/**
++ * User data passed to the apply_to_page_range() callback.
++ */
++typedef struct LNXAPPLYPGRANGE
++{
++ /** Pointer to the memory object. */
++ PRTR0MEMOBJLNX pMemLnx;
++ /** The page protection flags to apply. */
++ pgprot_t fPg;
++} LNXAPPLYPGRANGE;
++/** Pointer to the user data. */
++typedef LNXAPPLYPGRANGE *PLNXAPPLYPGRANGE;
++/** Pointer to the const user data. */
++typedef const LNXAPPLYPGRANGE *PCLNXAPPLYPGRANGE;
++
++/**
++ * Callback called in apply_to_page_range().
++ *
++ * @returns Linux status code.
++ * @param pPte Pointer to the page table entry for the given address.
++ * @param uAddr The address to apply the new protection to.
++ * @param pvUser The opaque user data.
++ */
++#ifdef __i386__
++static int rtR0MemObjLinuxApplyPageRange(pte_t *pPte, unsigned long uAddr, void *pvUser)
++#else
++static DECLCALLBACK(int) rtR0MemObjLinuxApplyPageRange(pte_t *pPte, unsigned long uAddr, void *pvUser)
++#endif
++{
++ PCLNXAPPLYPGRANGE pArgs = (PCLNXAPPLYPGRANGE)pvUser;
++ PRTR0MEMOBJLNX pMemLnx = pArgs->pMemLnx;
++ size_t idxPg = (uAddr - (unsigned long)pMemLnx->Core.pv) >> PAGE_SHIFT;
++
++ set_pte(pPte, mk_pte(pMemLnx->apPages[idxPg], pArgs->fPg));
++ return 0;
++}
++#endif
++
++
+ /**
+ * Maps the allocation into ring-0.
+ *
+@@ -584,6 +634,11 @@ static int rtR0MemObjLinuxVMap(PRTR0MEMO
+ else
+ # endif
+ {
++# if defined(IPRT_USE_APPLY_TO_PAGE_RANGE_FOR_EXEC)
++ if (fExecutable)
++ pgprot_val(fPg) |= _PAGE_NX; /* Uses RTR0MemObjProtect to clear NX when memory ready, W^X fashion. */
++# endif
++
+ # ifdef VM_MAP
+ pMemLnx->Core.pv = vmap(&pMemLnx->apPages[0], pMemLnx->cPages, VM_MAP, fPg);
+ # else
+@@ -1851,6 +1906,21 @@ DECLHIDDEN(int) rtR0MemObjNativeProtect(
+ preempt_enable();
+ return VINF_SUCCESS;
+ }
++# elif defined(IPRT_USE_APPLY_TO_PAGE_RANGE_FOR_EXEC)
++ PRTR0MEMOBJLNX pMemLnx = (PRTR0MEMOBJLNX)pMem;
++ if ( pMemLnx->fExecutable
++ && pMemLnx->fMappedToRing0)
++ {
++ LNXAPPLYPGRANGE Args;
++ Args.pMemLnx = pMemLnx;
++ Args.fPg = rtR0MemObjLinuxConvertProt(fProt, true /*fKernel*/);
++ int rcLnx = apply_to_page_range(current->active_mm, (unsigned long)pMemLnx->Core.pv + offSub, cbSub,
++ rtR0MemObjLinuxApplyPageRange, (void *)&Args);
++ if (rcLnx)
++ return VERR_NOT_SUPPORTED;
++
++ return VINF_SUCCESS;
++ }
+ # endif
+
+ NOREF(pMem);
diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0001-linser-vboxsf-Adjustment-for-linux-5.10-TASK_SIZE_MA.patch b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0001-linser-vboxsf-Adjustment-for-linux-5.10-TASK_SIZE_MA.patch
new file mode 100644
index 0000000000..3cfe2e917c
--- /dev/null
+++ b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0001-linser-vboxsf-Adjustment-for-linux-5.10-TASK_SIZE_MA.patch
@@ -0,0 +1,46 @@
+From a276f8bc5e4515f7ea51e2c56e0e634a723ca104 Mon Sep 17 00:00:00 2001
+From: vboxsync <vboxsync@cfe28804-0f27-0410-a406-dd0f0b0b656f>
+Date: Tue, 8 Dec 2020 13:52:53 +0000
+Subject: [PATCH] linser/vboxsf: Adjustment for linux 5.10 - TASK_SIZE_MAX
+ replaces USER_DS.seg. bugref:9879
+
+Upstream-Status: Backport
+
+git-svn-id: http://www.virtualbox.org/svn/vbox@87053 cfe28804-0f27-0410-a406-dd0f0b0b656f
+
+Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
+---
+ src/VBox/Additions/linux/sharedfolders/regops.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/src/VBox/Additions/linux/sharedfolders/regops.c b/src/VBox/Additions/linux/sharedfolders/regops.c
+index e1fad3d820..401fd69930 100644
+--- a/src/VBox/Additions/linux/sharedfolders/regops.c
++++ b/src/VBox/Additions/linux/sharedfolders/regops.c
+@@ -147,7 +147,11 @@ static int vbsf_iov_iter_detect_type(struct iovec const *paIov, size_t cSegs)
+ while (cSegs-- > 0) {
+ if (paIov->iov_len > 0) {
+ if (access_ok(VERIFY_READ, paIov->iov_base, paIov->iov_len))
++#if RTLNX_VER_MIN(5,10,0)
++ return (uintptr_t)paIov->iov_base >= TASK_SIZE_MAX ? ITER_KVEC : 0;
++#else
+ return (uintptr_t)paIov->iov_base >= USER_DS.seg ? ITER_KVEC : 0;
++#endif
+ AssertMsgFailed(("%p LB %#zx\n", paIov->iov_base, paIov->iov_len));
+ break;
+ }
+@@ -1401,7 +1405,10 @@ static int vbsf_lock_user_pages_failed_check_kernel(uintptr_t uPtrFrom, size_t c
+ /*
+ * Check that this is valid user memory that is actually in the kernel range.
+ */
+-#if RTLNX_VER_MIN(5,0,0) || RTLNX_RHEL_MIN(8,1)
++#if RTLNX_VER_MIN(5,10,0)
++ if ( access_ok((void *)uPtrFrom, cPages << PAGE_SHIFT)
++ && uPtrFrom >= TASK_SIZE_MAX)
++#elif RTLNX_VER_MIN(5,0,0) || RTLNX_RHEL_MIN(8,1)
+ if ( access_ok((void *)uPtrFrom, cPages << PAGE_SHIFT)
+ && uPtrFrom >= USER_DS.seg)
+ #else
+--
+2.19.1
+
diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.16.bb b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.16.bb
index 9282f663b4..ff639c09f0 100644
--- a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.16.bb
+++ b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.16.bb
@@ -13,6 +13,9 @@ VBOX_NAME = "VirtualBox-${PV}"
SRC_URI = "http://download.virtualbox.org/virtualbox/${PV}/${VBOX_NAME}.tar.bz2 \
file://Makefile.utils \
+ file://0001-Additions-linux-drm-Adjustment-for-Linux-5.10.patch \
+ file://0001-Runtime-memobj-r0drv-linux.c-Changes-to-support-the-.patch \
+ file://0001-linser-vboxsf-Adjustment-for-linux-5.10-TASK_SIZE_MA.patch \
"
SRC_URI[md5sum] = "a12a647f6c114f2cb1571089b36841fe"
SRC_URI[sha256sum] = "49c1990da16d8a3d5bda8cdb961ec8195a901e67e4c79aea44c1521a5fc2f9f1"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [dunfell 07/15] vboxguestdrivers: upgrade 6.1.16 -> 6.1.18
2021-07-25 4:52 [dunfell 00/15] Patch review July 24th Armin Kuster
` (5 preceding siblings ...)
2021-07-25 4:52 ` [dunfell 06/15] vboxguestdrivers: fix build against kernel v5.10+ Armin Kuster
@ 2021-07-25 4:52 ` Armin Kuster
2021-07-25 4:52 ` [dunfell 08/15] vboxguestdrivers: Add patch proposed upstream to fix a build failure on i386 Armin Kuster
` (7 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Armin Kuster @ 2021-07-25 4:52 UTC (permalink / raw)
To: openembedded-devel
From: Gianfranco <costamagna.gianfranco@gmail.com>
Drop kernel 5.10 build fixes patches, now part of upstream codebase
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit f8f2331158b33436bd53142e0e1b4b94f78b37e6)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
...-linux-drm-Adjustment-for-Linux-5.10.patch | 321 ------------------
...0drv-linux.c-Changes-to-support-the-.patch | 119 -------
...justment-for-linux-5.10-TASK_SIZE_MA.patch | 46 ---
...s_6.1.16.bb => vboxguestdrivers_6.1.18.bb} | 7 +-
4 files changed, 2 insertions(+), 491 deletions(-)
delete mode 100644 meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0001-Additions-linux-drm-Adjustment-for-Linux-5.10.patch
delete mode 100644 meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0001-Runtime-memobj-r0drv-linux.c-Changes-to-support-the-.patch
delete mode 100644 meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0001-linser-vboxsf-Adjustment-for-linux-5.10-TASK_SIZE_MA.patch
rename meta-oe/recipes-support/vboxguestdrivers/{vboxguestdrivers_6.1.16.bb => vboxguestdrivers_6.1.18.bb} (88%)
diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0001-Additions-linux-drm-Adjustment-for-Linux-5.10.patch b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0001-Additions-linux-drm-Adjustment-for-Linux-5.10.patch
deleted file mode 100644
index a444901f8c..0000000000
--- a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0001-Additions-linux-drm-Adjustment-for-Linux-5.10.patch
+++ /dev/null
@@ -1,321 +0,0 @@
-From b6c765d693a0833b94cb2e91b32842570c3458d2 Mon Sep 17 00:00:00 2001
-From: vboxsync <vboxsync@cfe28804-0f27-0410-a406-dd0f0b0b656f>
-Date: Tue, 15 Dec 2020 22:29:56 +0000
-Subject: [PATCH] Additions/linux/drm: Adjustment for Linux 5.10.
-
-Upstream-Status: Backport
-
-git-svn-id: http://www.virtualbox.org/svn/vbox@87092 cfe28804-0f27-0410-a406-dd0f0b0b656f
-
-Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
-
----
- src/VBox/Additions/linux/drm/vbox_drv.h | 10 +-
- src/VBox/Additions/linux/drm/vbox_fb.c | 2 +-
- .../src/VBox/Additions/linux/drm/vbox_mode.c | 2 +-
- src/VBox/Additions/linux/drm/vbox_ttm.c | 99 +++++++++++++++++--
- 4 files changed, 99 insertions(+), 14 deletions(-)
-
-diff --git a/src/VBox/Additions/linux/drm/vbox_drv.h b/src/VBox/Additions/linux/drm/vbox_drv.h
-index 8c85371749..7937f2f2d2 100644
---- a/src/VBox/Additions/linux/drm/vbox_drv.h
-+++ b/src/VBox/Additions/linux/drm/vbox_drv.h
-@@ -175,6 +175,9 @@
- #include <drm/ttm/ttm_placement.h>
- #include <drm/ttm/ttm_memory.h>
- #include <drm/ttm/ttm_module.h>
-+#if RTLNX_VER_MIN(5,10,0)
-+# include <drm/ttm/ttm_resource.h>
-+#endif
-
- #include "vboxvideo_guest.h"
- #include "vboxvideo_vbe.h"
-@@ -444,7 +447,10 @@ int vbox_bo_create(struct drm_device *dev, int size, int align,
- int vbox_gem_create(struct drm_device *dev,
- u32 size, bool iskernel, struct drm_gem_object **obj);
-
--int vbox_bo_pin(struct vbox_bo *bo, u32 pl_flag, u64 *gpu_addr);
-+#define VBOX_MEM_TYPE_VRAM 0x1
-+#define VBOX_MEM_TYPE_SYSTEM 0x2
-+
-+int vbox_bo_pin(struct vbox_bo *bo, u32 mem_type, u64 *gpu_addr);
- int vbox_bo_unpin(struct vbox_bo *bo);
-
- static inline int vbox_bo_reserve(struct vbox_bo *bo, bool no_wait)
-@@ -469,7 +475,7 @@ static inline void vbox_bo_unreserve(struct vbox_bo *bo)
- ttm_bo_unreserve(&bo->bo);
- }
-
--void vbox_ttm_placement(struct vbox_bo *bo, int domain);
-+void vbox_ttm_placement(struct vbox_bo *bo, u32 mem_type);
- int vbox_bo_push_sysram(struct vbox_bo *bo);
- int vbox_mmap(struct file *filp, struct vm_area_struct *vma);
-
-diff --git a/src/VBox/Additions/linux/drm/vbox_fb.c b/src/VBox/Additions/linux/drm/vbox_fb.c
-index adead98d3d..7182d9da1a 100644
---- a/src/VBox/Additions/linux/drm/vbox_fb.c
-+++ b/src/VBox/Additions/linux/drm/vbox_fb.c
-@@ -295,7 +295,7 @@ static int vboxfb_create(struct drm_fb_helper *helper,
- if (ret)
- return ret;
-
-- ret = vbox_bo_pin(bo, TTM_PL_FLAG_VRAM, NULL);
-+ ret = vbox_bo_pin(bo, VBOX_MEM_TYPE_VRAM, NULL);
- if (ret) {
- vbox_bo_unreserve(bo);
- return ret;
-diff --git a/src/VBox/Additions/linux/drm/vbox_mode.c b/src/VBox/Additions/linux/drm/vbox_mode.c
-index ce7d135cb6..5557db5ef8 100644
---- a/src/VBox/Additions/linux/drm/vbox_mode.c
-+++ b/src/VBox/Additions/linux/drm/vbox_mode.c
-@@ -227,7 +227,7 @@ static int vbox_crtc_set_base(struct drm_crtc *crtc,
- if (ret)
- return ret;
-
-- ret = vbox_bo_pin(bo, TTM_PL_FLAG_VRAM, &gpu_addr);
-+ ret = vbox_bo_pin(bo, VBOX_MEM_TYPE_VRAM, &gpu_addr);
- vbox_bo_unreserve(bo);
- if (ret)
- return ret;
-diff --git a/src/VBox/Additions/linux/drm/vbox_ttm.c b/src/VBox/Additions/linux/drm/vbox_ttm.c
-index bf87aabc05..5eac926a42 100644
---- a/src/VBox/Additions/linux/drm/vbox_ttm.c
-+++ b/src/VBox/Additions/linux/drm/vbox_ttm.c
-@@ -41,6 +41,7 @@
- #define PLACEMENT_FLAGS(placement) ((placement).flags)
- #endif
-
-+
- static inline struct vbox_private *vbox_bdev(struct ttm_bo_device *bd)
- {
- return container_of(bd, struct vbox_private, ttm.bdev);
-@@ -125,6 +126,7 @@ static bool vbox_ttm_bo_is_vbox_bo(struct ttm_buffer_object *bo)
- return false;
- }
-
-+#if RTLNX_VER_MAX(5,10,0)
- static int
- vbox_bo_init_mem_type(struct ttm_bo_device *bdev, u32 type,
- struct ttm_mem_type_manager *man)
-@@ -148,6 +150,7 @@ vbox_bo_init_mem_type(struct ttm_bo_device *bdev, u32 type,
-
- return 0;
- }
-+#endif
-
- static void
- vbox_bo_evict_flags(struct ttm_buffer_object *bo, struct ttm_placement *pl)
-@@ -157,7 +160,7 @@ vbox_bo_evict_flags(struct ttm_buffer_object *bo, struct ttm_placement *pl)
- if (!vbox_ttm_bo_is_vbox_bo(bo))
- return;
-
-- vbox_ttm_placement(vboxbo, TTM_PL_FLAG_SYSTEM);
-+ vbox_ttm_placement(vboxbo, VBOX_MEM_TYPE_SYSTEM);
- *pl = vboxbo->placement;
- }
-
-@@ -167,11 +170,12 @@ static int vbox_bo_verify_access(struct ttm_buffer_object *bo,
- return 0;
- }
-
-+#if RTLNX_VER_MAX(5,10,0)
- static int vbox_ttm_io_mem_reserve(struct ttm_bo_device *bdev,
- struct ttm_mem_reg *mem)
- {
-- struct ttm_mem_type_manager *man = &bdev->man[mem->mem_type];
- struct vbox_private *vbox = vbox_bdev(bdev);
-+ struct ttm_mem_type_manager *man = &bdev->man[mem->mem_type];
-
- mem->bus.addr = NULL;
- mem->bus.offset = 0;
-@@ -194,12 +198,53 @@ static int vbox_ttm_io_mem_reserve(struct ttm_bo_device *bdev,
- }
- return 0;
- }
-+#else
-+static int vbox_ttm_io_mem_reserve(struct ttm_bo_device *bdev,
-+ struct ttm_resource *mem)
-+{
-+ struct vbox_private *vbox = vbox_bdev(bdev);
-+ mem->bus.addr = NULL;
-+ mem->bus.offset = 0;
-+ mem->size = mem->num_pages << PAGE_SHIFT;
-+ mem->start = 0;
-+ mem->bus.is_iomem = false;
-+ switch (mem->mem_type) {
-+ case TTM_PL_SYSTEM:
-+ /* system memory */
-+ return 0;
-+ case TTM_PL_VRAM:
-+ mem->bus.offset = mem->start << PAGE_SHIFT;
-+ mem->start = pci_resource_start(vbox->dev->pdev, 0);
-+ mem->bus.is_iomem = true;
-+ break;
-+ default:
-+ return -EINVAL;
-+ }
-+ return 0;
-+}
-+#endif
-
-+
-+
-+#if RTLNX_VER_MIN(5,10,0)
-+static void vbox_ttm_io_mem_free(struct ttm_bo_device *bdev,
-+ struct ttm_resource *mem)
-+{
-+}
-+#else
- static void vbox_ttm_io_mem_free(struct ttm_bo_device *bdev,
- struct ttm_mem_reg *mem)
- {
- }
-+#endif
-
-+#if RTLNX_VER_MIN(5,10,0)
-+static void vbox_ttm_tt_destroy(struct ttm_bo_device *bdev, struct ttm_tt *tt)
-+{
-+ ttm_tt_fini(tt);
-+ kfree(tt);
-+}
-+#else
- static void vbox_ttm_backend_destroy(struct ttm_tt *tt)
- {
- ttm_tt_fini(tt);
-@@ -209,6 +254,7 @@ static void vbox_ttm_backend_destroy(struct ttm_tt *tt)
- static struct ttm_backend_func vbox_tt_backend_func = {
- .destroy = &vbox_ttm_backend_destroy,
- };
-+#endif
-
- #if RTLNX_VER_MAX(4,17,0) && !RTLNX_RHEL_MAJ_PREREQ(7,6) && !RTLNX_SUSE_MAJ_PREREQ(15,1) && !RTLNX_SUSE_MAJ_PREREQ(12,5)
- static struct ttm_tt *vbox_ttm_tt_create(struct ttm_bo_device *bdev,
-@@ -226,7 +272,9 @@ static struct ttm_tt *vbox_ttm_tt_create(struct ttm_buffer_object *bo,
- if (!tt)
- return NULL;
-
-+#if RTLNX_VER_MAX(5,10,0)
- tt->func = &vbox_tt_backend_func;
-+#endif
- #if RTLNX_VER_MAX(4,17,0) && !RTLNX_RHEL_MAJ_PREREQ(7,6) && !RTLNX_SUSE_MAJ_PREREQ(15,1) && !RTLNX_SUSE_MAJ_PREREQ(12,5)
- if (ttm_tt_init(tt, bdev, size, page_flags, dummy_read_page)) {
- #else
-@@ -261,11 +309,16 @@ static void vbox_ttm_tt_unpopulate(struct ttm_tt *ttm)
-
- static struct ttm_bo_driver vbox_bo_driver = {
- .ttm_tt_create = vbox_ttm_tt_create,
-+#if RTLNX_VER_MIN(5,10,0)
-+ .ttm_tt_destroy = vbox_ttm_tt_destroy,
-+#endif
- #if RTLNX_VER_MAX(4,17,0)
- .ttm_tt_populate = vbox_ttm_tt_populate,
- .ttm_tt_unpopulate = vbox_ttm_tt_unpopulate,
- #endif
-+#if RTLNX_VER_MAX(5,10,0)
- .init_mem_type = vbox_bo_init_mem_type,
-+#endif
- #if RTLNX_VER_MIN(4,10,0) || RTLNX_RHEL_MAJ_PREREQ(7,4)
- .eviction_valuable = ttm_bo_eviction_valuable,
- #endif
-@@ -318,8 +371,13 @@ int vbox_mm_init(struct vbox_private *vbox)
- #endif
- }
-
-+#if RTLNX_VER_MIN(5,10,0)
-+ ret = ttm_range_man_init(bdev, TTM_PL_VRAM, false,
-+ vbox->available_vram_size >> PAGE_SHIFT);
-+#else
- ret = ttm_bo_init_mm(bdev, TTM_PL_VRAM,
- vbox->available_vram_size >> PAGE_SHIFT);
-+#endif
- if (ret) {
- DRM_ERROR("Failed ttm VRAM init: %d\n", ret);
- goto err_device_release;
-@@ -359,7 +417,7 @@ void vbox_mm_fini(struct vbox_private *vbox)
- #endif
- }
-
--void vbox_ttm_placement(struct vbox_bo *bo, int domain)
-+void vbox_ttm_placement(struct vbox_bo *bo, u32 mem_type)
- {
- u32 c = 0;
- #if RTLNX_VER_MAX(3,18,0) && !RTLNX_RHEL_MAJ_PREREQ(7,2)
-@@ -372,15 +430,36 @@ void vbox_ttm_placement(struct vbox_bo *bo, int domain)
- bo->placement.placement = bo->placements;
- bo->placement.busy_placement = bo->placements;
-
-- if (domain & TTM_PL_FLAG_VRAM)
-+ if (mem_type & VBOX_MEM_TYPE_VRAM) {
-+#if RTLNX_VER_MIN(5,10,0)
-+ bo->placements[c].mem_type = TTM_PL_VRAM;
-+ PLACEMENT_FLAGS(bo->placements[c++]) =
-+ TTM_PL_FLAG_WC | TTM_PL_FLAG_UNCACHED;
-+#else
- PLACEMENT_FLAGS(bo->placements[c++]) =
- TTM_PL_FLAG_WC | TTM_PL_FLAG_UNCACHED | TTM_PL_FLAG_VRAM;
-- if (domain & TTM_PL_FLAG_SYSTEM)
-+#endif
-+ }
-+ if (mem_type & VBOX_MEM_TYPE_SYSTEM) {
-+#if RTLNX_VER_MIN(5,10,0)
-+ bo->placements[c].mem_type = TTM_PL_SYSTEM;
-+ PLACEMENT_FLAGS(bo->placements[c++]) =
-+ TTM_PL_MASK_CACHING;
-+#else
- PLACEMENT_FLAGS(bo->placements[c++]) =
- TTM_PL_MASK_CACHING | TTM_PL_FLAG_SYSTEM;
-- if (!c)
-+#endif
-+ }
-+ if (!c) {
-+#if RTLNX_VER_MIN(5,10,0)
-+ bo->placements[c].mem_type = TTM_PL_SYSTEM;
-+ PLACEMENT_FLAGS(bo->placements[c++]) =
-+ TTM_PL_MASK_CACHING;
-+#else
- PLACEMENT_FLAGS(bo->placements[c++]) =
- TTM_PL_MASK_CACHING | TTM_PL_FLAG_SYSTEM;
-+#endif
-+ }
-
- bo->placement.num_placement = c;
- bo->placement.num_busy_placement = c;
-@@ -414,7 +493,7 @@ int vbox_bo_create(struct drm_device *dev, int size, int align,
- vboxbo->bo.bdev->dev_mapping = dev->dev_mapping;
- #endif
-
-- vbox_ttm_placement(vboxbo, TTM_PL_FLAG_VRAM | TTM_PL_FLAG_SYSTEM);
-+ vbox_ttm_placement(vboxbo, VBOX_MEM_TYPE_VRAM | VBOX_MEM_TYPE_SYSTEM);
-
- acc_size = ttm_bo_dma_acc_size(&vbox->ttm.bdev, size,
- sizeof(struct vbox_bo));
-@@ -452,7 +531,7 @@ static inline u64 vbox_bo_gpu_offset(struct vbox_bo *bo)
- #endif
- }
-
--int vbox_bo_pin(struct vbox_bo *bo, u32 pl_flag, u64 *gpu_addr)
-+int vbox_bo_pin(struct vbox_bo *bo, u32 mem_type, u64 *gpu_addr)
- {
- #if RTLNX_VER_MIN(4,16,0) || RTLNX_RHEL_MAJ_PREREQ(7,6) || RTLNX_SUSE_MAJ_PREREQ(15,1) || RTLNX_SUSE_MAJ_PREREQ(12,5)
- struct ttm_operation_ctx ctx = { false, false };
-@@ -467,7 +546,7 @@ int vbox_bo_pin(struct vbox_bo *bo, u32 pl_flag, u64 *gpu_addr)
- return 0;
- }
-
-- vbox_ttm_placement(bo, pl_flag);
-+ vbox_ttm_placement(bo, mem_type);
-
- for (i = 0; i < bo->placement.num_placement; i++)
- PLACEMENT_FLAGS(bo->placements[i]) |= TTM_PL_FLAG_NO_EVICT;
-@@ -540,7 +619,7 @@ int vbox_bo_push_sysram(struct vbox_bo *bo)
- if (bo->kmap.virtual)
- ttm_bo_kunmap(&bo->kmap);
-
-- vbox_ttm_placement(bo, TTM_PL_FLAG_SYSTEM);
-+ vbox_ttm_placement(bo, VBOX_MEM_TYPE_SYSTEM);
-
- for (i = 0; i < bo->placement.num_placement; i++)
- PLACEMENT_FLAGS(bo->placements[i]) |= TTM_PL_FLAG_NO_EVICT;
---
-2.19.1
-
diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0001-Runtime-memobj-r0drv-linux.c-Changes-to-support-the-.patch b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0001-Runtime-memobj-r0drv-linux.c-Changes-to-support-the-.patch
deleted file mode 100644
index db27cb883b..0000000000
--- a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0001-Runtime-memobj-r0drv-linux.c-Changes-to-support-the-.patch
+++ /dev/null
@@ -1,119 +0,0 @@
-From 2a6e3cf63f58e289802a11faad5fb495e2d04e97 Mon Sep 17 00:00:00 2001
-From: vboxsync <vboxsync@cfe28804-0f27-0410-a406-dd0f0b0b656f>
-Date: Wed, 9 Dec 2020 18:59:04 +0000
-Subject: [PATCH] Runtime/memobj-r0drv-linux.c: Changes to support the upcoming
- 5.10 kernel, bugref:9879
-
-Upstream-Status: Backport
-
-git-svn-id: http://www.virtualbox.org/svn/vbox@87074 cfe28804-0f27-0410-a406-dd0f0b0b656f
-
-Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
----
- .../Runtime/r0drv/linux/memobj-r0drv-linux.c | 68 ++++++++++++++++++-
- 1 file changed, 67 insertions(+), 1 deletion(-)
-
---- a/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c
-+++ b/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c
-@@ -56,9 +56,19 @@
- * Whether we use alloc_vm_area (3.2+) for executable memory.
- * This is a must for 5.8+, but we enable it all the way back to 3.2.x for
- * better W^R compliance (fExecutable flag). */
--#if RTLNX_VER_MIN(3,2,0) || defined(DOXYGEN_RUNNING)
-+#if RTLNX_VER_RANGE(3,2,0, 5,10,0) || defined(DOXYGEN_RUNNING)
- # define IPRT_USE_ALLOC_VM_AREA_FOR_EXEC
- #endif
-+/** @def IPRT_USE_APPLY_TO_PAGE_RANGE_FOR_EXEC
-+ * alloc_vm_area was removed with 5.10 so we have to resort to a different way
-+ * to allocate executable memory.
-+ * It would be possible to remove IPRT_USE_ALLOC_VM_AREA_FOR_EXEC and use
-+ * this path execlusively for 3.2+ but no time to test it really works on every
-+ * supported kernel, so better play safe for now.
-+ */
-+#if RTLNX_VER_MIN(5,10,0) || defined(DOXYGEN_RUNNING)
-+# define IPRT_USE_APPLY_TO_PAGE_RANGE_FOR_EXEC
-+#endif
-
- /*
- * 2.6.29+ kernels don't work with remap_pfn_range() anymore because
-@@ -502,6 +512,46 @@ static void rtR0MemObjLinuxFreePages(PRT
- }
-
-
-+#ifdef IPRT_USE_APPLY_TO_PAGE_RANGE_FOR_EXEC
-+/**
-+ * User data passed to the apply_to_page_range() callback.
-+ */
-+typedef struct LNXAPPLYPGRANGE
-+{
-+ /** Pointer to the memory object. */
-+ PRTR0MEMOBJLNX pMemLnx;
-+ /** The page protection flags to apply. */
-+ pgprot_t fPg;
-+} LNXAPPLYPGRANGE;
-+/** Pointer to the user data. */
-+typedef LNXAPPLYPGRANGE *PLNXAPPLYPGRANGE;
-+/** Pointer to the const user data. */
-+typedef const LNXAPPLYPGRANGE *PCLNXAPPLYPGRANGE;
-+
-+/**
-+ * Callback called in apply_to_page_range().
-+ *
-+ * @returns Linux status code.
-+ * @param pPte Pointer to the page table entry for the given address.
-+ * @param uAddr The address to apply the new protection to.
-+ * @param pvUser The opaque user data.
-+ */
-+#ifdef __i386__
-+static int rtR0MemObjLinuxApplyPageRange(pte_t *pPte, unsigned long uAddr, void *pvUser)
-+#else
-+static DECLCALLBACK(int) rtR0MemObjLinuxApplyPageRange(pte_t *pPte, unsigned long uAddr, void *pvUser)
-+#endif
-+{
-+ PCLNXAPPLYPGRANGE pArgs = (PCLNXAPPLYPGRANGE)pvUser;
-+ PRTR0MEMOBJLNX pMemLnx = pArgs->pMemLnx;
-+ size_t idxPg = (uAddr - (unsigned long)pMemLnx->Core.pv) >> PAGE_SHIFT;
-+
-+ set_pte(pPte, mk_pte(pMemLnx->apPages[idxPg], pArgs->fPg));
-+ return 0;
-+}
-+#endif
-+
-+
- /**
- * Maps the allocation into ring-0.
- *
-@@ -584,6 +634,11 @@ static int rtR0MemObjLinuxVMap(PRTR0MEMO
- else
- # endif
- {
-+# if defined(IPRT_USE_APPLY_TO_PAGE_RANGE_FOR_EXEC)
-+ if (fExecutable)
-+ pgprot_val(fPg) |= _PAGE_NX; /* Uses RTR0MemObjProtect to clear NX when memory ready, W^X fashion. */
-+# endif
-+
- # ifdef VM_MAP
- pMemLnx->Core.pv = vmap(&pMemLnx->apPages[0], pMemLnx->cPages, VM_MAP, fPg);
- # else
-@@ -1851,6 +1906,21 @@ DECLHIDDEN(int) rtR0MemObjNativeProtect(
- preempt_enable();
- return VINF_SUCCESS;
- }
-+# elif defined(IPRT_USE_APPLY_TO_PAGE_RANGE_FOR_EXEC)
-+ PRTR0MEMOBJLNX pMemLnx = (PRTR0MEMOBJLNX)pMem;
-+ if ( pMemLnx->fExecutable
-+ && pMemLnx->fMappedToRing0)
-+ {
-+ LNXAPPLYPGRANGE Args;
-+ Args.pMemLnx = pMemLnx;
-+ Args.fPg = rtR0MemObjLinuxConvertProt(fProt, true /*fKernel*/);
-+ int rcLnx = apply_to_page_range(current->active_mm, (unsigned long)pMemLnx->Core.pv + offSub, cbSub,
-+ rtR0MemObjLinuxApplyPageRange, (void *)&Args);
-+ if (rcLnx)
-+ return VERR_NOT_SUPPORTED;
-+
-+ return VINF_SUCCESS;
-+ }
- # endif
-
- NOREF(pMem);
diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0001-linser-vboxsf-Adjustment-for-linux-5.10-TASK_SIZE_MA.patch b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0001-linser-vboxsf-Adjustment-for-linux-5.10-TASK_SIZE_MA.patch
deleted file mode 100644
index 3cfe2e917c..0000000000
--- a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/0001-linser-vboxsf-Adjustment-for-linux-5.10-TASK_SIZE_MA.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-From a276f8bc5e4515f7ea51e2c56e0e634a723ca104 Mon Sep 17 00:00:00 2001
-From: vboxsync <vboxsync@cfe28804-0f27-0410-a406-dd0f0b0b656f>
-Date: Tue, 8 Dec 2020 13:52:53 +0000
-Subject: [PATCH] linser/vboxsf: Adjustment for linux 5.10 - TASK_SIZE_MAX
- replaces USER_DS.seg. bugref:9879
-
-Upstream-Status: Backport
-
-git-svn-id: http://www.virtualbox.org/svn/vbox@87053 cfe28804-0f27-0410-a406-dd0f0b0b656f
-
-Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
----
- src/VBox/Additions/linux/sharedfolders/regops.c | 9 ++++++++-
- 1 file changed, 8 insertions(+), 1 deletion(-)
-
-diff --git a/src/VBox/Additions/linux/sharedfolders/regops.c b/src/VBox/Additions/linux/sharedfolders/regops.c
-index e1fad3d820..401fd69930 100644
---- a/src/VBox/Additions/linux/sharedfolders/regops.c
-+++ b/src/VBox/Additions/linux/sharedfolders/regops.c
-@@ -147,7 +147,11 @@ static int vbsf_iov_iter_detect_type(struct iovec const *paIov, size_t cSegs)
- while (cSegs-- > 0) {
- if (paIov->iov_len > 0) {
- if (access_ok(VERIFY_READ, paIov->iov_base, paIov->iov_len))
-+#if RTLNX_VER_MIN(5,10,0)
-+ return (uintptr_t)paIov->iov_base >= TASK_SIZE_MAX ? ITER_KVEC : 0;
-+#else
- return (uintptr_t)paIov->iov_base >= USER_DS.seg ? ITER_KVEC : 0;
-+#endif
- AssertMsgFailed(("%p LB %#zx\n", paIov->iov_base, paIov->iov_len));
- break;
- }
-@@ -1401,7 +1405,10 @@ static int vbsf_lock_user_pages_failed_check_kernel(uintptr_t uPtrFrom, size_t c
- /*
- * Check that this is valid user memory that is actually in the kernel range.
- */
--#if RTLNX_VER_MIN(5,0,0) || RTLNX_RHEL_MIN(8,1)
-+#if RTLNX_VER_MIN(5,10,0)
-+ if ( access_ok((void *)uPtrFrom, cPages << PAGE_SHIFT)
-+ && uPtrFrom >= TASK_SIZE_MAX)
-+#elif RTLNX_VER_MIN(5,0,0) || RTLNX_RHEL_MIN(8,1)
- if ( access_ok((void *)uPtrFrom, cPages << PAGE_SHIFT)
- && uPtrFrom >= USER_DS.seg)
- #else
---
-2.19.1
-
diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.16.bb b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.18.bb
similarity index 88%
rename from meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.16.bb
rename to meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.18.bb
index ff639c09f0..ea6a082f60 100644
--- a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.16.bb
+++ b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.18.bb
@@ -13,12 +13,9 @@ VBOX_NAME = "VirtualBox-${PV}"
SRC_URI = "http://download.virtualbox.org/virtualbox/${PV}/${VBOX_NAME}.tar.bz2 \
file://Makefile.utils \
- file://0001-Additions-linux-drm-Adjustment-for-Linux-5.10.patch \
- file://0001-Runtime-memobj-r0drv-linux.c-Changes-to-support-the-.patch \
- file://0001-linser-vboxsf-Adjustment-for-linux-5.10-TASK_SIZE_MA.patch \
"
-SRC_URI[md5sum] = "a12a647f6c114f2cb1571089b36841fe"
-SRC_URI[sha256sum] = "49c1990da16d8a3d5bda8cdb961ec8195a901e67e4c79aea44c1521a5fc2f9f1"
+SRC_URI[md5sum] = "c61001386eb3822ab8f06d688a82e84b"
+SRC_URI[sha256sum] = "108d42b9b391b7a332a33df1662cf7b0e9d9a80f3079d16288d8b9487f427d40"
S ?= "${WORKDIR}/vbox_module"
S_task-patch = "${WORKDIR}/${VBOX_NAME}"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [dunfell 08/15] vboxguestdrivers: Add patch proposed upstream to fix a build failure on i386
2021-07-25 4:52 [dunfell 00/15] Patch review July 24th Armin Kuster
` (6 preceding siblings ...)
2021-07-25 4:52 ` [dunfell 07/15] vboxguestdrivers: upgrade 6.1.16 -> 6.1.18 Armin Kuster
@ 2021-07-25 4:52 ` Armin Kuster
2021-07-25 4:52 ` [dunfell 09/15] vboxguestdrivers: Add __divmoddi4 builtin support Armin Kuster
` (6 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Armin Kuster @ 2021-07-25 4:52 UTC (permalink / raw)
To: openembedded-devel
From: Gianfranco <costamagna.gianfranco@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 09eb0ad187fb14ac1bb83a5a8d1ac4e9e9fdb305)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../vboxguestdrivers/kernel-5.10.patch | 23 +++++++++++++++++++
.../vboxguestdrivers_6.1.18.bb | 1 +
2 files changed, 24 insertions(+)
create mode 100644 meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/kernel-5.10.patch
diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/kernel-5.10.patch b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/kernel-5.10.patch
new file mode 100644
index 0000000000..a6b0a04545
--- /dev/null
+++ b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/kernel-5.10.patch
@@ -0,0 +1,23 @@
+Origin: https://www.mail-archive.com/pld-cvs-commit@lists.pld-linux.org/msg461494.html
+From 80bfab5ec8575703ef26b442a3af2d030793ebde Mon Sep 17 00:00:00 2001
+From: =?utf8?q?Jan=20R=C4=99korajski?= <baggins@pld-linux.org>
+Date: Thu, 24 Dec 2020 23:03:55 +0100
+Subject: [PATCH] - DECLCALLBACK generates incorrect code on ix86, remove it
+
+---
+ kernel-5.10.patch | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/kernel-5.10.patch b/kernel-5.10.patch
+index b28d6e0..729235d 100644
+--- a/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c
++++ b/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c
+@@ -536,7 +536,7 @@ typedef const LNXAPPLYPGRANGE *PCLNXAPPLYPGRANGE;
+ * @param uAddr The address to apply the new protection to.
+ * @param pvUser The opaque user data.
+ */
+-static DECLCALLBACK(int) rtR0MemObjLinuxApplyPageRange(pte_t *pPte, unsigned long uAddr, void *pvUser)
++static int rtR0MemObjLinuxApplyPageRange(pte_t *pPte, unsigned long uAddr, void *pvUser)
+ {
+ PCLNXAPPLYPGRANGE pArgs = (PCLNXAPPLYPGRANGE)pvUser;
+ PRTR0MEMOBJLNX pMemLnx = pArgs->pMemLnx;
diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.18.bb b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.18.bb
index ea6a082f60..d620e9893f 100644
--- a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.18.bb
+++ b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.18.bb
@@ -13,6 +13,7 @@ VBOX_NAME = "VirtualBox-${PV}"
SRC_URI = "http://download.virtualbox.org/virtualbox/${PV}/${VBOX_NAME}.tar.bz2 \
file://Makefile.utils \
+ file://kernel-5.10.patch \
"
SRC_URI[md5sum] = "c61001386eb3822ab8f06d688a82e84b"
SRC_URI[sha256sum] = "108d42b9b391b7a332a33df1662cf7b0e9d9a80f3079d16288d8b9487f427d40"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [dunfell 09/15] vboxguestdrivers: Add __divmoddi4 builtin support
2021-07-25 4:52 [dunfell 00/15] Patch review July 24th Armin Kuster
` (7 preceding siblings ...)
2021-07-25 4:52 ` [dunfell 08/15] vboxguestdrivers: Add patch proposed upstream to fix a build failure on i386 Armin Kuster
@ 2021-07-25 4:52 ` Armin Kuster
2021-07-25 4:52 ` [dunfell 10/15] vboxguestdrivers: upgrade 6.1.18 -> 6.1.20 Armin Kuster
` (5 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Armin Kuster @ 2021-07-25 4:52 UTC (permalink / raw)
To: openembedded-devel
From: Khem Raj <raj.khem@gmail.com>
gcc 11 needs it on i686
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 57f7692e8ef707535ffa1683aa711de442736ec1)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../vboxguestdrivers/add__divmoddi4.patch | 36 +++++++++++++++++++
.../vboxguestdrivers_6.1.18.bb | 1 +
2 files changed, 37 insertions(+)
create mode 100644 meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/add__divmoddi4.patch
diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/add__divmoddi4.patch b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/add__divmoddi4.patch
new file mode 100644
index 0000000000..8dd30a20ef
--- /dev/null
+++ b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/add__divmoddi4.patch
@@ -0,0 +1,36 @@
+add __divmoddi4 builtin
+
+GCC 11 will generate it in code
+
+void foo(unsigned char *u8Second, unsigned int *u32Nanosecond, long long timeSpec)
+{
+ long long i64Div;
+ int i32Div;
+ int i32Rem;
+ i64Div = timeSpec;
+ i32Rem = (int)(i64Div % 1000000000);
+ i64Div /= 1000000000;
+ *u32Nanosecond = i32Rem;
+ i32Rem = (int)(i64Div % 60);
+ *u8Second = i32Rem;
+}
+
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+--- a/src/VBox/Runtime/common/math/gcc/divdi3.c
++++ b/src/VBox/Runtime/common/math/gcc/divdi3.c
+@@ -68,3 +68,12 @@ __divdi3(a, b)
+ uq = - uq;
+ return uq;
+ }
++
++quad_t
++__divmoddi4(quad_t a, quad_t b, quad_t* rem)
++{
++ quad_t d = __divdi3(a,b);
++ *rem = a - (d*b);
++ return d;
++}
++
diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.18.bb b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.18.bb
index d620e9893f..1def1a3115 100644
--- a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.18.bb
+++ b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.18.bb
@@ -14,6 +14,7 @@ VBOX_NAME = "VirtualBox-${PV}"
SRC_URI = "http://download.virtualbox.org/virtualbox/${PV}/${VBOX_NAME}.tar.bz2 \
file://Makefile.utils \
file://kernel-5.10.patch \
+ file://add__divmoddi4.patch \
"
SRC_URI[md5sum] = "c61001386eb3822ab8f06d688a82e84b"
SRC_URI[sha256sum] = "108d42b9b391b7a332a33df1662cf7b0e9d9a80f3079d16288d8b9487f427d40"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [dunfell 10/15] vboxguestdrivers: upgrade 6.1.18 -> 6.1.20
2021-07-25 4:52 [dunfell 00/15] Patch review July 24th Armin Kuster
` (8 preceding siblings ...)
2021-07-25 4:52 ` [dunfell 09/15] vboxguestdrivers: Add __divmoddi4 builtin support Armin Kuster
@ 2021-07-25 4:52 ` Armin Kuster
2021-07-25 4:52 ` [dunfell 11/15] vboxguestdrivers: upgrade 6.1.20 -> 6.1.22 Armin Kuster
` (4 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Armin Kuster @ 2021-07-25 4:52 UTC (permalink / raw)
To: openembedded-devel
From: Gianfranco <costamagna.gianfranco@gmail.com>
Drop all patches, now part of upstream codebase
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 37537bda8c4775ce1c390d1a9a5b2f5fab89bfc7)
[Stable branch]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 703daeb65f49c60636e835ad53fc354ca641ab3f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../vboxguestdrivers/kernel-5.10.patch | 23 -------------------
...s_6.1.18.bb => vboxguestdrivers_6.1.20.bb} | 5 ++--
2 files changed, 2 insertions(+), 26 deletions(-)
delete mode 100644 meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/kernel-5.10.patch
rename meta-oe/recipes-support/vboxguestdrivers/{vboxguestdrivers_6.1.18.bb => vboxguestdrivers_6.1.20.bb} (94%)
diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/kernel-5.10.patch b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/kernel-5.10.patch
deleted file mode 100644
index a6b0a04545..0000000000
--- a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/kernel-5.10.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-Origin: https://www.mail-archive.com/pld-cvs-commit@lists.pld-linux.org/msg461494.html
-From 80bfab5ec8575703ef26b442a3af2d030793ebde Mon Sep 17 00:00:00 2001
-From: =?utf8?q?Jan=20R=C4=99korajski?= <baggins@pld-linux.org>
-Date: Thu, 24 Dec 2020 23:03:55 +0100
-Subject: [PATCH] - DECLCALLBACK generates incorrect code on ix86, remove it
-
----
- kernel-5.10.patch | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/kernel-5.10.patch b/kernel-5.10.patch
-index b28d6e0..729235d 100644
---- a/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c
-+++ b/src/VBox/Runtime/r0drv/linux/memobj-r0drv-linux.c
-@@ -536,7 +536,7 @@ typedef const LNXAPPLYPGRANGE *PCLNXAPPLYPGRANGE;
- * @param uAddr The address to apply the new protection to.
- * @param pvUser The opaque user data.
- */
--static DECLCALLBACK(int) rtR0MemObjLinuxApplyPageRange(pte_t *pPte, unsigned long uAddr, void *pvUser)
-+static int rtR0MemObjLinuxApplyPageRange(pte_t *pPte, unsigned long uAddr, void *pvUser)
- {
- PCLNXAPPLYPGRANGE pArgs = (PCLNXAPPLYPGRANGE)pvUser;
- PRTR0MEMOBJLNX pMemLnx = pArgs->pMemLnx;
diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.18.bb b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.20.bb
similarity index 94%
rename from meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.18.bb
rename to meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.20.bb
index 1def1a3115..9df2e3960e 100644
--- a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.18.bb
+++ b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.20.bb
@@ -13,11 +13,10 @@ VBOX_NAME = "VirtualBox-${PV}"
SRC_URI = "http://download.virtualbox.org/virtualbox/${PV}/${VBOX_NAME}.tar.bz2 \
file://Makefile.utils \
- file://kernel-5.10.patch \
file://add__divmoddi4.patch \
"
-SRC_URI[md5sum] = "c61001386eb3822ab8f06d688a82e84b"
-SRC_URI[sha256sum] = "108d42b9b391b7a332a33df1662cf7b0e9d9a80f3079d16288d8b9487f427d40"
+SRC_URI[md5sum] = "f2fe05e72c37d40afb36b9fb3aa38b78"
+SRC_URI[sha256sum] = "e690c91974a2e7a5aca2c0939ad514382f9a2136797a5e0b96aab778e42bc8a7"
S ?= "${WORKDIR}/vbox_module"
S_task-patch = "${WORKDIR}/${VBOX_NAME}"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [dunfell 11/15] vboxguestdrivers: upgrade 6.1.20 -> 6.1.22
2021-07-25 4:52 [dunfell 00/15] Patch review July 24th Armin Kuster
` (9 preceding siblings ...)
2021-07-25 4:52 ` [dunfell 10/15] vboxguestdrivers: upgrade 6.1.18 -> 6.1.20 Armin Kuster
@ 2021-07-25 4:52 ` Armin Kuster
2021-07-25 4:52 ` [dunfell 12/15] vboxguestdrivers: add a fix for build failure with kernel 5.13 Armin Kuster
` (3 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Armin Kuster @ 2021-07-25 4:52 UTC (permalink / raw)
To: openembedded-devel
From: Gianfranco <costamagna.gianfranco@gmail.com>
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 319490178b999a74a82d092320de5d9d2e5c67bd)
[Stable branch]
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 97a5a4b40c143f71c8bff403c51a061a0d5e8b6f)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
...{vboxguestdrivers_6.1.20.bb => vboxguestdrivers_6.1.22.bb} | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
rename meta-oe/recipes-support/vboxguestdrivers/{vboxguestdrivers_6.1.20.bb => vboxguestdrivers_6.1.22.bb} (95%)
diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.20.bb b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.22.bb
similarity index 95%
rename from meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.20.bb
rename to meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.22.bb
index 9df2e3960e..a074d0a558 100644
--- a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.20.bb
+++ b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.22.bb
@@ -15,8 +15,8 @@ SRC_URI = "http://download.virtualbox.org/virtualbox/${PV}/${VBOX_NAME}.tar.bz2
file://Makefile.utils \
file://add__divmoddi4.patch \
"
-SRC_URI[md5sum] = "f2fe05e72c37d40afb36b9fb3aa38b78"
-SRC_URI[sha256sum] = "e690c91974a2e7a5aca2c0939ad514382f9a2136797a5e0b96aab778e42bc8a7"
+SRC_URI[md5sum] = "abb1a20021e5915fe38c666e8c11cf80"
+SRC_URI[sha256sum] = "99816d2a15205d49362a31e8ffeb8262d2fa0678c751dfd0a7c43b2faca8be49"
S ?= "${WORKDIR}/vbox_module"
S_task-patch = "${WORKDIR}/${VBOX_NAME}"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [dunfell 12/15] vboxguestdrivers: add a fix for build failure with kernel 5.13
2021-07-25 4:52 [dunfell 00/15] Patch review July 24th Armin Kuster
` (10 preceding siblings ...)
2021-07-25 4:52 ` [dunfell 11/15] vboxguestdrivers: upgrade 6.1.20 -> 6.1.22 Armin Kuster
@ 2021-07-25 4:52 ` Armin Kuster
2021-07-25 4:52 ` [dunfell 13/15] mariadb: update to 10.4.20 Armin Kuster
` (2 subsequent siblings)
14 siblings, 0 replies; 16+ messages in thread
From: Armin Kuster @ 2021-07-25 4:52 UTC (permalink / raw)
To: openembedded-devel
From: Gianfranco <costamagna.gianfranco@gmail.com>
Its already upstream and also used in Debian and Ubuntu
Signed-off-by: Gianfranco Costamagna <costamagnagianfranco@yahoo.it>
Signed-off-by: Gianfranco Costamagna <locutusofborg@debian.org>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit d0f2d7c954b9f3befd9470d97de581fe5b1fb2a8)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
(cherry picked from commit 2e15d7eb66624c1755e8670f8c5448e3a9be0a21)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../40-linux-5.13-support.patch | 276 ++++++++++++++++++
.../vboxguestdrivers_6.1.22.bb | 1 +
2 files changed, 277 insertions(+)
create mode 100644 meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/40-linux-5.13-support.patch
diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/40-linux-5.13-support.patch b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/40-linux-5.13-support.patch
new file mode 100644
index 0000000000..e95e240492
--- /dev/null
+++ b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers/40-linux-5.13-support.patch
@@ -0,0 +1,276 @@
+Subject: Fix build errors with linux 5.13
+Origin: upstream, https://www.virtualbox.org/browser/vbox/trunk
+Bug: https://bugs.launchpad.net/bugs/1929193
+
+diff -urpN virtualbox-6.1.22-dfsg.orig/src/VBox/Additions/linux/drm/vbox_drv.h virtualbox-6.1.22-dfsg/src/VBox/Additions/linux/drm/vbox_drv.h
+--- virtualbox-6.1.22-dfsg.orig/src/VBox/Additions/linux/drm/vbox_drv.h 2021-04-28 16:24:47.000000000 +0000
++++ virtualbox-6.1.22-dfsg/src/VBox/Additions/linux/drm/vbox_drv.h 2021-06-23 10:08:44.431714404 +0000
+@@ -46,20 +41,20 @@
+ * Evaluates to true if the linux kernel version is equal or higher to the
+ * one specfied. */
+ #define RTLNX_VER_MIN(a_Major, a_Minor, a_Patch) \
+- (LINUX_VERSION_CODE >= KERNEL_VERSION(a_Major, a_Minor, a_Patch))
++ (LINUX_VERSION_CODE >= KERNEL_VERSION(a_Major, a_Minor, a_Patch))
+
+ /** @def RTLNX_VER_MAX
+ * Evaluates to true if the linux kernel version is less to the one specfied
+ * (exclusive). */
+ #define RTLNX_VER_MAX(a_Major, a_Minor, a_Patch) \
+- (LINUX_VERSION_CODE < KERNEL_VERSION(a_Major, a_Minor, a_Patch))
++ (LINUX_VERSION_CODE < KERNEL_VERSION(a_Major, a_Minor, a_Patch))
+
+ /** @def RTLNX_VER_RANGE
+ * Evaluates to true if the linux kernel version is equal or higher to the given
+ * minimum version and less (but not equal) to the maximum version (exclusive). */
+ #define RTLNX_VER_RANGE(a_MajorMin, a_MinorMin, a_PatchMin, a_MajorMax, a_MinorMax, a_PatchMax) \
+- ( LINUX_VERSION_CODE >= KERNEL_VERSION(a_MajorMin, a_MinorMin, a_PatchMin) \
+- && LINUX_VERSION_CODE < KERNEL_VERSION(a_MajorMax, a_MinorMax, a_PatchMax) )
++ ( LINUX_VERSION_CODE >= KERNEL_VERSION(a_MajorMin, a_MinorMin, a_PatchMin) \
++ && LINUX_VERSION_CODE < KERNEL_VERSION(a_MajorMax, a_MinorMax, a_PatchMax) )
+
+
+ /** @def RTLNX_RHEL_MIN
+@@ -70,7 +65,7 @@
+ */
+ #if defined(RHEL_MAJOR) && defined(RHEL_MINOR)
+ # define RTLNX_RHEL_MIN(a_iMajor, a_iMinor) \
+- ((RHEL_MAJOR) > (a_iMajor) || ((RHEL_MAJOR) == (a_iMajor) && (RHEL_MINOR) >= (a_iMinor)))
++ ((RHEL_MAJOR) > (a_iMajor) || ((RHEL_MAJOR) == (a_iMajor) && (RHEL_MINOR) >= (a_iMinor)))
+ #else
+ # define RTLNX_RHEL_MIN(a_iMajor, a_iMinor) (0)
+ #endif
+@@ -83,7 +78,7 @@
+ */
+ #if defined(RHEL_MAJOR) && defined(RHEL_MINOR)
+ # define RTLNX_RHEL_MAX(a_iMajor, a_iMinor) \
+- ((RHEL_MAJOR) < (a_iMajor) || ((RHEL_MAJOR) == (a_iMajor) && (RHEL_MINOR) < (a_iMinor)))
++ ((RHEL_MAJOR) < (a_iMajor) || ((RHEL_MAJOR) == (a_iMajor) && (RHEL_MINOR) < (a_iMinor)))
+ #else
+ # define RTLNX_RHEL_MAX(a_iMajor, a_iMinor) (0)
+ #endif
+@@ -95,7 +90,7 @@
+ */
+ #if defined(RHEL_MAJOR) && defined(RHEL_MINOR)
+ # define RTLNX_RHEL_RANGE(a_iMajorMin, a_iMinorMin, a_iMajorMax, a_iMinorMax) \
+- (RTLNX_RHEL_MIN(a_iMajorMin, a_iMinorMin) && RTLNX_RHEL_MAX(a_iMajorMax, a_iMinorMax))
++ (RTLNX_RHEL_MIN(a_iMajorMin, a_iMinorMin) && RTLNX_RHEL_MAX(a_iMajorMax, a_iMinorMax))
+ #else
+ # define RTLNX_RHEL_RANGE(a_iMajorMin, a_iMinorMin, a_iMajorMax, a_iMinorMax) (0)
+ #endif
+@@ -173,7 +168,9 @@
+ #include <drm/ttm/ttm_bo_api.h>
+ #include <drm/ttm/ttm_bo_driver.h>
+ #include <drm/ttm/ttm_placement.h>
++#if RTLNX_VER_MAX(5,13,0)
+ #include <drm/ttm/ttm_memory.h>
++#endif
+ #if RTLNX_VER_MAX(5,12,0)
+ # include <drm/ttm/ttm_module.h>
+ #endif
+@@ -222,7 +219,7 @@ static inline void drm_gem_object_put(st
+ VBVA_ADAPTER_INFORMATION_SIZE)
+ #define GUEST_HEAP_SIZE VBVA_ADAPTER_INFORMATION_SIZE
+ #define GUEST_HEAP_USABLE_SIZE (VBVA_ADAPTER_INFORMATION_SIZE - \
+- sizeof(HGSMIHOSTFLAGS))
++ sizeof(struct hgsmi_host_flags))
+ #define HOST_FLAGS_OFFSET GUEST_HEAP_USABLE_SIZE
+
+ /** How frequently we refresh if the guest is not providing dirty rectangles. */
+@@ -232,7 +229,7 @@ static inline void drm_gem_object_put(st
+ static inline void *devm_kcalloc(struct device *dev, size_t n, size_t size,
+ gfp_t flags)
+ {
+- return devm_kzalloc(dev, n * size, flags);
++ return devm_kzalloc(dev, n * size, flags);
+ }
+ #endif
+
+@@ -244,7 +241,7 @@ struct vbox_private {
+ u8 __iomem *guest_heap;
+ u8 __iomem *vbva_buffers;
+ struct gen_pool *guest_pool;
+- struct VBVABUFFERCONTEXT *vbva_info;
++ struct vbva_buf_context *vbva_info;
+ bool any_pitch;
+ u32 num_crtcs;
+ /** Amount of available VRAM, including space used for buffers. */
+@@ -252,7 +249,7 @@ struct vbox_private {
+ /** Amount of available VRAM, not including space used for buffers. */
+ u32 available_vram_size;
+ /** Array of structures for receiving mode hints. */
+- VBVAMODEHINT *last_mode_hints;
++ struct vbva_modehint *last_mode_hints;
+
+ struct vbox_fbdev *fbdev;
+
+@@ -263,7 +260,11 @@ struct vbox_private {
+ struct drm_global_reference mem_global_ref;
+ struct ttm_bo_global_ref bo_global_ref;
+ #endif
++#if RTLNX_VER_MIN(5,13,0)
++ struct ttm_device bdev;
++#else
+ struct ttm_bo_device bdev;
++#endif
+ bool mm_initialised;
+ } ttm;
+
+diff -urpN virtualbox-6.1.22-dfsg.orig/src/VBox/Additions/linux/drm/vbox_ttm.c virtualbox-6.1.22-dfsg/src/VBox/Additions/linux/drm/vbox_ttm.c
+--- virtualbox-6.1.22-dfsg.orig/src/VBox/Additions/linux/drm/vbox_ttm.c 2021-04-28 16:24:47.000000000 +0000
++++ virtualbox-6.1.22-dfsg/src/VBox/Additions/linux/drm/vbox_ttm.c 2021-06-23 10:08:07.164057918 +0000
+@@ -48,7 +43,11 @@
+ #endif
+
+
++#if RTLNX_VER_MIN(5,13,0)
++static inline struct vbox_private *vbox_bdev(struct ttm_device *bd)
++#else
+ static inline struct vbox_private *vbox_bdev(struct ttm_bo_device *bd)
++#endif
+ {
+ return container_of(bd, struct vbox_private, ttm.bdev);
+ }
+@@ -188,7 +187,7 @@ static int vbox_ttm_io_mem_reserve(struc
+ mem->bus.size = mem->num_pages << PAGE_SHIFT;
+ mem->bus.base = 0;
+ mem->bus.is_iomem = false;
+- if (!(man->flags & TTM_MEMTYPE_FLAG_MAPPABLE))
++ if (!(man->flags & TTM_MEMTYPE_FLAG_MAPPABLE))
+ return -EINVAL;
+ switch (mem->mem_type) {
+ case TTM_PL_SYSTEM:
+@@ -205,8 +204,13 @@ static int vbox_ttm_io_mem_reserve(struc
+ return 0;
+ }
+ #else
++# if RTLNX_VER_MAX(5,13,0)
+ static int vbox_ttm_io_mem_reserve(struct ttm_bo_device *bdev,
+ struct ttm_resource *mem)
++# else /* > 5.13.0 */
++static int vbox_ttm_io_mem_reserve(struct ttm_device *bdev,
++ struct ttm_resource *mem)
++# endif /* > 5.13.0 */
+ {
+ struct vbox_private *vbox = vbox_bdev(bdev);
+ mem->bus.addr = NULL;
+@@ -241,7 +245,12 @@ static int vbox_ttm_io_mem_reserve(struc
+
+
+
+-#if RTLNX_VER_MIN(5,10,0)
++#if RTLNX_VER_MIN(5,13,0)
++static void vbox_ttm_io_mem_free(struct ttm_device *bdev,
++ struct ttm_resource *mem)
++{
++}
++#elif RTLNX_VER_MIN(5,10,0)
+ static void vbox_ttm_io_mem_free(struct ttm_bo_device *bdev,
+ struct ttm_resource *mem)
+ {
+@@ -253,7 +262,13 @@ static void vbox_ttm_io_mem_free(struct
+ }
+ #endif
+
+-#if RTLNX_VER_MIN(5,10,0)
++#if RTLNX_VER_MIN(5,13,0)
++static void vbox_ttm_tt_destroy(struct ttm_device *bdev, struct ttm_tt *tt)
++{
++ ttm_tt_fini(tt);
++ kfree(tt);
++}
++#elif RTLNX_VER_MIN(5,10,0)
+ static void vbox_ttm_tt_destroy(struct ttm_bo_device *bdev, struct ttm_tt *tt)
+ {
+ ttm_tt_fini(tt);
+@@ -333,7 +348,11 @@ static int vbox_bo_move(struct ttm_buffe
+ }
+ #endif
+
++#if RTLNX_VER_MIN(5,13,0)
++static struct ttm_device_funcs vbox_bo_driver = {
++#else /* < 5.13.0 */
+ static struct ttm_bo_driver vbox_bo_driver = {
++#endif /* < 5.13.0 */
+ .ttm_tt_create = vbox_ttm_tt_create,
+ #if RTLNX_VER_MIN(5,10,0)
+ .ttm_tt_destroy = vbox_ttm_tt_destroy,
+@@ -370,14 +389,22 @@ int vbox_mm_init(struct vbox_private *vb
+ {
+ int ret;
+ struct drm_device *dev = vbox->dev;
++#if RTLNX_VER_MIN(5,13,0)
++ struct ttm_device *bdev = &vbox->ttm.bdev;
++#else
+ struct ttm_bo_device *bdev = &vbox->ttm.bdev;
++#endif
+
+ #if RTLNX_VER_MAX(5,0,0) && !RTLNX_RHEL_MAJ_PREREQ(7,7) && !RTLNX_RHEL_MAJ_PREREQ(8,1)
+ ret = vbox_ttm_global_init(vbox);
+ if (ret)
+ return ret;
+ #endif
++#if RTLNX_VER_MIN(5,13,0)
++ ret = ttm_device_init(&vbox->ttm.bdev,
++#else
+ ret = ttm_bo_device_init(&vbox->ttm.bdev,
++#endif
+ #if RTLNX_VER_MAX(5,0,0) && !RTLNX_RHEL_MAJ_PREREQ(7,7) && !RTLNX_RHEL_MAJ_PREREQ(8,1)
+ vbox->ttm.bo_global_ref.ref.object,
+ #endif
+@@ -429,7 +456,11 @@ int vbox_mm_init(struct vbox_private *vb
+ return 0;
+
+ err_device_release:
++#if RTLNX_VER_MIN(5,13,0)
++ ttm_device_fini(&vbox->ttm.bdev);
++#else
+ ttm_bo_device_release(&vbox->ttm.bdev);
++#endif
+ #if RTLNX_VER_MAX(5,0,0) && !RTLNX_RHEL_MAJ_PREREQ(7,7) && !RTLNX_RHEL_MAJ_PREREQ(8,1)
+ err_ttm_global_release:
+ vbox_ttm_global_release(vbox);
+@@ -446,7 +477,11 @@ void vbox_mm_fini(struct vbox_private *v
+ #else
+ arch_phys_wc_del(vbox->fb_mtrr);
+ #endif
++#if RTLNX_VER_MIN(5,13,0)
++ ttm_device_fini(&vbox->ttm.bdev);
++#else
+ ttm_bo_device_release(&vbox->ttm.bdev);
++#endif
+ #if RTLNX_VER_MAX(5,0,0) && !RTLNX_RHEL_MAJ_PREREQ(7,7) && !RTLNX_RHEL_MAJ_PREREQ(8,1)
+ vbox_ttm_global_release(vbox);
+ #endif
+@@ -528,7 +563,9 @@ int vbox_bo_create(struct drm_device *de
+ {
+ struct vbox_private *vbox = dev->dev_private;
+ struct vbox_bo *vboxbo;
++#if RTLNX_VER_MAX(5,13,0)
+ size_t acc_size;
++#endif
+ int ret;
+
+ vboxbo = kzalloc(sizeof(*vboxbo), GFP_KERNEL);
+@@ -551,16 +588,20 @@ int vbox_bo_create(struct drm_device *de
+
+ vbox_ttm_placement(vboxbo, VBOX_MEM_TYPE_VRAM | VBOX_MEM_TYPE_SYSTEM);
+
++#if RTLNX_VER_MAX(5,13,0)
+ acc_size = ttm_bo_dma_acc_size(&vbox->ttm.bdev, size,
+ sizeof(struct vbox_bo));
++#endif
+
+ ret = ttm_bo_init(&vbox->ttm.bdev, &vboxbo->bo, size,
+ ttm_bo_type_device, &vboxbo->placement,
+ #if RTLNX_VER_MAX(4,17,0) && !RTLNX_RHEL_MAJ_PREREQ(7,6) && !RTLNX_SUSE_MAJ_PREREQ(15,1) && !RTLNX_SUSE_MAJ_PREREQ(12,5)
+ align >> PAGE_SHIFT, false, NULL, acc_size,
+-#else
++#elif RTLNX_VER_MAX(5,13,0) /* < 5.13.0 */
+ align >> PAGE_SHIFT, false, acc_size,
+-#endif
++#else /* > 5.13.0 */
++ align >> PAGE_SHIFT, false,
++#endif /* > 5.13.0 */
+ #if RTLNX_VER_MIN(3,18,0) || RTLNX_RHEL_MAJ_PREREQ(7,2)
+ NULL, NULL, vbox_bo_ttm_destroy);
+ #else
diff --git a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.22.bb b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.22.bb
index a074d0a558..19b8f8f46e 100644
--- a/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.22.bb
+++ b/meta-oe/recipes-support/vboxguestdrivers/vboxguestdrivers_6.1.22.bb
@@ -13,6 +13,7 @@ VBOX_NAME = "VirtualBox-${PV}"
SRC_URI = "http://download.virtualbox.org/virtualbox/${PV}/${VBOX_NAME}.tar.bz2 \
file://Makefile.utils \
+ file://40-linux-5.13-support.patch \
file://add__divmoddi4.patch \
"
SRC_URI[md5sum] = "abb1a20021e5915fe38c666e8c11cf80"
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [dunfell 13/15] mariadb: update to 10.4.20
2021-07-25 4:52 [dunfell 00/15] Patch review July 24th Armin Kuster
` (11 preceding siblings ...)
2021-07-25 4:52 ` [dunfell 12/15] vboxguestdrivers: add a fix for build failure with kernel 5.13 Armin Kuster
@ 2021-07-25 4:52 ` Armin Kuster
2021-07-25 4:52 ` [dunfell 14/15] hiawatha: fix url Armin Kuster
2021-07-25 4:52 ` [dunfell 15/15] ufw: backport patches, update RRECOMMENDS, python3 support, tests Armin Kuster
14 siblings, 0 replies; 16+ messages in thread
From: Armin Kuster @ 2021-07-25 4:52 UTC (permalink / raw)
To: openembedded-devel
From: Armin Kuster <akuster@mvista.com>
Source: mariadb.org
MR: 109670, 110757, 110768
Type: Security Fix
Disposition: Backport from mariadb
ChangeID: 82a82ba3623ff39ca17443d0117d36bcee73e612
Description:
LTS version
https://mariadb.com/kb/en/mariadb-10420-release-notes/
CVE-2021-2166: MariaDB 10.4.19
CVE-2021-2154: MariaDB 10.4.19
CVE-2021-27928: MariaDB 10.4.18
Signed-off-by: Armin kuster <akuster@mvista.com>
---
.../{mariadb-native_10.4.17.bb => mariadb-native_10.4.20.bb} | 0
meta-oe/recipes-dbs/mysql/mariadb.inc | 4 ++--
.../mysql/{mariadb_10.4.17.bb => mariadb_10.4.20.bb} | 0
3 files changed, 2 insertions(+), 2 deletions(-)
rename meta-oe/recipes-dbs/mysql/{mariadb-native_10.4.17.bb => mariadb-native_10.4.20.bb} (100%)
rename meta-oe/recipes-dbs/mysql/{mariadb_10.4.17.bb => mariadb_10.4.20.bb} (100%)
diff --git a/meta-oe/recipes-dbs/mysql/mariadb-native_10.4.17.bb b/meta-oe/recipes-dbs/mysql/mariadb-native_10.4.20.bb
similarity index 100%
rename from meta-oe/recipes-dbs/mysql/mariadb-native_10.4.17.bb
rename to meta-oe/recipes-dbs/mysql/mariadb-native_10.4.20.bb
diff --git a/meta-oe/recipes-dbs/mysql/mariadb.inc b/meta-oe/recipes-dbs/mysql/mariadb.inc
index 9f7203c40d..0fb0c95ec3 100644
--- a/meta-oe/recipes-dbs/mysql/mariadb.inc
+++ b/meta-oe/recipes-dbs/mysql/mariadb.inc
@@ -19,8 +19,8 @@ SRC_URI = "https://downloads.mariadb.org/interstitial/${BP}/source/${BP}.tar.gz
file://clang_version_header_conflict.patch \
file://fix-arm-atomic.patch \
"
-SRC_URI[md5sum] = "e8193b9cd008b6d7f177f5a5c44c7a9f"
-SRC_URI[sha256sum] = "a7b104e264311cd46524ae546ff0c5107978373e4a01cf7fd8a241454548d16e"
+SRC_URI[md5sum] = "c3bc7a3eca3b0bbae5748f7b22a55c0c"
+SRC_URI[sha256sum] = "87d5e29ee1f18de153266ec658138607703ed2a05b3ffb1f89091d33f4abf545"
UPSTREAM_CHECK_URI = "https://github.com/MariaDB/server/releases"
diff --git a/meta-oe/recipes-dbs/mysql/mariadb_10.4.17.bb b/meta-oe/recipes-dbs/mysql/mariadb_10.4.20.bb
similarity index 100%
rename from meta-oe/recipes-dbs/mysql/mariadb_10.4.17.bb
rename to meta-oe/recipes-dbs/mysql/mariadb_10.4.20.bb
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [dunfell 14/15] hiawatha: fix url.
2021-07-25 4:52 [dunfell 00/15] Patch review July 24th Armin Kuster
` (12 preceding siblings ...)
2021-07-25 4:52 ` [dunfell 13/15] mariadb: update to 10.4.20 Armin Kuster
@ 2021-07-25 4:52 ` Armin Kuster
2021-07-25 4:52 ` [dunfell 15/15] ufw: backport patches, update RRECOMMENDS, python3 support, tests Armin Kuster
14 siblings, 0 replies; 16+ messages in thread
From: Armin Kuster @ 2021-07-25 4:52 UTC (permalink / raw)
To: openembedded-devel
files moved under a new dir structure.
ERROR: hiawatha-10.10-r0 do_fetch: Fetcher failure for URL: 'http://hiawatha-webserver.org/files/hiawatha-10.10.tar.gz'. Unable to fetch URL from any source.
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
meta-webserver/recipes-httpd/hiawatha/hiawatha_10.10.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta-webserver/recipes-httpd/hiawatha/hiawatha_10.10.bb b/meta-webserver/recipes-httpd/hiawatha/hiawatha_10.10.bb
index ed3df19390..2503f53166 100644
--- a/meta-webserver/recipes-httpd/hiawatha/hiawatha_10.10.bb
+++ b/meta-webserver/recipes-httpd/hiawatha/hiawatha_10.10.bb
@@ -6,7 +6,7 @@ DEPENDS = "libxml2 libxslt virtual/crypt"
SECTION = "net"
-SRC_URI = "http://hiawatha-webserver.org/files/${BP}.tar.gz \
+SRC_URI = "http://hiawatha-webserver.org/files/hiawatha-10/${BP}.tar.gz \
file://hiawatha-init \
file://hiawatha.service "
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
* [dunfell 15/15] ufw: backport patches, update RRECOMMENDS, python3 support, tests
2021-07-25 4:52 [dunfell 00/15] Patch review July 24th Armin Kuster
` (13 preceding siblings ...)
2021-07-25 4:52 ` [dunfell 14/15] hiawatha: fix url Armin Kuster
@ 2021-07-25 4:52 ` Armin Kuster
14 siblings, 0 replies; 16+ messages in thread
From: Armin Kuster @ 2021-07-25 4:52 UTC (permalink / raw)
To: openembedded-devel
From: Jate Sujjavanich <jatedev@gmail.com>
Backport patches:
using conntrack instead of state eliminating warning
support setup.py build (python 3)
adjust runtime tests to use daytime port (netbase changes)
empty out IPT_MODULES (nf conntrack warning)
check-requirements patch for python 3.8
Update, add patches for python 3 interpreter
Add ufw-test package. Backport fixes for check-requirements script
Update kernel RRECOMMENDS for linux-yocto 5.4 in dunfell
For dunfell
Signed-off-by: Jate Sujjavanich <jatedev@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
.../0006-check-requirements-get-error.patch | 36 +
...se-conntrack-instead-of-state-module.patch | 14903 ++++++++++++++++
...8-support-.-setup.py-build-LP-819600.patch | 93 +
...st-runtime-tests-to-use-daytime-port.patch | 2895 +++
...IPT_MODULES-and-update-documentation.patch | 106 +
...nts--simplify-and-support-python-3.8.patch | 33 +
...tect-openembedded-python-interpreter.patch | 33 +
...setup-only-make-one-reference-to-env.patch | 14 +-
.../recipes-connectivity/ufw/ufw_0.33.bb | 49 +-
9 files changed, 18155 insertions(+), 7 deletions(-)
create mode 100644 meta-networking/recipes-connectivity/ufw/ufw/0006-check-requirements-get-error.patch
create mode 100644 meta-networking/recipes-connectivity/ufw/ufw/0007-use-conntrack-instead-of-state-module.patch
create mode 100644 meta-networking/recipes-connectivity/ufw/ufw/0008-support-.-setup.py-build-LP-819600.patch
create mode 100644 meta-networking/recipes-connectivity/ufw/ufw/0009-adjust-runtime-tests-to-use-daytime-port.patch
create mode 100644 meta-networking/recipes-connectivity/ufw/ufw/0010-empty-out-IPT_MODULES-and-update-documentation.patch
create mode 100644 meta-networking/recipes-connectivity/ufw/ufw/0011-tests-check-requirements--simplify-and-support-python-3.8.patch
create mode 100644 meta-networking/recipes-connectivity/ufw/ufw/Add-code-to-detect-openembedded-python-interpreter.patch
diff --git a/meta-networking/recipes-connectivity/ufw/ufw/0006-check-requirements-get-error.patch b/meta-networking/recipes-connectivity/ufw/ufw/0006-check-requirements-get-error.patch
new file mode 100644
index 0000000000..9c268599ff
--- /dev/null
+++ b/meta-networking/recipes-connectivity/ufw/ufw/0006-check-requirements-get-error.patch
@@ -0,0 +1,36 @@
+ * check-requirements now gives iptables output on failure. Patch thanks to
+ S. Nizio.
+
+Written by Jamie Strandboge <jamie@canonical.com>
+
+The patch was imported from git://git.launchpad.net/ufw
+commit id 9a6d8beb4cb1d1646c7d2a19e4aea9898f4571bb
+
+Removed ChangeLog patch due to backport status of this patch.
+
+Upstream-Status: Backport
+Signed-off-by: Jate Sujjavanich <jatedev@gmail.com>
+
+--- check-requirements.orig 2012-12-03 16:37:20.214274095 +0100
++++ ufw-0.33/tests/check-requirements 2012-12-03 16:40:16.298728133 +0100
+@@ -29,14 +29,19 @@
+ runtime="yes"
+ shift 1
+ fi
+- if $@ >/dev/null 2>&1 ; then
++ local output ret=0
++ # make sure to always return success below because of set -e
++ output=$( "$@" 2>&1 ) || ret=$?
++ if [ $ret -eq 0 ]; then
+ echo pass
+ else
+ if [ "$runtime" = "yes" ]; then
+ echo "FAIL (no runtime support)"
++ echo "error was: $output"
+ error_runtime="yes"
+ else
+ echo FAIL
++ echo "error was: $output"
+ error="yes"
+ fi
+ fi
diff --git a/meta-networking/recipes-connectivity/ufw/ufw/0007-use-conntrack-instead-of-state-module.patch b/meta-networking/recipes-connectivity/ufw/ufw/0007-use-conntrack-instead-of-state-module.patch
new file mode 100644
index 0000000000..7a97773de0
--- /dev/null
+++ b/meta-networking/recipes-connectivity/ufw/ufw/0007-use-conntrack-instead-of-state-module.patch
@@ -0,0 +1,14903 @@
+use conntrack instead of state module. Patch based on work by S. Nizio.
+
+https://bugs.launchpad.net/ufw/+bug/1065297
+
+The patch was imported from git://git.launchpad.net/ufw
+commit id 2a24ab2c46a1370d230d380a7b794ac3f8296799
+
+Removed ChangeLog patch due to backport status of this patch.
+
+Upstream-Status: Backport
+Signed-off-by: Jate Sujjavanich <jatedev@gmail.com>
+
+diff --git a/README b/README
+index 0cc2b2f..fead7c0 100644
+--- a/README
++++ b/README
+@@ -24,13 +24,14 @@ Linux kernel configured with the following modules (not exhaustive):
+ limit
+ multiport
+ recent
+- state
+-
+-* python2.5 is no longer supported
+-** Systems with iptables below 1.4 will not have IPv6 application rule support.
+- ufw will give a warning when users try to use this functionality, but ufw
+- will otherwise work fine. ufw is known to work with iptables 1.3.8 in this
+- degraded mode.
++ conntrack***
++
++* python2.5 is no longer supported
++** Systems with iptables below 1.4 will not have IPv6 application rule
++ support. ufw will give a warning when users try to use this functionality,
++ but ufw will otherwise work fine. ufw is known to work with iptables 1.3.8
++ in this degraded mode.
++*** As of 0.34, the 'conntrack' modules is used instead of 'state'
+
+ ufw has been widely tested on Linux 2.6.24 and higher kernels. You may also
+ use the check-requirements script in the tests/ directory to see if your
+diff --git a/conf/before.rules b/conf/before.rules
+index bc11f36..9917b87 100644
+--- a/conf/before.rules
++++ b/conf/before.rules
+@@ -22,12 +22,12 @@
+ -A ufw-before-output -o lo -j ACCEPT
+
+ # quickly process packets for which we already have a connection
+--A ufw-before-input -m state --state RELATED,ESTABLISHED -j ACCEPT
+--A ufw-before-output -m state --state RELATED,ESTABLISHED -j ACCEPT
++-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
++-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+
+ # drop INVALID packets (logs these in loglevel medium and higher)
+--A ufw-before-input -m state --state INVALID -j ufw-logging-deny
+--A ufw-before-input -m state --state INVALID -j DROP
++-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
++-A ufw-before-input -m conntrack --ctstate INVALID -j DROP
+
+ # ok icmp codes
+ -A ufw-before-input -p icmp --icmp-type destination-unreachable -j ACCEPT
+diff --git a/conf/before6.rules b/conf/before6.rules
+index fb1a8f1..8b7e4ff 100644
+--- a/conf/before6.rules
++++ b/conf/before6.rules
+@@ -34,16 +34,16 @@
+ -A ufw6-before-input -p icmpv6 --icmpv6-type router-advertisement -m hl --hl-eq 255 -j ACCEPT
+
+ # quickly process packets for which we already have a connection
+--A ufw6-before-input -m state --state RELATED,ESTABLISHED -j ACCEPT
+--A ufw6-before-output -m state --state RELATED,ESTABLISHED -j ACCEPT
++-A ufw6-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
++-A ufw6-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+
+ # for multicast ping replies from link-local addresses (these don't have an
+ # associated connection and would otherwise be marked INVALID)
+ -A ufw6-before-input -p icmpv6 --icmpv6-type echo-reply -s fe80::/10 -j ACCEPT
+
+ # drop INVALID packets (logs these in loglevel medium and higher)
+--A ufw6-before-input -m state --state INVALID -j ufw6-logging-deny
+--A ufw6-before-input -m state --state INVALID -j DROP
++-A ufw6-before-input -m conntrack --ctstate INVALID -j ufw6-logging-deny
++-A ufw6-before-input -m conntrack --ctstate INVALID -j DROP
+
+ # ok icmp codes
+ -A ufw6-before-input -p icmpv6 --icmpv6-type destination-unreachable -j ACCEPT
+diff --git a/doc/ufw-framework.8 b/doc/ufw-framework.8
+index d9e3d5a..76403d6 100644
+--- a/doc/ufw-framework.8
++++ b/doc/ufw-framework.8
+@@ -167,9 +167,9 @@ Edit #CONFIG_PREFIX#/ufw/sysctl.conf to have:
+ net.ipv4.ip_forward=1
+ .TP
+ Add to the *filter section of #CONFIG_PREFIX#/ufw/before.rules:
+- \-A ufw\-before\-forward \-m state \-\-state RELATED,ESTABLISHED \\
+- \-j ACCEPT
+- \-A ufw\-before\-forward \-m state \-\-state NEW \-i eth0 \\
++ \-A ufw\-before\-forward \-m conntrack \\
++ \-\-ctstate RELATED,ESTABLISHED \-j ACCEPT
++ \-A ufw\-before\-forward \-m conntrack \-\-ctstate NEW \-i eth0 \\
+ \-d 10.0.0.2 \-p tcp \-\-dport 80 \-j ACCEPT
+ .TP
+ Add to the end of #CONFIG_PREFIX#/ufw/before.rules, after the *filter section:
+@@ -209,13 +209,13 @@ Edit #CONFIG_PREFIX#/ufw/sysctl.conf to have:
+ net.ipv4.ip_forward=1
+ .TP
+ Add to the *filter section of #CONFIG_PREFIX#/ufw/before.rules:
+- \-A ufw\-before\-forward \-m state \-\-state RELATED,ESTABLISHED \\
+- \-j ACCEPT
++ \-A ufw\-before\-forward \-m conntrack \\
++ \-\-ctstate RELATED,ESTABLISHED \-j ACCEPT
+
+- \-A ufw\-before\-forward \-i eth1 \-s 10.0.0.0/8 \-o eth0 \-m state \\
+- \-\-state NEW \-j ACCEPT
++ \-A ufw\-before\-forward \-i eth1 \-s 10.0.0.0/8 \-o eth0 \\
++ \-m conntrack \-\-ctstate NEW \-j ACCEPT
+
+- \-A ufw\-before\-forward \-m state \-\-state NEW \-i eth0 \\
++ \-A ufw\-before\-forward \-m conntrack \-\-ctstate NEW \-i eth0 \\
+ \-d 10.0.0.2 \-p tcp \-\-dport 80 \-j ACCEPT
+
+ \-A ufw\-before\-forward \-o eth0 \-d 10.0.0.0/8 \-j REJECT
+diff --git a/locales/po/ufw.pot b/locales/po/ufw.pot
+index fc56838..dc4b8e9 100644
+--- a/locales/po/ufw.pot
++++ b/locales/po/ufw.pot
+@@ -8,7 +8,7 @@ msgid ""
+ msgstr ""
+ "Project-Id-Version: PACKAGE VERSION\n"
+ "Report-Msgid-Bugs-To: \n"
+-"POT-Creation-Date: 2012-08-12 10:55-0500\n"
++"POT-Creation-Date: 2012-12-03 14:33-0600\n"
+ "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
+ "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
+ "Language-Team: LANGUAGE <LL@li.org>\n"
+@@ -21,7 +21,7 @@ msgstr ""
+ msgid ": Need at least python 2.6)\n"
+ msgstr ""
+
+-#: src/ufw:109 src/frontend.py:575 src/frontend.py:877
++#: src/ufw:109 src/frontend.py:577 src/frontend.py:879
+ msgid "Aborted"
+ msgstr ""
+
+@@ -103,7 +103,7 @@ msgstr ""
+ msgid "New profiles:"
+ msgstr ""
+
+-#: src/backend_iptables.py:88 src/backend.py:322
++#: src/backend_iptables.py:88 src/backend.py:339
+ #, python-format
+ msgid "Unsupported policy '%s'"
+ msgstr ""
+@@ -130,44 +130,44 @@ msgstr ""
+ msgid "Checking raw ip6tables\n"
+ msgstr ""
+
+-#: src/backend_iptables.py:250
++#: src/backend_iptables.py:253
+ msgid "Checking iptables\n"
+ msgstr ""
+
+-#: src/backend_iptables.py:252
++#: src/backend_iptables.py:255
+ msgid "Checking ip6tables\n"
+ msgstr ""
+
+-#: src/backend_iptables.py:255 src/backend_iptables.py:495
++#: src/backend_iptables.py:258 src/backend_iptables.py:501
+ msgid "problem running"
+ msgstr ""
+
+-#: src/backend_iptables.py:261
++#: src/backend_iptables.py:264
+ msgid "Status: inactive"
+ msgstr ""
+
+-#: src/backend_iptables.py:397
++#: src/backend_iptables.py:400
+ msgid "To"
+ msgstr ""
+
+-#: src/backend_iptables.py:398
++#: src/backend_iptables.py:401
+ msgid "From"
+ msgstr ""
+
+-#: src/backend_iptables.py:399
++#: src/backend_iptables.py:402
+ msgid "Action"
+ msgstr ""
+
+-#: src/backend_iptables.py:415
++#: src/backend_iptables.py:418
+ msgid "\n"
+ msgstr ""
+
+-#: src/backend_iptables.py:423
++#: src/backend_iptables.py:426
+ #, python-format
+ msgid "Default: %(in)s (incoming), %(out)s (outgoing)"
+ msgstr ""
+
+-#: src/backend_iptables.py:427
++#: src/backend_iptables.py:430
+ #, python-format
+ msgid ""
+ "Status: active\n"
+@@ -176,174 +176,174 @@ msgid ""
+ "%(app)s%(status)s"
+ msgstr ""
+
+-#: src/backend_iptables.py:431
++#: src/backend_iptables.py:434
+ #, python-format
+ msgid "Status: active%s"
+ msgstr ""
+
+-#: src/backend_iptables.py:436 src/backend_iptables.py:446
++#: src/backend_iptables.py:439 src/backend_iptables.py:449
+ msgid "running ufw-init"
+ msgstr ""
+
+-#: src/backend_iptables.py:440 src/backend_iptables.py:450
++#: src/backend_iptables.py:443 src/backend_iptables.py:453
+ #, python-format
+ msgid ""
+ "problem running ufw-init\n"
+ "%s"
+ msgstr ""
+
+-#: src/backend_iptables.py:459
++#: src/backend_iptables.py:462
+ msgid "Could not set LOGLEVEL"
+ msgstr ""
+
+-#: src/backend_iptables.py:465
++#: src/backend_iptables.py:468
+ msgid "Could not load logging rules"
+ msgstr ""
+
+-#: src/backend_iptables.py:617 src/backend.py:229
++#: src/backend_iptables.py:623 src/backend.py:246
+ #, python-format
+ msgid "Couldn't open '%s' for reading"
+ msgstr ""
+
+-#: src/backend_iptables.py:626
++#: src/backend_iptables.py:632
+ #, python-format
+ msgid "Skipping malformed tuple (bad length): %s"
+ msgstr ""
+
+-#: src/backend_iptables.py:657
++#: src/backend_iptables.py:663
+ #, python-format
+ msgid "Skipping malformed tuple: %s"
+ msgstr ""
+
+-#: src/backend_iptables.py:679 src/backend.py:260
++#: src/backend_iptables.py:685 src/backend.py:277
+ #, python-format
+ msgid "'%s' is not writable"
+ msgstr ""
+
+-#: src/backend_iptables.py:837
++#: src/backend_iptables.py:850
+ msgid "Adding IPv6 rule failed: IPv6 not enabled"
+ msgstr ""
+
+-#: src/backend_iptables.py:841
++#: src/backend_iptables.py:854
+ #, python-format
+ msgid "Skipping unsupported IPv6 '%s' rule"
+ msgstr ""
+
+-#: src/backend_iptables.py:845
++#: src/backend_iptables.py:858
+ #, python-format
+ msgid "Skipping unsupported IPv4 '%s' rule"
+ msgstr ""
+
+-#: src/backend_iptables.py:848
++#: src/backend_iptables.py:861
+ msgid "Must specify 'tcp' or 'udp' with multiple ports"
+ msgstr ""
+
+-#: src/backend_iptables.py:860
++#: src/backend_iptables.py:873
+ msgid "Skipping IPv6 application rule. Need at least iptables 1.4"
+ msgstr ""
+
+-#: src/backend_iptables.py:865
++#: src/backend_iptables.py:878
+ #, python-format
+ msgid "Invalid position '%d'"
+ msgstr ""
+
+-#: src/backend_iptables.py:869
++#: src/backend_iptables.py:882
+ msgid "Cannot specify insert and delete"
+ msgstr ""
+
+-#: src/backend_iptables.py:872
++#: src/backend_iptables.py:885
+ #, python-format
+ msgid "Cannot insert rule at position '%d'"
+ msgstr ""
+
+-#: src/backend_iptables.py:930
++#: src/backend_iptables.py:943
+ msgid "Skipping inserting existing rule"
+ msgstr ""
+
+-#: src/backend_iptables.py:941 src/frontend.py:386
++#: src/backend_iptables.py:954 src/frontend.py:388
+ msgid "Could not delete non-existent rule"
+ msgstr ""
+
+-#: src/backend_iptables.py:946
++#: src/backend_iptables.py:959
+ msgid "Skipping adding existing rule"
+ msgstr ""
+
+-#: src/backend_iptables.py:962
++#: src/backend_iptables.py:975
+ msgid "Couldn't update rules file"
+ msgstr ""
+
+-#: src/backend_iptables.py:967
++#: src/backend_iptables.py:980
+ msgid "Rules updated"
+ msgstr ""
+
+-#: src/backend_iptables.py:969
++#: src/backend_iptables.py:982
+ msgid "Rules updated (v6)"
+ msgstr ""
+
+-#: src/backend_iptables.py:977
++#: src/backend_iptables.py:990
+ msgid "Rule inserted"
+ msgstr ""
+
+-#: src/backend_iptables.py:979
++#: src/backend_iptables.py:992
+ msgid "Rule updated"
+ msgstr ""
+
+-#: src/backend_iptables.py:989
++#: src/backend_iptables.py:1002
+ msgid " (skipped reloading firewall)"
+ msgstr ""
+
+-#: src/backend_iptables.py:992
++#: src/backend_iptables.py:1005
+ msgid "Rule deleted"
+ msgstr ""
+
+-#: src/backend_iptables.py:995
++#: src/backend_iptables.py:1008
+ msgid "Rule added"
+ msgstr ""
+
+-#: src/backend_iptables.py:1010 src/backend_iptables.py:1098
++#: src/backend_iptables.py:1023 src/backend_iptables.py:1114
+ msgid "Could not update running firewall"
+ msgstr ""
+
+-#: src/backend_iptables.py:1065
++#: src/backend_iptables.py:1078
+ #, python-format
+ msgid "Could not perform '%s'"
+ msgstr ""
+
+-#: src/backend_iptables.py:1089
++#: src/backend_iptables.py:1105
+ msgid "Couldn't update rules file for logging"
+ msgstr ""
+
+-#: src/backend_iptables.py:1147 src/backend.py:578
++#: src/backend_iptables.py:1163 src/backend.py:595
+ #, python-format
+ msgid "Invalid log level '%s'"
+ msgstr ""
+
+-#: src/backend_iptables.py:1244
++#: src/backend_iptables.py:1260
+ #, python-format
+ msgid "Could not find '%s'. Aborting"
+ msgstr ""
+
+-#: src/backend_iptables.py:1256
++#: src/backend_iptables.py:1272
+ #, python-format
+ msgid "'%s' already exists. Aborting"
+ msgstr ""
+
+-#: src/backend_iptables.py:1262
++#: src/backend_iptables.py:1278
+ #, python-format
+ msgid "Backing up '%(old)s' to '%(new)s'\n"
+ msgstr ""
+
+-#: src/backend_iptables.py:1278 src/backend.py:185
++#: src/backend_iptables.py:1294 src/backend.py:202
+ #, python-format
+ msgid "Couldn't stat '%s'"
+ msgstr ""
+
+-#: src/backend_iptables.py:1283
++#: src/backend_iptables.py:1299
+ #, python-format
+ msgid "WARN: '%s' is world writable"
+ msgstr ""
+
+-#: src/backend_iptables.py:1285
++#: src/backend_iptables.py:1301
+ #, python-format
+ msgid "WARN: '%s' is world readable"
+ msgstr ""
+@@ -352,102 +352,102 @@ msgstr ""
+ msgid "Couldn't determine iptables version"
+ msgstr ""
+
+-#: src/backend.py:138
++#: src/backend.py:155
+ msgid "Checks disabled"
+ msgstr ""
+
+-#: src/backend.py:144
++#: src/backend.py:161
+ msgid "ERROR: this script should not be SUID"
+ msgstr ""
+
+-#: src/backend.py:147
++#: src/backend.py:164
+ msgid "ERROR: this script should not be SGID"
+ msgstr ""
+
+-#: src/backend.py:152
++#: src/backend.py:169
+ msgid "You need to be root to run this script"
+ msgstr ""
+
+-#: src/backend.py:162
++#: src/backend.py:179
+ #, python-format
+ msgid "'%s' does not exist"
+ msgstr ""
+
+-#: src/backend.py:191
++#: src/backend.py:208
+ #, python-format
+ msgid "uid is %(uid)s but '%(path)s' is owned by %(st_uid)s"
+ msgstr ""
+
+-#: src/backend.py:198
++#: src/backend.py:215
+ #, python-format
+ msgid "%s is world writable!"
+ msgstr ""
+
+-#: src/backend.py:202
++#: src/backend.py:219
+ #, python-format
+ msgid "%s is group writable!"
+ msgstr ""
+
+-#: src/backend.py:218
++#: src/backend.py:235
+ #, python-format
+ msgid "'%(f)s' file '%(name)s' does not exist"
+ msgstr ""
+
+-#: src/backend.py:243
++#: src/backend.py:260
+ #, python-format
+ msgid "Missing policy for '%s'"
+ msgstr ""
+
+-#: src/backend.py:247
++#: src/backend.py:264
+ #, python-format
+ msgid "Invalid policy '%(policy)s' for '%(chain)s'"
+ msgstr ""
+
+-#: src/backend.py:254
++#: src/backend.py:271
+ msgid "Invalid option"
+ msgstr ""
+
+-#: src/backend.py:325
++#: src/backend.py:342
+ #, python-format
+ msgid "Default application policy changed to '%s'"
+ msgstr ""
+
+-#: src/backend.py:407
++#: src/backend.py:424
+ msgid "No rules found for application profile"
+ msgstr ""
+
+-#: src/backend.py:466
++#: src/backend.py:483
+ #, python-format
+ msgid "Rules updated for profile '%s'"
+ msgstr ""
+
+-#: src/backend.py:472
++#: src/backend.py:489
+ msgid "Couldn't update application rules"
+ msgstr ""
+
+-#: src/backend.py:494
++#: src/backend.py:511
+ #, python-format
+ msgid "Found multiple matches for '%s'. Please use exact profile name"
+ msgstr ""
+
+-#: src/backend.py:496
++#: src/backend.py:513
+ #, python-format
+ msgid "Could not find a profile matching '%s'"
+ msgstr ""
+
+-#: src/backend.py:562
++#: src/backend.py:579
+ msgid "Logging: "
+ msgstr ""
+
+-#: src/backend.py:566
++#: src/backend.py:583
+ msgid "unknown"
+ msgstr ""
+
+-#: src/backend.py:596
++#: src/backend.py:613
+ msgid "Logging disabled"
+ msgstr ""
+
+-#: src/backend.py:598
++#: src/backend.py:615
+ msgid "Logging enabled"
+ msgstr ""
+
+@@ -526,6 +526,7 @@ msgid ""
+ " %(limit)-31s add limit %(rule)s\n"
+ " %(delete)-31s delete %(urule)s\n"
+ " %(insert)-31s insert %(urule)s at %(number)s\n"
++" %(reload)-31s reload firewall\n"
+ " %(reset)-31s reset firewall\n"
+ " %(status)-31s show firewall status\n"
+ " %(statusnum)-31s show firewall status as numbered list of %(rules)s\n"
+@@ -540,87 +541,87 @@ msgid ""
+ " %(appdefault)-31s set default application policy\n"
+ msgstr ""
+
+-#: src/frontend.py:160
++#: src/frontend.py:162
+ msgid "n"
+ msgstr ""
+
+-#: src/frontend.py:161
++#: src/frontend.py:163
+ msgid "y"
+ msgstr ""
+
+-#: src/frontend.py:162
++#: src/frontend.py:164
+ msgid "yes"
+ msgstr ""
+
+-#: src/frontend.py:207
++#: src/frontend.py:209
+ msgid "Firewall is active and enabled on system startup"
+ msgstr ""
+
+-#: src/frontend.py:214
++#: src/frontend.py:216
+ msgid "Firewall stopped and disabled on system startup"
+ msgstr ""
+
+-#: src/frontend.py:265
++#: src/frontend.py:267
+ msgid "Could not get listening status"
+ msgstr ""
+
+-#: src/frontend.py:326
++#: src/frontend.py:328
+ msgid "Added user rules (see 'ufw status' for running firewall):"
+ msgstr ""
+
+-#: src/frontend.py:329
++#: src/frontend.py:331
+ msgid ""
+ "\n"
+ "(None)"
+ msgstr ""
+
+-#: src/frontend.py:381 src/frontend.py:479 src/frontend.py:489
++#: src/frontend.py:383 src/frontend.py:481 src/frontend.py:491
+ #, python-format
+ msgid "Invalid IP version '%s'"
+ msgstr ""
+
+-#: src/frontend.py:412
++#: src/frontend.py:414
+ msgid "Invalid position '"
+ msgstr ""
+
+-#: src/frontend.py:486
++#: src/frontend.py:488
+ msgid "IPv6 support not enabled"
+ msgstr ""
+
+-#: src/frontend.py:497
++#: src/frontend.py:499
+ msgid "Rule changed after normalization"
+ msgstr ""
+
+-#: src/frontend.py:521
++#: src/frontend.py:523
+ #, python-format
+ msgid "Could not back out rule '%s'"
+ msgstr ""
+
+-#: src/frontend.py:525
++#: src/frontend.py:527
+ msgid ""
+ "\n"
+ "Error applying application rules."
+ msgstr ""
+
+-#: src/frontend.py:527
++#: src/frontend.py:529
+ msgid " Some rules could not be unapplied."
+ msgstr ""
+
+-#: src/frontend.py:529
++#: src/frontend.py:531
+ msgid " Attempted rules successfully unapplied."
+ msgstr ""
+
+-#: src/frontend.py:540
++#: src/frontend.py:542
+ #, python-format
+ msgid "Could not find rule '%s'"
+ msgstr ""
+
+-#: src/frontend.py:545 src/frontend.py:550
++#: src/frontend.py:547 src/frontend.py:552
+ #, python-format
+ msgid "Could not find rule '%d'"
+ msgstr ""
+
+-#: src/frontend.py:562
++#: src/frontend.py:564
+ #, python-format
+ msgid ""
+ "Deleting:\n"
+@@ -628,93 +629,93 @@ msgid ""
+ "Proceed with operation (%(yes)s|%(no)s)? "
+ msgstr ""
+
+-#: src/frontend.py:593
++#: src/frontend.py:595
+ msgid "Unsupported default policy"
+ msgstr ""
+
+-#: src/frontend.py:622 src/frontend.py:767
++#: src/frontend.py:624 src/frontend.py:769
+ msgid "Firewall reloaded"
+ msgstr ""
+
+-#: src/frontend.py:624
++#: src/frontend.py:626
+ msgid "Firewall not enabled (skipping reload)"
+ msgstr ""
+
+-#: src/frontend.py:641 src/frontend.py:655 src/frontend.py:692
++#: src/frontend.py:643 src/frontend.py:657 src/frontend.py:694
+ msgid "Invalid profile name"
+ msgstr ""
+
+-#: src/frontend.py:660 src/frontend.py:842
++#: src/frontend.py:662 src/frontend.py:844
+ #, python-format
+ msgid "Unsupported action '%s'"
+ msgstr ""
+
+-#: src/frontend.py:679
++#: src/frontend.py:681
+ msgid "Available applications:"
+ msgstr ""
+
+-#: src/frontend.py:700
++#: src/frontend.py:702
+ #, python-format
+ msgid "Could not find profile '%s'"
+ msgstr ""
+
+-#: src/frontend.py:705
++#: src/frontend.py:707
+ msgid "Invalid profile"
+ msgstr ""
+
+-#: src/frontend.py:708
++#: src/frontend.py:710
+ #, python-format
+ msgid "Profile: %s\n"
+ msgstr ""
+
+-#: src/frontend.py:709
++#: src/frontend.py:711
+ #, python-format
+ msgid "Title: %s\n"
+ msgstr ""
+
+-#: src/frontend.py:712
++#: src/frontend.py:714
+ #, python-format
+ msgid ""
+ "Description: %s\n"
+ "\n"
+ msgstr ""
+
+-#: src/frontend.py:718
++#: src/frontend.py:720
+ msgid "Ports:"
+ msgstr ""
+
+-#: src/frontend.py:720
++#: src/frontend.py:722
+ msgid "Port:"
+ msgstr ""
+
+-#: src/frontend.py:769
++#: src/frontend.py:771
+ msgid "Skipped reloading firewall"
+ msgstr ""
+
+-#: src/frontend.py:779
++#: src/frontend.py:781
+ msgid "Cannot specify 'all' with '--add-new'"
+ msgstr ""
+
+-#: src/frontend.py:794
++#: src/frontend.py:796
+ #, python-format
+ msgid "Unknown policy '%s'"
+ msgstr ""
+
+-#: src/frontend.py:851
++#: src/frontend.py:853
+ #, python-format
+ msgid ""
+ "Command may disrupt existing ssh connections. Proceed with operation "
+ "(%(yes)s|%(no)s)? "
+ msgstr ""
+
+-#: src/frontend.py:864
++#: src/frontend.py:866
+ #, python-format
+ msgid ""
+ "Resetting all rules to installed defaults. Proceed with operation (%(yes)s|"
+ "%(no)s)? "
+ msgstr ""
+
+-#: src/frontend.py:868
++#: src/frontend.py:870
+ #, python-format
+ msgid ""
+ "Resetting all rules to installed defaults. This may disrupt existing ssh "
+diff --git a/setup.py b/setup.py
+index 6fb3751..1685401 100644
+--- a/setup.py
++++ b/setup.py
+@@ -35,7 +35,7 @@ import sys
+ import shutil
+ import subprocess
+
+-ufw_version = '0.33'
++ufw_version = '0.34'
+
+ def cmd(command):
+ '''Try to execute the given command.'''
+diff --git a/src/backend_iptables.py b/src/backend_iptables.py
+index 76d8515..478e35c 100644
+--- a/src/backend_iptables.py
++++ b/src/backend_iptables.py
+@@ -564,7 +564,7 @@ class UFWBackendIptables(ufw.backend.UFWBackend):
+ lstr = '%s -j LOG --log-prefix "[UFW %s] "' % (limit_args, \
+ policy)
+ if not pat_logall.search(s):
+- lstr = '-m state --state NEW ' + lstr
++ lstr = '-m conntrack --ctstate NEW ' + lstr
+ snippets[i] = pat_log.sub(r'\1-j \2\4', s)
+ snippets.insert(i, pat_log.sub(r'\1-j ' + prefix + \
+ '-user-logging-' + suffix, s))
+@@ -580,9 +580,9 @@ class UFWBackendIptables(ufw.backend.UFWBackend):
+ pat_limit = re.compile(r' -j LIMIT')
+ for i, s in enumerate(snippets):
+ if pat_limit.search(s):
+- tmp1 = pat_limit.sub(' -m state --state NEW -m recent --set', \
++ tmp1 = pat_limit.sub(' -m conntrack --ctstate NEW -m recent --set', \
+ s)
+- tmp2 = pat_limit.sub(' -m state --state NEW -m recent' + \
++ tmp2 = pat_limit.sub(' -m conntrack --ctstate NEW -m recent' + \
+ ' --update --seconds 30 --hitcount 6' + \
+ ' -j ' + prefix + '-user-limit', s)
+ tmp3 = pat_limit.sub(' -j ' + prefix + '-user-limit-accept', s)
+@@ -1212,12 +1212,12 @@ class UFWBackendIptables(ufw.backend.UFWBackend):
+ prefix = "[UFW BLOCK] "
+ if self.loglevels[level] < self.loglevels["medium"]:
+ # only log INVALID in medium and higher
+- rules_t.append([c, ['-I', c, '-m', 'state', \
+- '--state', 'INVALID', \
++ rules_t.append([c, ['-I', c, '-m', 'conntrack', \
++ '--ctstate', 'INVALID', \
+ '-j', 'RETURN'] + largs, ''])
+ else:
+- rules_t.append([c, ['-A', c, '-m', 'state', \
+- '--state', 'INVALID', \
++ rules_t.append([c, ['-A', c, '-m', 'conntrack', \
++ '--ctstate', 'INVALID', \
+ '-j', 'LOG', \
+ '--log-prefix', \
+ "[UFW AUDIT INVALID] "] + \
+@@ -1236,7 +1236,7 @@ class UFWBackendIptables(ufw.backend.UFWBackend):
+
+ # loglevel medium logs all new packets with limit
+ if self.loglevels[level] < self.loglevels["high"]:
+- largs = ['-m', 'state', '--state', 'NEW'] + limit_args
++ largs = ['-m', 'conntrack', '--ctstate', 'NEW'] + limit_args
+
+ prefix = "[UFW AUDIT] "
+ for c in self.chains['before']:
+diff --git a/src/ufw-init-functions b/src/ufw-init-functions
+index f4783e7..c5e0319 100755
+--- a/src/ufw-init-functions
++++ b/src/ufw-init-functions
+@@ -251,15 +251,15 @@ ufw_start() {
+ # add tracking policy
+ if [ "$DEFAULT_INPUT_POLICY" = "ACCEPT" ]; then
+ printf "*filter\n"\
+-"-A ufw${type}-track-input -p tcp -m state --state NEW -j ACCEPT\n"\
+-"-A ufw${type}-track-input -p udp -m state --state NEW -j ACCEPT\n"\
++"-A ufw${type}-track-input -p tcp -m conntrack --ctstate NEW -j ACCEPT\n"\
++"-A ufw${type}-track-input -p udp -m conntrack --ctstate NEW -j ACCEPT\n"\
+ "COMMIT\n" | $exe-restore -n || error="yes"
+ fi
+
+ if [ "$DEFAULT_OUTPUT_POLICY" = "ACCEPT" ]; then
+ printf "*filter\n"\
+-"-A ufw${type}-track-output -p tcp -m state --state NEW -j ACCEPT\n"\
+-"-A ufw${type}-track-output -p udp -m state --state NEW -j ACCEPT\n"\
++"-A ufw${type}-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT\n"\
++"-A ufw${type}-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT\n"\
+ "COMMIT\n" | $exe-restore -n || error="yes"
+ fi
+
+diff --git a/src/util.py b/src/util.py
+index fe9cd5c..bf0a6f6 100644
+--- a/src/util.py
++++ b/src/util.py
+@@ -737,12 +737,12 @@ def get_netfilter_capabilities(exe="/sbin/iptables"):
+ # the stuff we know isn't supported everywhere but we want to support.
+
+ # recent-set
+- if test_cap(exe, chain, ['-m', 'state', '--state', 'NEW', \
++ if test_cap(exe, chain, ['-m', 'conntrack', '--ctstate', 'NEW', \
+ '-m', 'recent', '--set']):
+ caps.append('recent-set')
+
+ # recent-update
+- if test_cap(exe, chain, ['-m', 'state', '--state', 'NEW', \
++ if test_cap(exe, chain, ['-m', 'conntrack', '--ctstate', 'NEW', \
+ '-m', 'recent', '--update', \
+ '--seconds', '30', \
+ '--hitcount', '6']):
+diff --git a/tests/bugs/rules/result b/tests/bugs/rules/result
+index af2879a..396ff4c 100644
+--- a/tests/bugs/rules/result
++++ b/tests/bugs/rules/result
+@@ -28,7 +28,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -73,7 +73,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+diff --git a/tests/check-requirements b/tests/check-requirements
+index 613a3c8..ffbe9fc 100755
+--- a/tests/check-requirements
++++ b/tests/check-requirements
+@@ -172,24 +172,24 @@ for i in "" 6; do
+ done
+
+ echo -n "hashlimit: "
+- runcmd $exe -A $c -m hashlimit -m tcp -p tcp --dport 22 --hashlimit 1/min --hashlimit-mode srcip --hashlimit-name ssh -m state --state NEW -j ACCEPT
++ runcmd $exe -A $c -m hashlimit -m tcp -p tcp --dport 22 --hashlimit 1/min --hashlimit-mode srcip --hashlimit-name ssh -m conntrack --ctstate NEW -j ACCEPT
+
+ echo -n "limit: "
+ runcmd $exe -A $c -m limit --limit 3/min --limit-burst 10 -j ACCEPT
+
+ for j in NEW RELATED ESTABLISHED INVALID; do
+ echo -n "state ($j): "
+- runcmd $exe -A $c -m state --state $j
++ runcmd $exe -A $c -m conntrack --ctstate $j
+ done
+
+ echo -n "state (new, recent set): "
+- runcmd runtime $exe -A $c -m state --state NEW -m recent --set
++ runcmd runtime $exe -A $c -m conntrack --ctstate NEW -m recent --set
+
+ echo -n "state (new, recent update): "
+- runcmd runtime $exe -A $c -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ACCEPT
++ runcmd runtime $exe -A $c -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ACCEPT
+
+ echo -n "state (new, limit): "
+- runcmd $exe -A $c -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j ACCEPT
++ runcmd $exe -A $c -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j ACCEPT
+
+ echo -n "interface (input): "
+ runcmd $exe -A $c -i eth0 -j ACCEPT
+diff --git a/tests/good/apps/result b/tests/good/apps/result
+index c6988b0..8b477c2 100644
+--- a/tests/good/apps/result
++++ b/tests/good/apps/result
+@@ -717,7 +717,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -760,7 +760,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -803,7 +803,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -847,7 +847,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -890,7 +890,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -931,7 +931,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -974,7 +974,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1017,7 +1017,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1060,7 +1060,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1103,7 +1103,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1146,7 +1146,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1189,7 +1189,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1232,7 +1232,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1276,7 +1276,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1319,7 +1319,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1360,7 +1360,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1403,7 +1403,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1446,7 +1446,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1489,7 +1489,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1532,7 +1532,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1568,8 +1568,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in
+--A ufw-user-input -p tcp --dport 80 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache'
+--A ufw-user-input -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache'
++-A ufw-user-input -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache'
++-A ufw-user-input -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache'
+ -A ufw-user-input -p tcp --dport 80 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache'
+
+ ### END RULES ###
+@@ -1577,7 +1577,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1613,8 +1613,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 443 0.0.0.0/0 any 0.0.0.0/0 Apache%20Secure - in
+--A ufw-user-input -p tcp --dport 443 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache%20Secure'
+--A ufw-user-input -p tcp --dport 443 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Secure'
++-A ufw-user-input -p tcp --dport 443 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache%20Secure'
++-A ufw-user-input -p tcp --dport 443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Secure'
+ -A ufw-user-input -p tcp --dport 443 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache%20Secure'
+
+ ### END RULES ###
+@@ -1622,7 +1622,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1658,8 +1658,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 80,443 0.0.0.0/0 any 0.0.0.0/0 Apache%20Full - in
+--A ufw-user-input -p tcp -m multiport --dports 80,443 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache%20Full'
+--A ufw-user-input -p tcp -m multiport --dports 80,443 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Full'
++-A ufw-user-input -p tcp -m multiport --dports 80,443 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache%20Full'
++-A ufw-user-input -p tcp -m multiport --dports 80,443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Full'
+ -A ufw-user-input -p tcp -m multiport --dports 80,443 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache%20Full'
+
+ ### END RULES ###
+@@ -1667,7 +1667,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1703,11 +1703,11 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit any 53 0.0.0.0/0 any 0.0.0.0/0 Bind9 - in
+--A ufw-user-input -p tcp --dport 53 -m state --state NEW -m recent --set -m comment --comment 'dapp_Bind9'
+--A ufw-user-input -p tcp --dport 53 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9'
++-A ufw-user-input -p tcp --dport 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9'
++-A ufw-user-input -p tcp --dport 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9'
+ -A ufw-user-input -p tcp --dport 53 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9'
+--A ufw-user-input -p udp --dport 53 -m state --state NEW -m recent --set -m comment --comment 'dapp_Bind9'
+--A ufw-user-input -p udp --dport 53 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9'
++-A ufw-user-input -p udp --dport 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9'
++-A ufw-user-input -p udp --dport 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9'
+ -A ufw-user-input -p udp --dport 53 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9'
+
+ ### END RULES ###
+@@ -1715,7 +1715,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1751,8 +1751,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### END RULES ###
+@@ -1760,7 +1760,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1791,13 +1791,13 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### limit udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### tuple ### limit tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### END RULES ###
+@@ -1805,7 +1805,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1841,8 +1841,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 123 0.0.0.0/0 any 0.0.0.0/0 OpenNTPD - in
+--A ufw-user-input -p udp --dport 123 -m state --state NEW -m recent --set -m comment --comment 'dapp_OpenNTPD'
+--A ufw-user-input -p udp --dport 123 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_OpenNTPD'
++-A ufw-user-input -p udp --dport 123 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_OpenNTPD'
++-A ufw-user-input -p udp --dport 123 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_OpenNTPD'
+ -A ufw-user-input -p udp --dport 123 -j ufw-user-limit-accept -m comment --comment 'dapp_OpenNTPD'
+
+ ### END RULES ###
+@@ -1850,7 +1850,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1886,8 +1886,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 1234,5678 0.0.0.0/0 any 0.0.0.0/0 Multi%20TCP - in
+--A ufw-user-input -p tcp -m multiport --dports 1234,5678 -m state --state NEW -m recent --set -m comment --comment 'dapp_Multi%20TCP'
+--A ufw-user-input -p tcp -m multiport --dports 1234,5678 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Multi%20TCP'
++-A ufw-user-input -p tcp -m multiport --dports 1234,5678 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Multi%20TCP'
++-A ufw-user-input -p tcp -m multiport --dports 1234,5678 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Multi%20TCP'
+ -A ufw-user-input -p tcp -m multiport --dports 1234,5678 -j ufw-user-limit-accept -m comment --comment 'dapp_Multi%20TCP'
+
+ ### END RULES ###
+@@ -1895,7 +1895,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1931,8 +1931,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 1234,5678 0.0.0.0/0 any 0.0.0.0/0 Multi%20UDP - in
+--A ufw-user-input -p udp -m multiport --dports 1234,5678 -m state --state NEW -m recent --set -m comment --comment 'dapp_Multi%20UDP'
+--A ufw-user-input -p udp -m multiport --dports 1234,5678 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Multi%20UDP'
++-A ufw-user-input -p udp -m multiport --dports 1234,5678 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Multi%20UDP'
++-A ufw-user-input -p udp -m multiport --dports 1234,5678 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Multi%20UDP'
+ -A ufw-user-input -p udp -m multiport --dports 1234,5678 -j ufw-user-limit-accept -m comment --comment 'dapp_Multi%20UDP'
+
+ ### END RULES ###
+@@ -1940,7 +1940,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1976,8 +1976,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 8080:8089 0.0.0.0/0 any 0.0.0.0/0 Custom%20Web%20App2 - in
+--A ufw-user-input -p tcp -m multiport --dports 8080:8089 -m state --state NEW -m recent --set -m comment --comment 'dapp_Custom%20Web%20App2'
+--A ufw-user-input -p tcp -m multiport --dports 8080:8089 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Custom%20Web%20App2'
++-A ufw-user-input -p tcp -m multiport --dports 8080:8089 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Custom%20Web%20App2'
++-A ufw-user-input -p tcp -m multiport --dports 8080:8089 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Custom%20Web%20App2'
+ -A ufw-user-input -p tcp -m multiport --dports 8080:8089 -j ufw-user-limit-accept -m comment --comment 'dapp_Custom%20Web%20App2'
+
+ ### END RULES ###
+@@ -1985,7 +1985,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2029,7 +2029,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2072,7 +2072,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2115,7 +2115,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2159,7 +2159,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2202,7 +2202,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2243,7 +2243,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2286,7 +2286,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2329,7 +2329,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2372,7 +2372,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2415,7 +2415,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2458,7 +2458,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2501,7 +2501,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2545,7 +2545,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2588,7 +2588,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2629,7 +2629,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2672,7 +2672,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2715,7 +2715,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2758,7 +2758,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2801,7 +2801,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2844,7 +2844,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2887,7 +2887,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2931,7 +2931,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2974,7 +2974,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3015,7 +3015,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3058,7 +3058,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3101,7 +3101,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3144,7 +3144,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3187,7 +3187,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3230,7 +3230,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3273,7 +3273,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3317,7 +3317,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3360,7 +3360,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3401,7 +3401,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3444,7 +3444,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3487,7 +3487,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3530,7 +3530,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3573,7 +3573,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3616,7 +3616,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3659,7 +3659,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3700,7 +3700,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3743,7 +3743,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3784,7 +3784,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3827,7 +3827,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3870,7 +3870,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3913,7 +3913,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3956,7 +3956,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3997,7 +3997,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4040,7 +4040,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4081,7 +4081,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4124,7 +4124,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4167,7 +4167,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4208,7 +4208,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4251,7 +4251,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4294,7 +4294,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4337,7 +4337,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4378,7 +4378,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4421,7 +4421,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4462,7 +4462,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4505,7 +4505,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4548,7 +4548,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4591,7 +4591,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4634,7 +4634,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4675,7 +4675,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4718,7 +4718,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4759,7 +4759,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4802,7 +4802,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4845,7 +4845,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4886,7 +4886,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4929,7 +4929,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4972,7 +4972,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5015,7 +5015,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5059,7 +5059,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5102,7 +5102,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5143,7 +5143,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5186,7 +5186,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5229,7 +5229,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5272,7 +5272,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5315,7 +5315,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5358,7 +5358,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5401,7 +5401,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5445,7 +5445,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5488,7 +5488,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5529,7 +5529,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5572,7 +5572,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5615,7 +5615,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5658,7 +5658,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5701,7 +5701,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5744,7 +5744,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5787,7 +5787,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5831,7 +5831,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5874,7 +5874,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5915,7 +5915,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5958,7 +5958,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6001,7 +6001,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6044,7 +6044,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6087,7 +6087,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6130,7 +6130,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6173,7 +6173,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6217,7 +6217,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6260,7 +6260,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6301,7 +6301,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6344,7 +6344,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6387,7 +6387,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6430,7 +6430,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6473,7 +6473,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6516,7 +6516,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6559,7 +6559,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6600,7 +6600,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6643,7 +6643,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6684,7 +6684,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6727,7 +6727,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6770,7 +6770,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6813,7 +6813,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6856,7 +6856,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6897,7 +6897,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6940,7 +6940,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6981,7 +6981,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7024,7 +7024,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7067,7 +7067,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7108,7 +7108,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7151,7 +7151,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7194,7 +7194,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7237,7 +7237,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7278,7 +7278,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7321,7 +7321,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7362,7 +7362,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7405,7 +7405,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7448,7 +7448,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7491,7 +7491,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7534,7 +7534,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7575,7 +7575,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7618,7 +7618,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7659,7 +7659,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7702,7 +7702,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7745,7 +7745,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7786,7 +7786,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7822,8 +7822,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 80 192.168.0.0/16 any 0.0.0.0/0 Apache - in
+--A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 80 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache'
+--A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache'
++-A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 80 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache'
++-A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache'
+ -A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 80 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache'
+
+ ### END RULES ###
+@@ -7831,7 +7831,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7867,8 +7867,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 443 192.168.0.0/16 any 0.0.0.0/0 Apache%20Secure - in
+--A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 443 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache%20Secure'
+--A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 443 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Secure'
++-A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 443 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache%20Secure'
++-A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Secure'
+ -A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 443 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache%20Secure'
+
+ ### END RULES ###
+@@ -7876,7 +7876,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7912,8 +7912,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 80,443 192.168.0.0/16 any 0.0.0.0/0 Apache%20Full - in
+--A ufw-user-input -p tcp -m multiport --dports 80,443 -d 192.168.0.0/16 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache%20Full'
+--A ufw-user-input -p tcp -m multiport --dports 80,443 -d 192.168.0.0/16 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Full'
++-A ufw-user-input -p tcp -m multiport --dports 80,443 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache%20Full'
++-A ufw-user-input -p tcp -m multiport --dports 80,443 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Full'
+ -A ufw-user-input -p tcp -m multiport --dports 80,443 -d 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache%20Full'
+
+ ### END RULES ###
+@@ -7921,7 +7921,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7957,11 +7957,11 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit any 53 192.168.0.0/16 any 0.0.0.0/0 Bind9 - in
+--A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 53 -m state --state NEW -m recent --set -m comment --comment 'dapp_Bind9'
+--A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 53 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9'
++-A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9'
++-A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9'
+ -A ufw-user-input -p tcp -d 192.168.0.0/16 --dport 53 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9'
+--A ufw-user-input -p udp -d 192.168.0.0/16 --dport 53 -m state --state NEW -m recent --set -m comment --comment 'dapp_Bind9'
+--A ufw-user-input -p udp -d 192.168.0.0/16 --dport 53 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9'
++-A ufw-user-input -p udp -d 192.168.0.0/16 --dport 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9'
++-A ufw-user-input -p udp -d 192.168.0.0/16 --dport 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9'
+ -A ufw-user-input -p udp -d 192.168.0.0/16 --dport 53 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9'
+
+ ### END RULES ###
+@@ -7969,7 +7969,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8005,8 +8005,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 137,138 192.168.0.0/16 any 0.0.0.0/0 Samba - in
+--A ufw-user-input -p udp -m multiport --dports 137,138 -d 192.168.0.0/16 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -p udp -m multiport --dports 137,138 -d 192.168.0.0/16 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -d 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### END RULES ###
+@@ -8014,7 +8014,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8045,13 +8045,13 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### limit udp 137,138 192.168.0.0/16 any 0.0.0.0/0 Samba - in
+--A ufw-user-input -p udp -m multiport --dports 137,138 -d 192.168.0.0/16 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -p udp -m multiport --dports 137,138 -d 192.168.0.0/16 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -d 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### tuple ### limit tcp 139,445 192.168.0.0/16 any 0.0.0.0/0 Samba - in
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -d 192.168.0.0/16 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -d 192.168.0.0/16 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -d 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### END RULES ###
+@@ -8059,7 +8059,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8095,8 +8095,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 123 192.168.0.0/16 any 0.0.0.0/0 OpenNTPD - in
+--A ufw-user-input -p udp -d 192.168.0.0/16 --dport 123 -m state --state NEW -m recent --set -m comment --comment 'dapp_OpenNTPD'
+--A ufw-user-input -p udp -d 192.168.0.0/16 --dport 123 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_OpenNTPD'
++-A ufw-user-input -p udp -d 192.168.0.0/16 --dport 123 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_OpenNTPD'
++-A ufw-user-input -p udp -d 192.168.0.0/16 --dport 123 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_OpenNTPD'
+ -A ufw-user-input -p udp -d 192.168.0.0/16 --dport 123 -j ufw-user-limit-accept -m comment --comment 'dapp_OpenNTPD'
+
+ ### END RULES ###
+@@ -8104,7 +8104,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8140,8 +8140,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 1234,5678 192.168.0.0/16 any 0.0.0.0/0 Multi%20TCP - in
+--A ufw-user-input -p tcp -m multiport --dports 1234,5678 -d 192.168.0.0/16 -m state --state NEW -m recent --set -m comment --comment 'dapp_Multi%20TCP'
+--A ufw-user-input -p tcp -m multiport --dports 1234,5678 -d 192.168.0.0/16 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Multi%20TCP'
++-A ufw-user-input -p tcp -m multiport --dports 1234,5678 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Multi%20TCP'
++-A ufw-user-input -p tcp -m multiport --dports 1234,5678 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Multi%20TCP'
+ -A ufw-user-input -p tcp -m multiport --dports 1234,5678 -d 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'dapp_Multi%20TCP'
+
+ ### END RULES ###
+@@ -8149,7 +8149,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8185,8 +8185,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 1234,5678 192.168.0.0/16 any 0.0.0.0/0 Multi%20UDP - in
+--A ufw-user-input -p udp -m multiport --dports 1234,5678 -d 192.168.0.0/16 -m state --state NEW -m recent --set -m comment --comment 'dapp_Multi%20UDP'
+--A ufw-user-input -p udp -m multiport --dports 1234,5678 -d 192.168.0.0/16 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Multi%20UDP'
++-A ufw-user-input -p udp -m multiport --dports 1234,5678 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Multi%20UDP'
++-A ufw-user-input -p udp -m multiport --dports 1234,5678 -d 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Multi%20UDP'
+ -A ufw-user-input -p udp -m multiport --dports 1234,5678 -d 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'dapp_Multi%20UDP'
+
+ ### END RULES ###
+@@ -8194,7 +8194,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8230,8 +8230,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in
+--A ufw-user-input -p tcp --dport 80 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache'
+--A ufw-user-input -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache'
++-A ufw-user-input -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache'
++-A ufw-user-input -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache'
+ -A ufw-user-input -p tcp --dport 80 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache'
+
+ ### END RULES ###
+@@ -8239,7 +8239,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8275,8 +8275,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 443 0.0.0.0/0 any 0.0.0.0/0 Apache%20Secure - in
+--A ufw-user-input -p tcp --dport 443 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache%20Secure'
+--A ufw-user-input -p tcp --dport 443 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Secure'
++-A ufw-user-input -p tcp --dport 443 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache%20Secure'
++-A ufw-user-input -p tcp --dport 443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Secure'
+ -A ufw-user-input -p tcp --dport 443 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache%20Secure'
+
+ ### END RULES ###
+@@ -8284,7 +8284,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8320,8 +8320,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 80,443 0.0.0.0/0 any 0.0.0.0/0 Apache%20Full - in
+--A ufw-user-input -p tcp -m multiport --dports 80,443 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache%20Full'
+--A ufw-user-input -p tcp -m multiport --dports 80,443 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Full'
++-A ufw-user-input -p tcp -m multiport --dports 80,443 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache%20Full'
++-A ufw-user-input -p tcp -m multiport --dports 80,443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Full'
+ -A ufw-user-input -p tcp -m multiport --dports 80,443 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache%20Full'
+
+ ### END RULES ###
+@@ -8329,7 +8329,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8365,11 +8365,11 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit any 53 0.0.0.0/0 any 0.0.0.0/0 Bind9 - in
+--A ufw-user-input -p tcp --dport 53 -m state --state NEW -m recent --set -m comment --comment 'dapp_Bind9'
+--A ufw-user-input -p tcp --dport 53 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9'
++-A ufw-user-input -p tcp --dport 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9'
++-A ufw-user-input -p tcp --dport 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9'
+ -A ufw-user-input -p tcp --dport 53 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9'
+--A ufw-user-input -p udp --dport 53 -m state --state NEW -m recent --set -m comment --comment 'dapp_Bind9'
+--A ufw-user-input -p udp --dport 53 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9'
++-A ufw-user-input -p udp --dport 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9'
++-A ufw-user-input -p udp --dport 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9'
+ -A ufw-user-input -p udp --dport 53 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9'
+
+ ### END RULES ###
+@@ -8377,7 +8377,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8413,8 +8413,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### END RULES ###
+@@ -8422,7 +8422,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8453,13 +8453,13 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### limit udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### tuple ### limit tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### END RULES ###
+@@ -8467,7 +8467,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8503,8 +8503,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 123 0.0.0.0/0 any 0.0.0.0/0 OpenNTPD - in
+--A ufw-user-input -p udp --dport 123 -m state --state NEW -m recent --set -m comment --comment 'dapp_OpenNTPD'
+--A ufw-user-input -p udp --dport 123 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_OpenNTPD'
++-A ufw-user-input -p udp --dport 123 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_OpenNTPD'
++-A ufw-user-input -p udp --dport 123 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_OpenNTPD'
+ -A ufw-user-input -p udp --dport 123 -j ufw-user-limit-accept -m comment --comment 'dapp_OpenNTPD'
+
+ ### END RULES ###
+@@ -8512,7 +8512,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8548,8 +8548,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 1234,5678 0.0.0.0/0 any 0.0.0.0/0 Multi%20TCP - in
+--A ufw-user-input -p tcp -m multiport --dports 1234,5678 -m state --state NEW -m recent --set -m comment --comment 'dapp_Multi%20TCP'
+--A ufw-user-input -p tcp -m multiport --dports 1234,5678 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Multi%20TCP'
++-A ufw-user-input -p tcp -m multiport --dports 1234,5678 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Multi%20TCP'
++-A ufw-user-input -p tcp -m multiport --dports 1234,5678 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Multi%20TCP'
+ -A ufw-user-input -p tcp -m multiport --dports 1234,5678 -j ufw-user-limit-accept -m comment --comment 'dapp_Multi%20TCP'
+
+ ### END RULES ###
+@@ -8557,7 +8557,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8593,8 +8593,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 1234,5678 0.0.0.0/0 any 0.0.0.0/0 Multi%20UDP - in
+--A ufw-user-input -p udp -m multiport --dports 1234,5678 -m state --state NEW -m recent --set -m comment --comment 'dapp_Multi%20UDP'
+--A ufw-user-input -p udp -m multiport --dports 1234,5678 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Multi%20UDP'
++-A ufw-user-input -p udp -m multiport --dports 1234,5678 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Multi%20UDP'
++-A ufw-user-input -p udp -m multiport --dports 1234,5678 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Multi%20UDP'
+ -A ufw-user-input -p udp -m multiport --dports 1234,5678 -j ufw-user-limit-accept -m comment --comment 'dapp_Multi%20UDP'
+
+ ### END RULES ###
+@@ -8602,7 +8602,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8638,8 +8638,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp any 0.0.0.0/0 80 192.168.0.0/16 - Apache in
+--A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 80 -m state --state NEW -m recent --set -m comment --comment 'sapp_Apache'
+--A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache'
++-A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 80 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Apache'
++-A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache'
+ -A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 80 -j ufw-user-limit-accept -m comment --comment 'sapp_Apache'
+
+ ### END RULES ###
+@@ -8647,7 +8647,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8683,8 +8683,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp any 0.0.0.0/0 443 192.168.0.0/16 - Apache%20Secure in
+--A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 443 -m state --state NEW -m recent --set -m comment --comment 'sapp_Apache%20Secure'
+--A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 443 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache%20Secure'
++-A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 443 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Apache%20Secure'
++-A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache%20Secure'
+ -A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 443 -j ufw-user-limit-accept -m comment --comment 'sapp_Apache%20Secure'
+
+ ### END RULES ###
+@@ -8692,7 +8692,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8728,8 +8728,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp any 0.0.0.0/0 80,443 192.168.0.0/16 - Apache%20Full in
+--A ufw-user-input -p tcp -m multiport --sports 80,443 -s 192.168.0.0/16 -m state --state NEW -m recent --set -m comment --comment 'sapp_Apache%20Full'
+--A ufw-user-input -p tcp -m multiport --sports 80,443 -s 192.168.0.0/16 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache%20Full'
++-A ufw-user-input -p tcp -m multiport --sports 80,443 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Apache%20Full'
++-A ufw-user-input -p tcp -m multiport --sports 80,443 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache%20Full'
+ -A ufw-user-input -p tcp -m multiport --sports 80,443 -s 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'sapp_Apache%20Full'
+
+ ### END RULES ###
+@@ -8737,7 +8737,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8773,11 +8773,11 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit any any 0.0.0.0/0 53 192.168.0.0/16 - Bind9 in
+--A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 53 -m state --state NEW -m recent --set -m comment --comment 'sapp_Bind9'
+--A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 53 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Bind9'
++-A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Bind9'
++-A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Bind9'
+ -A ufw-user-input -p tcp -s 192.168.0.0/16 --sport 53 -j ufw-user-limit-accept -m comment --comment 'sapp_Bind9'
+--A ufw-user-input -p udp -s 192.168.0.0/16 --sport 53 -m state --state NEW -m recent --set -m comment --comment 'sapp_Bind9'
+--A ufw-user-input -p udp -s 192.168.0.0/16 --sport 53 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Bind9'
++-A ufw-user-input -p udp -s 192.168.0.0/16 --sport 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Bind9'
++-A ufw-user-input -p udp -s 192.168.0.0/16 --sport 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Bind9'
+ -A ufw-user-input -p udp -s 192.168.0.0/16 --sport 53 -j ufw-user-limit-accept -m comment --comment 'sapp_Bind9'
+
+ ### END RULES ###
+@@ -8785,7 +8785,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8821,8 +8821,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp any 0.0.0.0/0 137,138 192.168.0.0/16 - Samba in
+--A ufw-user-input -p udp -m multiport --sports 137,138 -s 192.168.0.0/16 -m state --state NEW -m recent --set -m comment --comment 'sapp_Samba'
+--A ufw-user-input -p udp -m multiport --sports 137,138 -s 192.168.0.0/16 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba'
++-A ufw-user-input -p udp -m multiport --sports 137,138 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba'
++-A ufw-user-input -p udp -m multiport --sports 137,138 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba'
+ -A ufw-user-input -p udp -m multiport --sports 137,138 -s 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba'
+
+ ### END RULES ###
+@@ -8830,7 +8830,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8861,13 +8861,13 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### limit udp any 0.0.0.0/0 137,138 192.168.0.0/16 - Samba in
+--A ufw-user-input -p udp -m multiport --sports 137,138 -s 192.168.0.0/16 -m state --state NEW -m recent --set -m comment --comment 'sapp_Samba'
+--A ufw-user-input -p udp -m multiport --sports 137,138 -s 192.168.0.0/16 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba'
++-A ufw-user-input -p udp -m multiport --sports 137,138 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba'
++-A ufw-user-input -p udp -m multiport --sports 137,138 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba'
+ -A ufw-user-input -p udp -m multiport --sports 137,138 -s 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba'
+
+ ### tuple ### limit tcp any 0.0.0.0/0 139,445 192.168.0.0/16 - Samba in
+--A ufw-user-input -p tcp -m multiport --sports 139,445 -s 192.168.0.0/16 -m state --state NEW -m recent --set -m comment --comment 'sapp_Samba'
+--A ufw-user-input -p tcp -m multiport --sports 139,445 -s 192.168.0.0/16 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba'
++-A ufw-user-input -p tcp -m multiport --sports 139,445 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba'
++-A ufw-user-input -p tcp -m multiport --sports 139,445 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba'
+ -A ufw-user-input -p tcp -m multiport --sports 139,445 -s 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba'
+
+ ### END RULES ###
+@@ -8875,7 +8875,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8911,8 +8911,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp any 0.0.0.0/0 123 192.168.0.0/16 - OpenNTPD in
+--A ufw-user-input -p udp -s 192.168.0.0/16 --sport 123 -m state --state NEW -m recent --set -m comment --comment 'sapp_OpenNTPD'
+--A ufw-user-input -p udp -s 192.168.0.0/16 --sport 123 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_OpenNTPD'
++-A ufw-user-input -p udp -s 192.168.0.0/16 --sport 123 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_OpenNTPD'
++-A ufw-user-input -p udp -s 192.168.0.0/16 --sport 123 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_OpenNTPD'
+ -A ufw-user-input -p udp -s 192.168.0.0/16 --sport 123 -j ufw-user-limit-accept -m comment --comment 'sapp_OpenNTPD'
+
+ ### END RULES ###
+@@ -8920,7 +8920,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8956,8 +8956,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp any 0.0.0.0/0 1234,5678 192.168.0.0/16 - Multi%20TCP in
+--A ufw-user-input -p tcp -m multiport --sports 1234,5678 -s 192.168.0.0/16 -m state --state NEW -m recent --set -m comment --comment 'sapp_Multi%20TCP'
+--A ufw-user-input -p tcp -m multiport --sports 1234,5678 -s 192.168.0.0/16 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Multi%20TCP'
++-A ufw-user-input -p tcp -m multiport --sports 1234,5678 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Multi%20TCP'
++-A ufw-user-input -p tcp -m multiport --sports 1234,5678 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Multi%20TCP'
+ -A ufw-user-input -p tcp -m multiport --sports 1234,5678 -s 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'sapp_Multi%20TCP'
+
+ ### END RULES ###
+@@ -8965,7 +8965,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9001,8 +9001,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp any 0.0.0.0/0 1234,5678 192.168.0.0/16 - Multi%20UDP in
+--A ufw-user-input -p udp -m multiport --sports 1234,5678 -s 192.168.0.0/16 -m state --state NEW -m recent --set -m comment --comment 'sapp_Multi%20UDP'
+--A ufw-user-input -p udp -m multiport --sports 1234,5678 -s 192.168.0.0/16 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Multi%20UDP'
++-A ufw-user-input -p udp -m multiport --sports 1234,5678 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Multi%20UDP'
++-A ufw-user-input -p udp -m multiport --sports 1234,5678 -s 192.168.0.0/16 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Multi%20UDP'
+ -A ufw-user-input -p udp -m multiport --sports 1234,5678 -s 192.168.0.0/16 -j ufw-user-limit-accept -m comment --comment 'sapp_Multi%20UDP'
+
+ ### END RULES ###
+@@ -9010,7 +9010,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9046,8 +9046,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp any 0.0.0.0/0 80 0.0.0.0/0 - Apache in
+--A ufw-user-input -p tcp --sport 80 -m state --state NEW -m recent --set -m comment --comment 'sapp_Apache'
+--A ufw-user-input -p tcp --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache'
++-A ufw-user-input -p tcp --sport 80 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Apache'
++-A ufw-user-input -p tcp --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache'
+ -A ufw-user-input -p tcp --sport 80 -j ufw-user-limit-accept -m comment --comment 'sapp_Apache'
+
+ ### END RULES ###
+@@ -9055,7 +9055,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9091,8 +9091,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp any 0.0.0.0/0 443 0.0.0.0/0 - Apache%20Secure in
+--A ufw-user-input -p tcp --sport 443 -m state --state NEW -m recent --set -m comment --comment 'sapp_Apache%20Secure'
+--A ufw-user-input -p tcp --sport 443 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache%20Secure'
++-A ufw-user-input -p tcp --sport 443 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Apache%20Secure'
++-A ufw-user-input -p tcp --sport 443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache%20Secure'
+ -A ufw-user-input -p tcp --sport 443 -j ufw-user-limit-accept -m comment --comment 'sapp_Apache%20Secure'
+
+ ### END RULES ###
+@@ -9100,7 +9100,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9136,8 +9136,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp any 0.0.0.0/0 80,443 0.0.0.0/0 - Apache%20Full in
+--A ufw-user-input -p tcp -m multiport --sports 80,443 -m state --state NEW -m recent --set -m comment --comment 'sapp_Apache%20Full'
+--A ufw-user-input -p tcp -m multiport --sports 80,443 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache%20Full'
++-A ufw-user-input -p tcp -m multiport --sports 80,443 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Apache%20Full'
++-A ufw-user-input -p tcp -m multiport --sports 80,443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache%20Full'
+ -A ufw-user-input -p tcp -m multiport --sports 80,443 -j ufw-user-limit-accept -m comment --comment 'sapp_Apache%20Full'
+
+ ### END RULES ###
+@@ -9145,7 +9145,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9181,11 +9181,11 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit any any 0.0.0.0/0 53 0.0.0.0/0 - Bind9 in
+--A ufw-user-input -p tcp --sport 53 -m state --state NEW -m recent --set -m comment --comment 'sapp_Bind9'
+--A ufw-user-input -p tcp --sport 53 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Bind9'
++-A ufw-user-input -p tcp --sport 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Bind9'
++-A ufw-user-input -p tcp --sport 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Bind9'
+ -A ufw-user-input -p tcp --sport 53 -j ufw-user-limit-accept -m comment --comment 'sapp_Bind9'
+--A ufw-user-input -p udp --sport 53 -m state --state NEW -m recent --set -m comment --comment 'sapp_Bind9'
+--A ufw-user-input -p udp --sport 53 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Bind9'
++-A ufw-user-input -p udp --sport 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Bind9'
++-A ufw-user-input -p udp --sport 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Bind9'
+ -A ufw-user-input -p udp --sport 53 -j ufw-user-limit-accept -m comment --comment 'sapp_Bind9'
+
+ ### END RULES ###
+@@ -9193,7 +9193,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9229,8 +9229,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp any 0.0.0.0/0 137,138 0.0.0.0/0 - Samba in
+--A ufw-user-input -p udp -m multiport --sports 137,138 -m state --state NEW -m recent --set -m comment --comment 'sapp_Samba'
+--A ufw-user-input -p udp -m multiport --sports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba'
++-A ufw-user-input -p udp -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba'
++-A ufw-user-input -p udp -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba'
+ -A ufw-user-input -p udp -m multiport --sports 137,138 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba'
+
+ ### END RULES ###
+@@ -9238,7 +9238,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9269,13 +9269,13 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### limit udp any 0.0.0.0/0 137,138 0.0.0.0/0 - Samba in
+--A ufw-user-input -p udp -m multiport --sports 137,138 -m state --state NEW -m recent --set -m comment --comment 'sapp_Samba'
+--A ufw-user-input -p udp -m multiport --sports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba'
++-A ufw-user-input -p udp -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba'
++-A ufw-user-input -p udp -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba'
+ -A ufw-user-input -p udp -m multiport --sports 137,138 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba'
+
+ ### tuple ### limit tcp any 0.0.0.0/0 139,445 0.0.0.0/0 - Samba in
+--A ufw-user-input -p tcp -m multiport --sports 139,445 -m state --state NEW -m recent --set -m comment --comment 'sapp_Samba'
+--A ufw-user-input -p tcp -m multiport --sports 139,445 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba'
++-A ufw-user-input -p tcp -m multiport --sports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba'
++-A ufw-user-input -p tcp -m multiport --sports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba'
+ -A ufw-user-input -p tcp -m multiport --sports 139,445 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba'
+
+ ### END RULES ###
+@@ -9283,7 +9283,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9319,8 +9319,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp any 0.0.0.0/0 123 0.0.0.0/0 - OpenNTPD in
+--A ufw-user-input -p udp --sport 123 -m state --state NEW -m recent --set -m comment --comment 'sapp_OpenNTPD'
+--A ufw-user-input -p udp --sport 123 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_OpenNTPD'
++-A ufw-user-input -p udp --sport 123 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_OpenNTPD'
++-A ufw-user-input -p udp --sport 123 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_OpenNTPD'
+ -A ufw-user-input -p udp --sport 123 -j ufw-user-limit-accept -m comment --comment 'sapp_OpenNTPD'
+
+ ### END RULES ###
+@@ -9328,7 +9328,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9364,8 +9364,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp any 0.0.0.0/0 1234,5678 0.0.0.0/0 - Multi%20TCP in
+--A ufw-user-input -p tcp -m multiport --sports 1234,5678 -m state --state NEW -m recent --set -m comment --comment 'sapp_Multi%20TCP'
+--A ufw-user-input -p tcp -m multiport --sports 1234,5678 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Multi%20TCP'
++-A ufw-user-input -p tcp -m multiport --sports 1234,5678 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Multi%20TCP'
++-A ufw-user-input -p tcp -m multiport --sports 1234,5678 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Multi%20TCP'
+ -A ufw-user-input -p tcp -m multiport --sports 1234,5678 -j ufw-user-limit-accept -m comment --comment 'sapp_Multi%20TCP'
+
+ ### END RULES ###
+@@ -9373,7 +9373,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9409,8 +9409,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp any 0.0.0.0/0 1234,5678 0.0.0.0/0 - Multi%20UDP in
+--A ufw-user-input -p udp -m multiport --sports 1234,5678 -m state --state NEW -m recent --set -m comment --comment 'sapp_Multi%20UDP'
+--A ufw-user-input -p udp -m multiport --sports 1234,5678 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Multi%20UDP'
++-A ufw-user-input -p udp -m multiport --sports 1234,5678 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Multi%20UDP'
++-A ufw-user-input -p udp -m multiport --sports 1234,5678 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Multi%20UDP'
+ -A ufw-user-input -p udp -m multiport --sports 1234,5678 -j ufw-user-limit-accept -m comment --comment 'sapp_Multi%20UDP'
+
+ ### END RULES ###
+@@ -9418,7 +9418,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9454,8 +9454,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 8080 192.168.0.2 80 192.168.0.1 - Apache in
+--A ufw-user-input -p tcp -d 192.168.0.2 --dport 8080 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set -m comment --comment 'sapp_Apache'
+--A ufw-user-input -p tcp -d 192.168.0.2 --dport 8080 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache'
++-A ufw-user-input -p tcp -d 192.168.0.2 --dport 8080 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Apache'
++-A ufw-user-input -p tcp -d 192.168.0.2 --dport 8080 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache'
+ -A ufw-user-input -p tcp -d 192.168.0.2 --dport 8080 -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept -m comment --comment 'sapp_Apache'
+
+ ### END RULES ###
+@@ -9463,7 +9463,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9499,8 +9499,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 10123 192.168.0.2 123 192.168.0.1 - OpenNTPD in
+--A ufw-user-input -p udp -d 192.168.0.2 --dport 10123 -s 192.168.0.1 --sport 123 -m state --state NEW -m recent --set -m comment --comment 'sapp_OpenNTPD'
+--A ufw-user-input -p udp -d 192.168.0.2 --dport 10123 -s 192.168.0.1 --sport 123 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_OpenNTPD'
++-A ufw-user-input -p udp -d 192.168.0.2 --dport 10123 -s 192.168.0.1 --sport 123 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_OpenNTPD'
++-A ufw-user-input -p udp -d 192.168.0.2 --dport 10123 -s 192.168.0.1 --sport 123 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_OpenNTPD'
+ -A ufw-user-input -p udp -d 192.168.0.2 --dport 10123 -s 192.168.0.1 --sport 123 -j ufw-user-limit-accept -m comment --comment 'sapp_OpenNTPD'
+
+ ### END RULES ###
+@@ -9508,7 +9508,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9544,8 +9544,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 53 192.168.0.2 137,138 192.168.0.1 Bind9 Samba in
+--A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Bind9,sapp_Samba'
+--A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9,sapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9,sapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9,sapp_Samba'
+ -A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9,sapp_Samba'
+
+ ### END RULES ###
+@@ -9553,7 +9553,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9584,13 +9584,13 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### limit udp 53 192.168.0.2 137,138 192.168.0.1 Bind9 Samba in
+--A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Bind9,sapp_Samba'
+--A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9,sapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9,sapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9,sapp_Samba'
+ -A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9,sapp_Samba'
+
+ ### tuple ### limit tcp 53 192.168.0.2 139,445 192.168.0.1 Bind9 Samba in
+--A ufw-user-input -p tcp -m multiport --dports 53 -m multiport --sports 139,445 -d 192.168.0.2 -s 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Bind9,sapp_Samba'
+--A ufw-user-input -p tcp -m multiport --dports 53 -m multiport --sports 139,445 -d 192.168.0.2 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9,sapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 53 -m multiport --sports 139,445 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9,sapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 53 -m multiport --sports 139,445 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9,sapp_Samba'
+ -A ufw-user-input -p tcp -m multiport --dports 53 -m multiport --sports 139,445 -d 192.168.0.2 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9,sapp_Samba'
+
+ ### END RULES ###
+@@ -9598,7 +9598,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9634,8 +9634,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 22 192.168.0.2 137,138 192.168.0.1 - Samba in
+--A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'sapp_Samba'
+--A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba'
+ -A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba'
+
+ ### END RULES ###
+@@ -9643,7 +9643,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9674,13 +9674,13 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### limit udp 22 192.168.0.2 137,138 192.168.0.1 - Samba in
+--A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'sapp_Samba'
+--A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba'
+ -A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -d 192.168.0.2 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba'
+
+ ### tuple ### limit tcp 22 192.168.0.2 139,445 192.168.0.1 - Samba in
+--A ufw-user-input -p tcp -m multiport --dports 22 -m multiport --sports 139,445 -d 192.168.0.2 -s 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'sapp_Samba'
+--A ufw-user-input -p tcp -m multiport --dports 22 -m multiport --sports 139,445 -d 192.168.0.2 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 22 -m multiport --sports 139,445 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 22 -m multiport --sports 139,445 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba'
+ -A ufw-user-input -p tcp -m multiport --dports 22 -m multiport --sports 139,445 -d 192.168.0.2 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba'
+
+ ### END RULES ###
+@@ -9688,7 +9688,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9724,8 +9724,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 80,443 192.168.0.2 80 192.168.0.1 Apache%20Full Apache in
+--A ufw-user-input -p tcp -m multiport --dports 80,443 -m multiport --sports 80 -d 192.168.0.2 -s 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache%20Full,sapp_Apache'
+--A ufw-user-input -p tcp -m multiport --dports 80,443 -m multiport --sports 80 -d 192.168.0.2 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Full,sapp_Apache'
++-A ufw-user-input -p tcp -m multiport --dports 80,443 -m multiport --sports 80 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache%20Full,sapp_Apache'
++-A ufw-user-input -p tcp -m multiport --dports 80,443 -m multiport --sports 80 -d 192.168.0.2 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Full,sapp_Apache'
+ -A ufw-user-input -p tcp -m multiport --dports 80,443 -m multiport --sports 80 -d 192.168.0.2 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache%20Full,sapp_Apache'
+
+ ### END RULES ###
+@@ -9733,7 +9733,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9769,8 +9769,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 80 192.168.0.1 8080 192.168.0.2 Apache - in
+--A ufw-user-input -p tcp -d 192.168.0.1 --dport 80 -s 192.168.0.2 --sport 8080 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache'
+--A ufw-user-input -p tcp -d 192.168.0.1 --dport 80 -s 192.168.0.2 --sport 8080 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache'
++-A ufw-user-input -p tcp -d 192.168.0.1 --dport 80 -s 192.168.0.2 --sport 8080 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache'
++-A ufw-user-input -p tcp -d 192.168.0.1 --dport 80 -s 192.168.0.2 --sport 8080 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache'
+ -A ufw-user-input -p tcp -d 192.168.0.1 --dport 80 -s 192.168.0.2 --sport 8080 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache'
+
+ ### END RULES ###
+@@ -9778,7 +9778,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9814,8 +9814,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 123 192.168.0.1 10123 192.168.0.2 OpenNTPD - in
+--A ufw-user-input -p udp -d 192.168.0.1 --dport 123 -s 192.168.0.2 --sport 10123 -m state --state NEW -m recent --set -m comment --comment 'dapp_OpenNTPD'
+--A ufw-user-input -p udp -d 192.168.0.1 --dport 123 -s 192.168.0.2 --sport 10123 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_OpenNTPD'
++-A ufw-user-input -p udp -d 192.168.0.1 --dport 123 -s 192.168.0.2 --sport 10123 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_OpenNTPD'
++-A ufw-user-input -p udp -d 192.168.0.1 --dport 123 -s 192.168.0.2 --sport 10123 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_OpenNTPD'
+ -A ufw-user-input -p udp -d 192.168.0.1 --dport 123 -s 192.168.0.2 --sport 10123 -j ufw-user-limit-accept -m comment --comment 'dapp_OpenNTPD'
+
+ ### END RULES ###
+@@ -9823,7 +9823,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9859,8 +9859,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 137,138 192.168.0.1 53 192.168.0.2 Samba Bind9 in
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Bind9'
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Bind9'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Bind9'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Bind9'
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Bind9'
+
+ ### END RULES ###
+@@ -9868,7 +9868,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9899,13 +9899,13 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### limit udp 137,138 192.168.0.1 53 192.168.0.2 Samba Bind9 in
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Bind9'
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Bind9'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Bind9'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Bind9'
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Bind9'
+
+ ### tuple ### limit tcp 139,445 192.168.0.1 53 192.168.0.2 Samba Bind9 in
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Bind9'
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Bind9'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Bind9'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Bind9'
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 53 -d 192.168.0.1 -s 192.168.0.2 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Bind9'
+
+ ### END RULES ###
+@@ -9913,7 +9913,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9949,8 +9949,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 137,138 192.168.0.1 22 192.168.0.2 Samba - in
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -d 192.168.0.1 -s 192.168.0.2 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -d 192.168.0.1 -s 192.168.0.2 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -d 192.168.0.1 -s 192.168.0.2 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### END RULES ###
+@@ -9958,7 +9958,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9989,13 +9989,13 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### limit udp 137,138 192.168.0.1 22 192.168.0.2 Samba - in
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -d 192.168.0.1 -s 192.168.0.2 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -d 192.168.0.1 -s 192.168.0.2 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -d 192.168.0.1 -s 192.168.0.2 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### tuple ### limit tcp 139,445 192.168.0.1 22 192.168.0.2 Samba - in
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 22 -d 192.168.0.1 -s 192.168.0.2 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 22 -d 192.168.0.1 -s 192.168.0.2 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 22 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 22 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 22 -d 192.168.0.1 -s 192.168.0.2 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### END RULES ###
+@@ -10003,7 +10003,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10039,8 +10039,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 80 192.168.0.1 80,443 192.168.0.2 Apache Apache%20Full in
+--A ufw-user-input -p tcp -m multiport --dports 80 -m multiport --sports 80,443 -d 192.168.0.1 -s 192.168.0.2 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache,sapp_Apache%20Full'
+--A ufw-user-input -p tcp -m multiport --dports 80 -m multiport --sports 80,443 -d 192.168.0.1 -s 192.168.0.2 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache,sapp_Apache%20Full'
++-A ufw-user-input -p tcp -m multiport --dports 80 -m multiport --sports 80,443 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache,sapp_Apache%20Full'
++-A ufw-user-input -p tcp -m multiport --dports 80 -m multiport --sports 80,443 -d 192.168.0.1 -s 192.168.0.2 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache,sapp_Apache%20Full'
+ -A ufw-user-input -p tcp -m multiport --dports 80 -m multiport --sports 80,443 -d 192.168.0.1 -s 192.168.0.2 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache,sapp_Apache%20Full'
+
+ ### END RULES ###
+@@ -10048,7 +10048,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10084,8 +10084,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 137,138 192.168.0.1 137,138 192.168.0.1 Samba Samba in
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 192.168.0.1 -s 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba'
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 192.168.0.1 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 192.168.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 192.168.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba'
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 192.168.0.1 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba'
+
+ ### END RULES ###
+@@ -10093,7 +10093,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10124,13 +10124,13 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### limit udp 137,138 192.168.0.1 137,138 192.168.0.1 Samba Samba in
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 192.168.0.1 -s 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba'
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 192.168.0.1 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 192.168.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 192.168.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba'
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 192.168.0.1 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba'
+
+ ### tuple ### limit tcp 139,445 192.168.0.1 139,445 192.168.0.1 Samba Samba in
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 192.168.0.1 -s 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba'
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 192.168.0.1 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 192.168.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 192.168.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba'
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 192.168.0.1 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba'
+
+ ### END RULES ###
+@@ -10138,7 +10138,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10174,8 +10174,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 8080 0.0.0.0/0 80 0.0.0.0/0 - Apache in
+--A ufw-user-input -p tcp --dport 8080 --sport 80 -m state --state NEW -m recent --set -m comment --comment 'sapp_Apache'
+--A ufw-user-input -p tcp --dport 8080 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache'
++-A ufw-user-input -p tcp --dport 8080 --sport 80 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Apache'
++-A ufw-user-input -p tcp --dport 8080 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Apache'
+ -A ufw-user-input -p tcp --dport 8080 --sport 80 -j ufw-user-limit-accept -m comment --comment 'sapp_Apache'
+
+ ### END RULES ###
+@@ -10183,7 +10183,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10219,8 +10219,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 10123 0.0.0.0/0 123 0.0.0.0/0 - OpenNTPD in
+--A ufw-user-input -p udp --dport 10123 --sport 123 -m state --state NEW -m recent --set -m comment --comment 'sapp_OpenNTPD'
+--A ufw-user-input -p udp --dport 10123 --sport 123 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_OpenNTPD'
++-A ufw-user-input -p udp --dport 10123 --sport 123 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_OpenNTPD'
++-A ufw-user-input -p udp --dport 10123 --sport 123 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_OpenNTPD'
+ -A ufw-user-input -p udp --dport 10123 --sport 123 -j ufw-user-limit-accept -m comment --comment 'sapp_OpenNTPD'
+
+ ### END RULES ###
+@@ -10228,7 +10228,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10264,8 +10264,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 53 0.0.0.0/0 137,138 0.0.0.0/0 Bind9 Samba in
+--A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Bind9,sapp_Samba'
+--A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9,sapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9,sapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9,sapp_Samba'
+ -A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9,sapp_Samba'
+
+ ### END RULES ###
+@@ -10273,7 +10273,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10304,13 +10304,13 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### limit udp 53 0.0.0.0/0 137,138 0.0.0.0/0 Bind9 Samba in
+--A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Bind9,sapp_Samba'
+--A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9,sapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9,sapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9,sapp_Samba'
+ -A ufw-user-input -p udp -m multiport --dports 53 -m multiport --sports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9,sapp_Samba'
+
+ ### tuple ### limit tcp 53 0.0.0.0/0 139,445 0.0.0.0/0 Bind9 Samba in
+--A ufw-user-input -p tcp -m multiport --dports 53 -m multiport --sports 139,445 -m state --state NEW -m recent --set -m comment --comment 'dapp_Bind9,sapp_Samba'
+--A ufw-user-input -p tcp -m multiport --dports 53 -m multiport --sports 139,445 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9,sapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 53 -m multiport --sports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Bind9,sapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 53 -m multiport --sports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Bind9,sapp_Samba'
+ -A ufw-user-input -p tcp -m multiport --dports 53 -m multiport --sports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Bind9,sapp_Samba'
+
+ ### END RULES ###
+@@ -10318,7 +10318,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10354,8 +10354,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 22 0.0.0.0/0 137,138 0.0.0.0/0 - Samba in
+--A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -m state --state NEW -m recent --set -m comment --comment 'sapp_Samba'
+--A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba'
+ -A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba'
+
+ ### END RULES ###
+@@ -10363,7 +10363,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10394,13 +10394,13 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### limit udp 22 0.0.0.0/0 137,138 0.0.0.0/0 - Samba in
+--A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -m state --state NEW -m recent --set -m comment --comment 'sapp_Samba'
+--A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba'
+ -A ufw-user-input -p udp -m multiport --dports 22 -m multiport --sports 137,138 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba'
+
+ ### tuple ### limit tcp 22 0.0.0.0/0 139,445 0.0.0.0/0 - Samba in
+--A ufw-user-input -p tcp -m multiport --dports 22 -m multiport --sports 139,445 -m state --state NEW -m recent --set -m comment --comment 'sapp_Samba'
+--A ufw-user-input -p tcp -m multiport --dports 22 -m multiport --sports 139,445 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 22 -m multiport --sports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 22 -m multiport --sports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba'
+ -A ufw-user-input -p tcp -m multiport --dports 22 -m multiport --sports 139,445 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba'
+
+ ### END RULES ###
+@@ -10408,7 +10408,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10444,8 +10444,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 80,443 0.0.0.0/0 80 0.0.0.0/0 Apache%20Full Apache in
+--A ufw-user-input -p tcp -m multiport --dports 80,443 -m multiport --sports 80 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache%20Full,sapp_Apache'
+--A ufw-user-input -p tcp -m multiport --dports 80,443 -m multiport --sports 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Full,sapp_Apache'
++-A ufw-user-input -p tcp -m multiport --dports 80,443 -m multiport --sports 80 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache%20Full,sapp_Apache'
++-A ufw-user-input -p tcp -m multiport --dports 80,443 -m multiport --sports 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache%20Full,sapp_Apache'
+ -A ufw-user-input -p tcp -m multiport --dports 80,443 -m multiport --sports 80 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache%20Full,sapp_Apache'
+
+ ### END RULES ###
+@@ -10453,7 +10453,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10489,8 +10489,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 80 0.0.0.0/0 8080 0.0.0.0/0 Apache - in
+--A ufw-user-input -p tcp --dport 80 --sport 8080 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache'
+--A ufw-user-input -p tcp --dport 80 --sport 8080 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache'
++-A ufw-user-input -p tcp --dport 80 --sport 8080 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache'
++-A ufw-user-input -p tcp --dport 80 --sport 8080 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache'
+ -A ufw-user-input -p tcp --dport 80 --sport 8080 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache'
+
+ ### END RULES ###
+@@ -10498,7 +10498,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10534,8 +10534,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 123 0.0.0.0/0 10123 0.0.0.0/0 OpenNTPD - in
+--A ufw-user-input -p udp --dport 123 --sport 10123 -m state --state NEW -m recent --set -m comment --comment 'dapp_OpenNTPD'
+--A ufw-user-input -p udp --dport 123 --sport 10123 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_OpenNTPD'
++-A ufw-user-input -p udp --dport 123 --sport 10123 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_OpenNTPD'
++-A ufw-user-input -p udp --dport 123 --sport 10123 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_OpenNTPD'
+ -A ufw-user-input -p udp --dport 123 --sport 10123 -j ufw-user-limit-accept -m comment --comment 'dapp_OpenNTPD'
+
+ ### END RULES ###
+@@ -10543,7 +10543,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10579,8 +10579,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 137,138 0.0.0.0/0 53 0.0.0.0/0 Samba Bind9 in
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Bind9'
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Bind9'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Bind9'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Bind9'
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Bind9'
+
+ ### END RULES ###
+@@ -10588,7 +10588,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10619,13 +10619,13 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### limit udp 137,138 0.0.0.0/0 53 0.0.0.0/0 Samba Bind9 in
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Bind9'
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Bind9'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Bind9'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Bind9'
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 53 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Bind9'
+
+ ### tuple ### limit tcp 139,445 0.0.0.0/0 53 0.0.0.0/0 Samba Bind9 in
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 53 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Bind9'
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 53 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Bind9'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 53 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Bind9'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 53 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Bind9'
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 53 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Bind9'
+
+ ### END RULES ###
+@@ -10633,7 +10633,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10669,8 +10669,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 137,138 0.0.0.0/0 22 0.0.0.0/0 Samba - in
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### END RULES ###
+@@ -10678,7 +10678,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10709,13 +10709,13 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### limit udp 137,138 0.0.0.0/0 22 0.0.0.0/0 Samba - in
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 22 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### tuple ### limit tcp 139,445 0.0.0.0/0 22 0.0.0.0/0 Samba - in
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 22 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 22 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 22 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### END RULES ###
+@@ -10723,7 +10723,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10759,8 +10759,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 80 0.0.0.0/0 80,443 0.0.0.0/0 Apache Apache%20Full in
+--A ufw-user-input -p tcp -m multiport --dports 80 -m multiport --sports 80,443 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache,sapp_Apache%20Full'
+--A ufw-user-input -p tcp -m multiport --dports 80 -m multiport --sports 80,443 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache,sapp_Apache%20Full'
++-A ufw-user-input -p tcp -m multiport --dports 80 -m multiport --sports 80,443 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache,sapp_Apache%20Full'
++-A ufw-user-input -p tcp -m multiport --dports 80 -m multiport --sports 80,443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache,sapp_Apache%20Full'
+ -A ufw-user-input -p tcp -m multiport --dports 80 -m multiport --sports 80,443 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache,sapp_Apache%20Full'
+
+ ### END RULES ###
+@@ -10768,7 +10768,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10804,8 +10804,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 137,138 0.0.0.0/0 137,138 0.0.0.0/0 Samba Samba in
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba'
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba'
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba'
+
+ ### END RULES ###
+@@ -10813,7 +10813,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10844,13 +10844,13 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### limit udp 137,138 0.0.0.0/0 137,138 0.0.0.0/0 Samba Samba in
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba'
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba'
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba'
+
+ ### tuple ### limit tcp 139,445 0.0.0.0/0 139,445 0.0.0.0/0 Samba Samba in
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba'
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba'
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba'
+
+ ### END RULES ###
+@@ -10858,7 +10858,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10902,7 +10902,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10945,7 +10945,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10994,7 +10994,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11042,7 +11042,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11083,7 +11083,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11140,7 +11140,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11181,7 +11181,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11252,7 +11252,7 @@ TESTING INSERT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11299,7 +11299,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11389,7 +11389,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11445,7 +11445,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11508,7 +11508,7 @@ TESTING APPLICATION INTEGRATION (interfaces)
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11552,7 +11552,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11614,7 +11614,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11658,7 +11658,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11698,33 +11698,33 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### limit udp 137,138 192.168.0.1 any 0.0.0.0/0 Samba - in_eth0
+--A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### tuple ### limit tcp 139,445 192.168.0.1 any 0.0.0.0/0 Samba - in_eth0
+--A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### tuple ### limit udp any 0.0.0.0/0 137,138 10.0.0.1 - Samba in_eth0
+--A ufw-user-input -i eth0 -p udp -m multiport --sports 137,138 -s 10.0.0.1 -m state --state NEW -m recent --set -m comment --comment 'sapp_Samba'
+--A ufw-user-input -i eth0 -p udp -m multiport --sports 137,138 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba'
++-A ufw-user-input -i eth0 -p udp -m multiport --sports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba'
++-A ufw-user-input -i eth0 -p udp -m multiport --sports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba'
+ -A ufw-user-input -i eth0 -p udp -m multiport --sports 137,138 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba'
+
+ ### tuple ### limit tcp any 0.0.0.0/0 139,445 10.0.0.1 - Samba in_eth0
+--A ufw-user-input -i eth0 -p tcp -m multiport --sports 139,445 -s 10.0.0.1 -m state --state NEW -m recent --set -m comment --comment 'sapp_Samba'
+--A ufw-user-input -i eth0 -p tcp -m multiport --sports 139,445 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba'
++-A ufw-user-input -i eth0 -p tcp -m multiport --sports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba'
++-A ufw-user-input -i eth0 -p tcp -m multiport --sports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba'
+ -A ufw-user-input -i eth0 -p tcp -m multiport --sports 139,445 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba'
+
+ ### tuple ### limit udp 137,138 0.0.0.0/0 any 10.0.0.1 Samba - in_eth0
+--A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### tuple ### limit tcp 139,445 0.0.0.0/0 any 10.0.0.1 Samba - in_eth0
+--A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### END RULES ###
+@@ -11732,7 +11732,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11776,7 +11776,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11838,7 +11838,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11882,7 +11882,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11942,7 +11942,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11986,7 +11986,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -12048,7 +12048,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -12092,7 +12092,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -12154,7 +12154,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -12198,7 +12198,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -12238,33 +12238,33 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### limit udp 137,138 192.168.0.1 any 0.0.0.0/0 Samba - out_eth0
+--A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### tuple ### limit tcp 139,445 192.168.0.1 any 0.0.0.0/0 Samba - out_eth0
+--A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### tuple ### limit udp any 0.0.0.0/0 137,138 10.0.0.1 - Samba out_eth0
+--A ufw-user-output -o eth0 -p udp -m multiport --sports 137,138 -s 10.0.0.1 -m state --state NEW -m recent --set -m comment --comment 'sapp_Samba'
+--A ufw-user-output -o eth0 -p udp -m multiport --sports 137,138 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba'
++-A ufw-user-output -o eth0 -p udp -m multiport --sports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba'
++-A ufw-user-output -o eth0 -p udp -m multiport --sports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba'
+ -A ufw-user-output -o eth0 -p udp -m multiport --sports 137,138 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba'
+
+ ### tuple ### limit tcp any 0.0.0.0/0 139,445 10.0.0.1 - Samba out_eth0
+--A ufw-user-output -o eth0 -p tcp -m multiport --sports 139,445 -s 10.0.0.1 -m state --state NEW -m recent --set -m comment --comment 'sapp_Samba'
+--A ufw-user-output -o eth0 -p tcp -m multiport --sports 139,445 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba'
++-A ufw-user-output -o eth0 -p tcp -m multiport --sports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'sapp_Samba'
++-A ufw-user-output -o eth0 -p tcp -m multiport --sports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'sapp_Samba'
+ -A ufw-user-output -o eth0 -p tcp -m multiport --sports 139,445 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'sapp_Samba'
+
+ ### tuple ### limit udp 137,138 0.0.0.0/0 any 10.0.0.1 Samba - out_eth0
+--A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### tuple ### limit tcp 139,445 0.0.0.0/0 any 10.0.0.1 Samba - out_eth0
+--A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### END RULES ###
+@@ -12272,7 +12272,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -12316,7 +12316,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -12378,7 +12378,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -12422,7 +12422,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -12482,7 +12482,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -12526,7 +12526,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+diff --git a/tests/good/logging/result b/tests/good/logging/result
+index 6714e12..4b23f9a 100644
+--- a/tests/good/logging/result
++++ b/tests/good/logging/result
+@@ -102,69 +102,69 @@ contents of user*.rules:
+ ### RULES ###
+
+ ### tuple ### allow_log any 23 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p tcp --dport 23 -j RETURN
+ -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp --dport 23 -j ACCEPT
+--A ufw-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p udp --dport 23 -j RETURN
+ -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input
+ -A ufw-user-input -p udp --dport 23 -j ACCEPT
+
+ ### tuple ### allow_log tcp 25 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-logging-input -p tcp --dport 25 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p tcp --dport 25 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p tcp --dport 25 -j RETURN
+ -A ufw-user-input -p tcp --dport 25 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp --dport 25 -j ACCEPT
+
+ ### tuple ### allow_log udp 69 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-logging-input -p udp --dport 69 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p udp --dport 69 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p udp --dport 69 -j RETURN
+ -A ufw-user-input -p udp --dport 69 -j ufw-user-logging-input
+ -A ufw-user-input -p udp --dport 69 -j ACCEPT
+
+ ### tuple ### allow_log any 443 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-logging-input -p tcp --dport 443 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p tcp --dport 443 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p tcp --dport 443 -j RETURN
+ -A ufw-user-input -p tcp --dport 443 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp --dport 443 -j ACCEPT
+--A ufw-user-logging-input -p udp --dport 443 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p udp --dport 443 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p udp --dport 443 -j RETURN
+ -A ufw-user-input -p udp --dport 443 -j ufw-user-logging-input
+ -A ufw-user-input -p udp --dport 443 -j ACCEPT
+
+ ### tuple ### allow_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba'
+
+ ### tuple ### allow_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba'
+
+ ### tuple ### allow_log tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in
+--A ufw-user-logging-input -p tcp --dport 80 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p tcp --dport 80 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p tcp --dport 80 -j RETURN
+ -A ufw-user-input -p tcp --dport 80 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp --dport 80 -j ACCEPT -m comment --comment 'dapp_Apache'
+
+ ### tuple ### allow_log tcp 25 10.0.0.1 25 192.168.0.1 in
+--A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j RETURN
+ -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ACCEPT
+
+ ### tuple ### allow_log udp 137,138 10.0.0.1 137,138 192.168.0.1 Samba Samba in
+--A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j RETURN
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba,sapp_Samba'
+
+ ### tuple ### allow_log tcp 139,445 10.0.0.1 139,445 192.168.0.1 Samba Samba in
+--A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j RETURN
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba,sapp_Samba'
+@@ -175,12 +175,12 @@ contents of user*.rules:
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+
+ ### RATE LIMITING ###
+@@ -245,12 +245,12 @@ contents of user*.rules:
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+
+ ### RATE LIMITING ###
+@@ -383,12 +383,12 @@ contents of user*.rules:
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+
+ ### RATE LIMITING ###
+@@ -453,12 +453,12 @@ contents of user*.rules:
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+
+ ### RATE LIMITING ###
+@@ -518,69 +518,69 @@ contents of user*.rules:
+ ### RULES ###
+
+ ### tuple ### deny_log any 23 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p tcp --dport 23 -j RETURN
+ -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp --dport 23 -j DROP
+--A ufw-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p udp --dport 23 -j RETURN
+ -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input
+ -A ufw-user-input -p udp --dport 23 -j DROP
+
+ ### tuple ### deny_log tcp 25 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-logging-input -p tcp --dport 25 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp --dport 25 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p tcp --dport 25 -j RETURN
+ -A ufw-user-input -p tcp --dport 25 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp --dport 25 -j DROP
+
+ ### tuple ### deny_log udp 69 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-logging-input -p udp --dport 69 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp --dport 69 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p udp --dport 69 -j RETURN
+ -A ufw-user-input -p udp --dport 69 -j ufw-user-logging-input
+ -A ufw-user-input -p udp --dport 69 -j DROP
+
+ ### tuple ### deny_log any 443 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-logging-input -p tcp --dport 443 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp --dport 443 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p tcp --dport 443 -j RETURN
+ -A ufw-user-input -p tcp --dport 443 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp --dport 443 -j DROP
+--A ufw-user-logging-input -p udp --dport 443 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp --dport 443 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p udp --dport 443 -j RETURN
+ -A ufw-user-input -p udp --dport 443 -j ufw-user-logging-input
+ -A ufw-user-input -p udp --dport 443 -j DROP
+
+ ### tuple ### deny_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba'
+
+ ### tuple ### deny_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba'
+
+ ### tuple ### deny_log tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in
+--A ufw-user-logging-input -p tcp --dport 80 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp --dport 80 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p tcp --dport 80 -j RETURN
+ -A ufw-user-input -p tcp --dport 80 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp --dport 80 -j DROP -m comment --comment 'dapp_Apache'
+
+ ### tuple ### deny_log tcp 25 10.0.0.1 25 192.168.0.1 in
+--A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j RETURN
+ -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j DROP
+
+ ### tuple ### deny_log udp 137,138 10.0.0.1 137,138 192.168.0.1 Samba Samba in
+--A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j RETURN
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j DROP -m comment --comment 'dapp_Samba,sapp_Samba'
+
+ ### tuple ### deny_log tcp 139,445 10.0.0.1 139,445 192.168.0.1 Samba Samba in
+--A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j RETURN
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j DROP -m comment --comment 'dapp_Samba,sapp_Samba'
+@@ -591,12 +591,12 @@ contents of user*.rules:
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+
+ ### RATE LIMITING ###
+@@ -661,12 +661,12 @@ contents of user*.rules:
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+
+ ### RATE LIMITING ###
+@@ -799,12 +799,12 @@ contents of user*.rules:
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+
+ ### RATE LIMITING ###
+@@ -869,12 +869,12 @@ contents of user*.rules:
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+
+ ### RATE LIMITING ###
+@@ -934,95 +934,95 @@ contents of user*.rules:
+ ### RULES ###
+
+ ### tuple ### limit_log any 23 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p tcp --dport 23 -j RETURN
+ -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input
+--A ufw-user-input -p tcp --dport 23 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp --dport 23 -j ufw-user-limit-accept
+--A ufw-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p udp --dport 23 -j RETURN
+ -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input
+--A ufw-user-input -p udp --dport 23 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p udp --dport 23 -j ufw-user-limit-accept
+
+ ### tuple ### limit_log tcp 25 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-logging-input -p tcp --dport 25 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p tcp --dport 25 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p tcp --dport 25 -j RETURN
+ -A ufw-user-input -p tcp --dport 25 -j ufw-user-logging-input
+--A ufw-user-input -p tcp --dport 25 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp --dport 25 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp --dport 25 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp --dport 25 -j ufw-user-limit-accept
+
+ ### tuple ### limit_log udp 69 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-logging-input -p udp --dport 69 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p udp --dport 69 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p udp --dport 69 -j RETURN
+ -A ufw-user-input -p udp --dport 69 -j ufw-user-logging-input
+--A ufw-user-input -p udp --dport 69 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp --dport 69 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp --dport 69 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp --dport 69 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p udp --dport 69 -j ufw-user-limit-accept
+
+ ### tuple ### limit_log any 443 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-logging-input -p tcp --dport 443 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p tcp --dport 443 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p tcp --dport 443 -j RETURN
+ -A ufw-user-input -p tcp --dport 443 -j ufw-user-logging-input
+--A ufw-user-input -p tcp --dport 443 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp --dport 443 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp --dport 443 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp --dport 443 -j ufw-user-limit-accept
+--A ufw-user-logging-input -p udp --dport 443 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p udp --dport 443 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p udp --dport 443 -j RETURN
+ -A ufw-user-input -p udp --dport 443 -j ufw-user-logging-input
+--A ufw-user-input -p udp --dport 443 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp --dport 443 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp --dport 443 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp --dport 443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p udp --dport 443 -j ufw-user-limit-accept
+
+ ### tuple ### limit_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### tuple ### limit_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### tuple ### limit_log tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in
+--A ufw-user-logging-input -p tcp --dport 80 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p tcp --dport 80 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p tcp --dport 80 -j RETURN
+ -A ufw-user-input -p tcp --dport 80 -j ufw-user-logging-input
+--A ufw-user-input -p tcp --dport 80 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache'
+--A ufw-user-input -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache'
++-A ufw-user-input -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache'
++-A ufw-user-input -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache'
+ -A ufw-user-input -p tcp --dport 80 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache'
+
+ ### tuple ### limit_log tcp 25 10.0.0.1 25 192.168.0.1 in
+--A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j RETURN
+ -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-logging-input
+--A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-limit-accept
+
+ ### tuple ### limit_log udp 137,138 10.0.0.1 137,138 192.168.0.1 Samba Samba in
+--A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j RETURN
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba'
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba'
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba'
+
+ ### tuple ### limit_log tcp 139,445 10.0.0.1 139,445 192.168.0.1 Samba Samba in
+--A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j RETURN
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba'
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba'
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba'
+
+ ### END RULES ###
+@@ -1031,12 +1031,12 @@ contents of user*.rules:
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+
+ ### RATE LIMITING ###
+@@ -1101,12 +1101,12 @@ contents of user*.rules:
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+
+ ### RATE LIMITING ###
+@@ -1169,92 +1169,92 @@ contents of user*.rules:
+ -A ufw-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p tcp --dport 23 -j RETURN
+ -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input
+--A ufw-user-input -p tcp --dport 23 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp --dport 23 -j ufw-user-limit-accept
+ -A ufw-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p udp --dport 23 -j RETURN
+ -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input
+--A ufw-user-input -p udp --dport 23 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p udp --dport 23 -j ufw-user-limit-accept
+
+ ### tuple ### limit_log-all tcp 25 0.0.0.0/0 any 0.0.0.0/0 in
+ -A ufw-user-logging-input -p tcp --dport 25 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p tcp --dport 25 -j RETURN
+ -A ufw-user-input -p tcp --dport 25 -j ufw-user-logging-input
+--A ufw-user-input -p tcp --dport 25 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp --dport 25 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp --dport 25 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp --dport 25 -j ufw-user-limit-accept
+
+ ### tuple ### limit_log-all udp 69 0.0.0.0/0 any 0.0.0.0/0 in
+ -A ufw-user-logging-input -p udp --dport 69 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p udp --dport 69 -j RETURN
+ -A ufw-user-input -p udp --dport 69 -j ufw-user-logging-input
+--A ufw-user-input -p udp --dport 69 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp --dport 69 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp --dport 69 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp --dport 69 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p udp --dport 69 -j ufw-user-limit-accept
+
+ ### tuple ### limit_log-all any 443 0.0.0.0/0 any 0.0.0.0/0 in
+ -A ufw-user-logging-input -p tcp --dport 443 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p tcp --dport 443 -j RETURN
+ -A ufw-user-input -p tcp --dport 443 -j ufw-user-logging-input
+--A ufw-user-input -p tcp --dport 443 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp --dport 443 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp --dport 443 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp --dport 443 -j ufw-user-limit-accept
+ -A ufw-user-logging-input -p udp --dport 443 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p udp --dport 443 -j RETURN
+ -A ufw-user-input -p udp --dport 443 -j ufw-user-logging-input
+--A ufw-user-input -p udp --dport 443 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp --dport 443 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp --dport 443 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp --dport 443 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p udp --dport 443 -j ufw-user-limit-accept
+
+ ### tuple ### limit_log-all udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### tuple ### limit_log-all tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### tuple ### limit_log-all tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in
+ -A ufw-user-logging-input -p tcp --dport 80 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p tcp --dport 80 -j RETURN
+ -A ufw-user-input -p tcp --dport 80 -j ufw-user-logging-input
+--A ufw-user-input -p tcp --dport 80 -m state --state NEW -m recent --set -m comment --comment 'dapp_Apache'
+--A ufw-user-input -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache'
++-A ufw-user-input -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Apache'
++-A ufw-user-input -p tcp --dport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Apache'
+ -A ufw-user-input -p tcp --dport 80 -j ufw-user-limit-accept -m comment --comment 'dapp_Apache'
+
+ ### tuple ### limit_log-all tcp 25 10.0.0.1 25 192.168.0.1 in
+ -A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j RETURN
+ -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-logging-input
+--A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-limit-accept
+
+ ### tuple ### limit_log-all udp 137,138 10.0.0.1 137,138 192.168.0.1 Samba Samba in
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j RETURN
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba'
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba'
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba'
+
+ ### tuple ### limit_log-all tcp 139,445 10.0.0.1 139,445 192.168.0.1 Samba Samba in
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j RETURN
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba'
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba,sapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba,sapp_Samba'
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba,sapp_Samba'
+
+ ### END RULES ###
+@@ -1263,12 +1263,12 @@ contents of user*.rules:
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+
+ ### RATE LIMITING ###
+@@ -1333,12 +1333,12 @@ contents of user*.rules:
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+
+ ### RATE LIMITING ###
+@@ -1398,69 +1398,69 @@ contents of user*.rules:
+ ### RULES ###
+
+ ### tuple ### reject_log any 23 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p tcp --dport 23 -j RETURN
+ -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp --dport 23 -j REJECT --reject-with tcp-reset
+--A ufw-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p udp --dport 23 -j RETURN
+ -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input
+ -A ufw-user-input -p udp --dport 23 -j REJECT
+
+ ### tuple ### reject_log tcp 25 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-logging-input -p tcp --dport 25 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp --dport 25 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p tcp --dport 25 -j RETURN
+ -A ufw-user-input -p tcp --dport 25 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp --dport 25 -j REJECT --reject-with tcp-reset
+
+ ### tuple ### reject_log udp 69 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-logging-input -p udp --dport 69 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp --dport 69 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p udp --dport 69 -j RETURN
+ -A ufw-user-input -p udp --dport 69 -j ufw-user-logging-input
+ -A ufw-user-input -p udp --dport 69 -j REJECT
+
+ ### tuple ### reject_log any 443 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-logging-input -p tcp --dport 443 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp --dport 443 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p tcp --dport 443 -j RETURN
+ -A ufw-user-input -p tcp --dport 443 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp --dport 443 -j REJECT --reject-with tcp-reset
+--A ufw-user-logging-input -p udp --dport 443 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp --dport 443 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p udp --dport 443 -j RETURN
+ -A ufw-user-input -p udp --dport 443 -j ufw-user-logging-input
+ -A ufw-user-input -p udp --dport 443 -j REJECT
+
+ ### tuple ### reject_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j REJECT -m comment --comment 'dapp_Samba'
+
+ ### tuple ### reject_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba'
+
+ ### tuple ### reject_log tcp 80 0.0.0.0/0 any 0.0.0.0/0 Apache - in
+--A ufw-user-logging-input -p tcp --dport 80 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp --dport 80 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p tcp --dport 80 -j RETURN
+ -A ufw-user-input -p tcp --dport 80 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp --dport 80 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Apache'
+
+ ### tuple ### reject_log tcp 25 10.0.0.1 25 192.168.0.1 in
+--A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j RETURN
+ -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 25 -j REJECT --reject-with tcp-reset
+
+ ### tuple ### reject_log udp 137,138 10.0.0.1 137,138 192.168.0.1 Samba Samba in
+--A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j RETURN
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -m multiport --sports 137,138 -d 10.0.0.1 -s 192.168.0.1 -j REJECT -m comment --comment 'dapp_Samba,sapp_Samba'
+
+ ### tuple ### reject_log tcp 139,445 10.0.0.1 139,445 192.168.0.1 Samba Samba in
+--A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j RETURN
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -m multiport --sports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba,sapp_Samba'
+@@ -1471,12 +1471,12 @@ contents of user*.rules:
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+
+ ### RATE LIMITING ###
+@@ -1541,12 +1541,12 @@ contents of user*.rules:
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+
+ ### RATE LIMITING ###
+@@ -1679,12 +1679,12 @@ contents of user*.rules:
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+
+ ### RATE LIMITING ###
+@@ -1749,12 +1749,12 @@ contents of user*.rules:
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+
+ ### RATE LIMITING ###
+@@ -1797,13 +1797,13 @@ contents of user*.rules:
+ ### RULES ###
+
+ ### tuple ### allow_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba'
+
+ ### tuple ### allow_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba'
+@@ -1820,12 +1820,12 @@ contents of user*.rules:
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+
+ ### RATE LIMITING ###
+@@ -1867,19 +1867,19 @@ contents of user*.rules:
+ ### RULES ###
+
+ ### tuple ### limit_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### tuple ### limit_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### tuple ### reject_log-all tcp 23 10.0.0.1 any 192.168.0.1 in
+@@ -1894,12 +1894,12 @@ contents of user*.rules:
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+
+ ### RATE LIMITING ###
+@@ -1946,12 +1946,12 @@ contents of user*.rules:
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+
+ ### RATE LIMITING ###
+@@ -2006,13 +2006,13 @@ contents of user*.rules:
+ ### RULES ###
+
+ ### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 in_eth0
+--A ufw-user-logging-input -i eth0 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -i eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -i eth0 -j RETURN
+ -A ufw-user-input -i eth0 -j ufw-user-logging-input
+ -A ufw-user-input -i eth0 -j ACCEPT
+
+ ### tuple ### allow_log tcp 24 10.0.0.1 any 192.168.0.1 in_eth0
+--A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j RETURN
+ -A ufw-user-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j ufw-user-logging-input
+ -A ufw-user-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j ACCEPT
+@@ -2024,13 +2024,13 @@ contents of user*.rules:
+ -A ufw-user-input -i eth0 -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j DROP
+
+ ### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 out_eth0
+--A ufw-user-logging-output -o eth0 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-output -o eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-output -o eth0 -j RETURN
+ -A ufw-user-output -o eth0 -j ufw-user-logging-output
+ -A ufw-user-output -o eth0 -j ACCEPT
+
+ ### tuple ### allow_log tcp 24 10.0.0.1 any 192.168.0.1 out_eth0
+--A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j RETURN
+ -A ufw-user-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j ufw-user-logging-output
+ -A ufw-user-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j ACCEPT
+@@ -2047,12 +2047,12 @@ contents of user*.rules:
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+
+ ### RATE LIMITING ###
+@@ -2163,7 +2163,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2211,12 +2211,12 @@ WARN: Checks disabled
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
++-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
+--I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m state --state NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-output -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
++-I ufw-before-logging-forward -j LOG --log-prefix "[UFW AUDIT] " -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+
+ ### RATE LIMITING ###
+@@ -2262,7 +2262,7 @@ WARN: Checks disabled
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] "
+--A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] "
++-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] "
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] "
+ -I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] " -m limit --limit 3/min --limit-burst 10
+@@ -2313,7 +2313,7 @@ WARN: Checks disabled
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] "
+--A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] "
++-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] "
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] "
+ -I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] "
+@@ -2364,7 +2364,7 @@ WARN: Checks disabled
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-after-logging-output -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] "
+--A ufw-logging-deny -m state --state INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] "
++-A ufw-logging-deny -m conntrack --ctstate INVALID -j LOG --log-prefix "[UFW AUDIT INVALID] "
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] "
+ -I ufw-before-logging-input -j LOG --log-prefix "[UFW AUDIT] "
+diff --git a/tests/good/rules/result b/tests/good/rules/result
+index 7c1570a..e4b918c 100644
+--- a/tests/good/rules/result
++++ b/tests/good/rules/result
+@@ -29,7 +29,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -72,7 +72,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -115,7 +115,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -158,7 +158,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -201,7 +201,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -244,7 +244,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -284,7 +284,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -320,8 +320,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp --dport 22 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -329,7 +329,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -373,7 +373,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -416,7 +416,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -459,7 +459,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -502,7 +502,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -545,7 +545,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -588,7 +588,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -631,7 +631,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -676,7 +676,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -719,7 +719,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -763,7 +763,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -806,7 +806,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -849,7 +849,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -889,7 +889,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -929,7 +929,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -969,7 +969,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1012,7 +1012,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1052,7 +1052,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1095,7 +1095,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1135,7 +1135,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1178,7 +1178,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1218,7 +1218,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1261,7 +1261,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1301,7 +1301,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1345,7 +1345,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1385,7 +1385,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1428,7 +1428,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1468,7 +1468,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1511,7 +1511,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1551,7 +1551,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1595,7 +1595,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1635,7 +1635,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1678,7 +1678,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1718,7 +1718,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1761,7 +1761,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1801,7 +1801,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1845,7 +1845,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1885,7 +1885,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1929,7 +1929,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1969,7 +1969,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2013,7 +2013,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2053,7 +2053,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2097,7 +2097,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2137,7 +2137,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2181,7 +2181,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2221,7 +2221,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2264,7 +2264,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2304,7 +2304,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2347,7 +2347,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2387,7 +2387,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2430,7 +2430,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2470,7 +2470,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2513,7 +2513,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2553,7 +2553,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2596,7 +2596,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2636,7 +2636,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2679,7 +2679,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2719,7 +2719,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2762,7 +2762,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2802,7 +2802,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2845,7 +2845,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2885,7 +2885,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2928,7 +2928,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2968,7 +2968,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3011,7 +3011,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3051,7 +3051,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3094,7 +3094,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3134,7 +3134,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3177,7 +3177,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3217,7 +3217,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3260,7 +3260,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3300,7 +3300,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3344,7 +3344,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3384,7 +3384,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3428,7 +3428,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3468,7 +3468,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3512,7 +3512,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3552,7 +3552,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3596,7 +3596,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3636,7 +3636,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3680,7 +3680,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3720,7 +3720,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3763,7 +3763,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3803,7 +3803,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3846,7 +3846,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3886,7 +3886,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3929,7 +3929,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3969,7 +3969,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4012,7 +4012,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4052,7 +4052,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4095,7 +4095,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4135,7 +4135,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4178,7 +4178,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4218,7 +4218,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4261,7 +4261,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4301,7 +4301,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4344,7 +4344,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4384,7 +4384,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4427,7 +4427,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4467,7 +4467,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4510,7 +4510,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4550,7 +4550,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4586,8 +4586,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit any any 0.0.0.0/0 any 192.168.0.1 in
+--A ufw-user-input -s 192.168.0.1 -m state --state NEW -m recent --set
+--A ufw-user-input -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -s 192.168.0.1 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -4595,7 +4595,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4635,7 +4635,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4671,8 +4671,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit any any 10.0.0.1 any 0.0.0.0/0 in
+--A ufw-user-input -d 10.0.0.1 -m state --state NEW -m recent --set
+--A ufw-user-input -d 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -d 10.0.0.1 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -d 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -d 10.0.0.1 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -4680,7 +4680,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4720,7 +4720,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4756,8 +4756,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit any any 10.0.0.1 any 192.168.0.1 in
+--A ufw-user-input -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m recent --set
+--A ufw-user-input -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -4765,7 +4765,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4805,7 +4805,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4841,11 +4841,11 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit any any 0.0.0.0/0 80 192.168.0.1 in
+--A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept
+--A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -4853,7 +4853,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4893,7 +4893,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4929,11 +4929,11 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit any 25 10.0.0.1 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -j ufw-user-limit-accept
+--A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -4941,7 +4941,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4981,7 +4981,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5017,11 +5017,11 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit any any 10.0.0.1 80 192.168.0.1 in
+--A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept
+--A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -5029,7 +5029,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5069,7 +5069,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5105,11 +5105,11 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit any 25 10.0.0.1 any 192.168.0.1 in
+--A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j ufw-user-limit-accept
+--A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -5117,7 +5117,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5157,7 +5157,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5193,11 +5193,11 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit any 25 10.0.0.1 80 192.168.0.1 in
+--A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept
+--A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -5205,7 +5205,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5245,7 +5245,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5281,8 +5281,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp any 0.0.0.0/0 80 192.168.0.1 in
+--A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -5290,7 +5290,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5330,7 +5330,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5366,8 +5366,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 25 10.0.0.1 any 0.0.0.0/0 in
+--A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -5375,7 +5375,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5415,7 +5415,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5451,8 +5451,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp any 10.0.0.1 80 192.168.0.1 in
+--A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -5460,7 +5460,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5500,7 +5500,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5536,8 +5536,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 25 10.0.0.1 any 192.168.0.1 in
+--A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -5545,7 +5545,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5585,7 +5585,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5621,8 +5621,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 25 10.0.0.1 80 192.168.0.1 in
+--A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -5630,7 +5630,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5670,7 +5670,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5706,8 +5706,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp any 0.0.0.0/0 80 192.168.0.1 in
+--A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -5715,7 +5715,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5755,7 +5755,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5791,8 +5791,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 25 10.0.0.1 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -5800,7 +5800,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5840,7 +5840,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5876,8 +5876,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp any 10.0.0.1 80 192.168.0.1 in
+--A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -5885,7 +5885,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5925,7 +5925,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5961,8 +5961,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 25 10.0.0.1 any 192.168.0.1 in
+--A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -5970,7 +5970,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6010,7 +6010,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6046,8 +6046,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 25 10.0.0.1 80 192.168.0.1 in
+--A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -6055,7 +6055,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6095,7 +6095,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6139,7 +6139,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6179,7 +6179,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6222,7 +6222,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6262,7 +6262,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6305,7 +6305,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6345,7 +6345,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6388,7 +6388,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6428,7 +6428,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6471,7 +6471,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6511,7 +6511,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6554,7 +6554,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6594,7 +6594,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6637,7 +6637,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6677,7 +6677,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6720,7 +6720,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6760,7 +6760,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6803,7 +6803,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6843,7 +6843,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6886,7 +6886,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6926,7 +6926,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6970,7 +6970,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7010,7 +7010,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7054,7 +7054,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7094,7 +7094,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7138,7 +7138,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7178,7 +7178,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7221,7 +7221,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7261,7 +7261,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7304,7 +7304,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7344,7 +7344,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7387,7 +7387,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7427,7 +7427,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7470,7 +7470,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7510,7 +7510,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7553,7 +7553,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7593,7 +7593,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7636,7 +7636,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7676,7 +7676,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7719,7 +7719,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7759,7 +7759,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7802,7 +7802,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7842,7 +7842,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7885,7 +7885,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7925,7 +7925,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7968,7 +7968,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8008,7 +8008,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8051,7 +8051,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8091,7 +8091,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8134,7 +8134,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8174,7 +8174,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8217,7 +8217,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8257,7 +8257,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8300,7 +8300,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8340,7 +8340,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8383,7 +8383,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8423,7 +8423,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8466,7 +8466,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8506,7 +8506,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8550,7 +8550,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8594,7 +8594,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8637,7 +8637,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8680,7 +8680,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8724,7 +8724,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8767,7 +8767,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8810,7 +8810,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8854,7 +8854,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8898,7 +8898,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8941,7 +8941,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -8984,7 +8984,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9027,7 +9027,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9070,7 +9070,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9113,7 +9113,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9156,7 +9156,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9199,7 +9199,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9242,7 +9242,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9285,7 +9285,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9328,7 +9328,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9371,7 +9371,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9414,7 +9414,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9457,7 +9457,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9500,7 +9500,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9543,7 +9543,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9586,7 +9586,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9629,7 +9629,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9672,7 +9672,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9715,7 +9715,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9758,7 +9758,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9801,7 +9801,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9844,7 +9844,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9887,7 +9887,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9930,7 +9930,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -9973,7 +9973,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10016,7 +10016,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10059,7 +10059,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10102,7 +10102,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10145,7 +10145,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10188,7 +10188,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10231,7 +10231,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10274,7 +10274,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10317,7 +10317,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10360,7 +10360,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10403,7 +10403,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10446,7 +10446,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10489,7 +10489,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10532,7 +10532,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10575,7 +10575,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10618,7 +10618,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10661,7 +10661,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10704,7 +10704,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10747,7 +10747,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10790,7 +10790,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10833,7 +10833,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10876,7 +10876,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10919,7 +10919,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -10962,7 +10962,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11005,7 +11005,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11048,7 +11048,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11091,7 +11091,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11134,7 +11134,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11177,7 +11177,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11220,7 +11220,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11263,7 +11263,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11306,7 +11306,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11349,7 +11349,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11392,7 +11392,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11435,7 +11435,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11478,7 +11478,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11521,7 +11521,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11564,7 +11564,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11607,7 +11607,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11650,7 +11650,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11693,7 +11693,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11736,7 +11736,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11779,7 +11779,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11815,8 +11815,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 34,35 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp -m multiport --dports 34,35 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp -m multiport --dports 34,35 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp -m multiport --dports 34,35 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp -m multiport --dports 34,35 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp -m multiport --dports 34,35 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -11824,7 +11824,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11860,8 +11860,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 34,35:39 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp -m multiport --dports 34,35:39 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp -m multiport --dports 34,35:39 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp -m multiport --dports 34,35:39 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp -m multiport --dports 34,35:39 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp -m multiport --dports 34,35:39 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -11869,7 +11869,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11905,8 +11905,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 35:39 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp -m multiport --dports 35:39 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp -m multiport --dports 35:39 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp -m multiport --dports 35:39 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp -m multiport --dports 35:39 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp -m multiport --dports 35:39 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -11914,7 +11914,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11950,8 +11950,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 15:19,21,22,23 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp -m multiport --dports 15:19,21,22,23 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp -m multiport --dports 15:19,21,22,23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp -m multiport --dports 15:19,21,22,23 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp -m multiport --dports 15:19,21,22,23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp -m multiport --dports 15:19,21,22,23 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -11959,7 +11959,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -11995,8 +11995,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 1,9 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp -m multiport --dports 1,9 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp -m multiport --dports 1,9 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp -m multiport --dports 1,9 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp -m multiport --dports 1,9 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp -m multiport --dports 1,9 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -12004,7 +12004,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -12040,8 +12040,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 34,35 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p udp -m multiport --dports 34,35 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp -m multiport --dports 34,35 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp -m multiport --dports 34,35 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp -m multiport --dports 34,35 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p udp -m multiport --dports 34,35 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -12049,7 +12049,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -12085,8 +12085,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 34,35:39 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p udp -m multiport --dports 34,35:39 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp -m multiport --dports 34,35:39 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp -m multiport --dports 34,35:39 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp -m multiport --dports 34,35:39 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p udp -m multiport --dports 34,35:39 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -12094,7 +12094,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -12130,8 +12130,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 35:39 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p udp -m multiport --dports 35:39 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp -m multiport --dports 35:39 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp -m multiport --dports 35:39 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp -m multiport --dports 35:39 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p udp -m multiport --dports 35:39 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -12139,7 +12139,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -12175,8 +12175,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 15:19,21,22,23 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p udp -m multiport --dports 15:19,21,22,23 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp -m multiport --dports 15:19,21,22,23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp -m multiport --dports 15:19,21,22,23 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp -m multiport --dports 15:19,21,22,23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p udp -m multiport --dports 15:19,21,22,23 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -12184,7 +12184,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -12220,8 +12220,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 1,9 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p udp -m multiport --dports 1,9 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp -m multiport --dports 1,9 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp -m multiport --dports 1,9 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp -m multiport --dports 1,9 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p udp -m multiport --dports 1,9 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -12229,7 +12229,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -12273,7 +12273,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -12317,7 +12317,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -12357,7 +12357,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -12400,7 +12400,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -12440,7 +12440,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -12484,7 +12484,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -12527,7 +12527,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -12570,7 +12570,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -12613,7 +12613,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -12656,7 +12656,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -12706,11 +12706,11 @@ Insert
+ ### RULES ###
+
+ ### tuple ### allow_log any 9998 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-logging-input -p tcp --dport 9998 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p tcp --dport 9998 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p tcp --dport 9998 -j RETURN
+ -A ufw-user-input -p tcp --dport 9998 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp --dport 9998 -j ACCEPT
+--A ufw-user-logging-input -p udp --dport 9998 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p udp --dport 9998 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p udp --dport 9998 -j RETURN
+ -A ufw-user-input -p udp --dport 9998 -j ufw-user-logging-input
+ -A ufw-user-input -p udp --dport 9998 -j ACCEPT
+@@ -12735,7 +12735,7 @@ Insert
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -12785,7 +12785,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -12908,7 +12908,7 @@ Interfaces
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -12982,7 +12982,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -13100,7 +13100,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -13174,7 +13174,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -13244,83 +13244,83 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### limit any any 0.0.0.0/0 any 0.0.0.0/0 in_eth0
+--A ufw-user-input -i eth0 -m state --state NEW -m recent --set
+--A ufw-user-input -i eth0 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -i eth0 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -i eth0 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -i eth0 -j ufw-user-limit-accept
+
+ ### tuple ### limit any 22 192.168.0.1 any 0.0.0.0/0 in_eth0
+--A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -m state --state NEW -m recent --set
+--A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -j ufw-user-limit-accept
+--A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -m state --state NEW -m recent --set
+--A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -j ufw-user-limit-accept
+
+ ### tuple ### limit any any 0.0.0.0/0 80 10.0.0.1 in_eth0
+--A ufw-user-input -i eth0 -p tcp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -i eth0 -p tcp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -i eth0 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -i eth0 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -i eth0 -p tcp -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept
+--A ufw-user-input -i eth0 -p udp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -i eth0 -p udp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -i eth0 -p udp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -i eth0 -p udp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -i eth0 -p udp -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept
+
+ ### tuple ### limit any any 192.168.0.1 any 10.0.0.1 in_eth0
+--A ufw-user-input -i eth0 -d 192.168.0.1 -s 10.0.0.1 -m state --state NEW -m recent --set
+--A ufw-user-input -i eth0 -d 192.168.0.1 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -i eth0 -d 192.168.0.1 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -i eth0 -d 192.168.0.1 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -i eth0 -d 192.168.0.1 -s 10.0.0.1 -j ufw-user-limit-accept
+
+ ### tuple ### limit any 22 192.168.0.1 any 10.0.0.1 in_eth0
+--A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m state --state NEW -m recent --set
+--A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j ufw-user-limit-accept
+--A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m state --state NEW -m recent --set
+--A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j ufw-user-limit-accept
+
+ ### tuple ### limit any any 192.168.0.1 80 10.0.0.1 in_eth0
+--A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept
+--A ufw-user-input -i eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -i eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -i eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -i eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept
+
+ ### tuple ### limit any 22 192.168.0.1 80 10.0.0.1 in_eth0
+--A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept
+--A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept
+
+ ### tuple ### limit tcp 22 192.168.0.1 any 0.0.0.0/0 in_eth0
+--A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -m state --state NEW -m recent --set
+--A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 --dport 22 -j ufw-user-limit-accept
+
+ ### tuple ### limit tcp any 0.0.0.0/0 80 10.0.0.1 in_eth0
+--A ufw-user-input -i eth0 -p tcp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -i eth0 -p tcp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -i eth0 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -i eth0 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -i eth0 -p tcp -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept
+
+ ### tuple ### limit tcp any 192.168.0.1 any 10.0.0.1 in_eth0
+--A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 -m state --state NEW -m recent --set
+--A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -i eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 -j ufw-user-limit-accept
+
+ ### tuple ### limit udp 22 192.168.0.1 any 10.0.0.1 in_eth0
+--A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m state --state NEW -m recent --set
+--A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j ufw-user-limit-accept
+
+ ### tuple ### limit udp any 192.168.0.1 80 10.0.0.1 in_eth0
+--A ufw-user-input -i eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -i eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -i eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -i eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept
+
+ ### tuple ### limit udp 22 192.168.0.1 80 10.0.0.1 in_eth0
+--A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -i eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -13328,7 +13328,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -13402,7 +13402,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -13520,7 +13520,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -13594,7 +13594,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -13638,7 +13638,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -13676,7 +13676,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -13794,7 +13794,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -13868,7 +13868,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -13986,7 +13986,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -14060,7 +14060,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -14130,83 +14130,83 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### limit any any 0.0.0.0/0 any 0.0.0.0/0 out_eth0
+--A ufw-user-output -o eth0 -m state --state NEW -m recent --set
+--A ufw-user-output -o eth0 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-output -o eth0 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-output -o eth0 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-output -o eth0 -j ufw-user-limit-accept
+
+ ### tuple ### limit any 22 192.168.0.1 any 0.0.0.0/0 out_eth0
+--A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -m state --state NEW -m recent --set
+--A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -j ufw-user-limit-accept
+--A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -m state --state NEW -m recent --set
+--A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -j ufw-user-limit-accept
+
+ ### tuple ### limit any any 0.0.0.0/0 80 10.0.0.1 out_eth0
+--A ufw-user-output -o eth0 -p tcp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-output -o eth0 -p tcp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-output -o eth0 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-output -o eth0 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-output -o eth0 -p tcp -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept
+--A ufw-user-output -o eth0 -p udp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-output -o eth0 -p udp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-output -o eth0 -p udp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-output -o eth0 -p udp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-output -o eth0 -p udp -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept
+
+ ### tuple ### limit any any 192.168.0.1 any 10.0.0.1 out_eth0
+--A ufw-user-output -o eth0 -d 192.168.0.1 -s 10.0.0.1 -m state --state NEW -m recent --set
+--A ufw-user-output -o eth0 -d 192.168.0.1 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-output -o eth0 -d 192.168.0.1 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-output -o eth0 -d 192.168.0.1 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-output -o eth0 -d 192.168.0.1 -s 10.0.0.1 -j ufw-user-limit-accept
+
+ ### tuple ### limit any 22 192.168.0.1 any 10.0.0.1 out_eth0
+--A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m state --state NEW -m recent --set
+--A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j ufw-user-limit-accept
+--A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m state --state NEW -m recent --set
+--A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j ufw-user-limit-accept
+
+ ### tuple ### limit any any 192.168.0.1 80 10.0.0.1 out_eth0
+--A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept
+--A ufw-user-output -o eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-output -o eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-output -o eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-output -o eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept
+
+ ### tuple ### limit any 22 192.168.0.1 80 10.0.0.1 out_eth0
+--A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept
+--A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept
+
+ ### tuple ### limit tcp 22 192.168.0.1 any 0.0.0.0/0 out_eth0
+--A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -m state --state NEW -m recent --set
+--A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 --dport 22 -j ufw-user-limit-accept
+
+ ### tuple ### limit tcp any 0.0.0.0/0 80 10.0.0.1 out_eth0
+--A ufw-user-output -o eth0 -p tcp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-output -o eth0 -p tcp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-output -o eth0 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-output -o eth0 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-output -o eth0 -p tcp -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept
+
+ ### tuple ### limit tcp any 192.168.0.1 any 10.0.0.1 out_eth0
+--A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 -m state --state NEW -m recent --set
+--A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-output -o eth0 -p tcp -d 192.168.0.1 -s 10.0.0.1 -j ufw-user-limit-accept
+
+ ### tuple ### limit udp 22 192.168.0.1 any 10.0.0.1 out_eth0
+--A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m state --state NEW -m recent --set
+--A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j ufw-user-limit-accept
+
+ ### tuple ### limit udp any 192.168.0.1 80 10.0.0.1 out_eth0
+--A ufw-user-output -o eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-output -o eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-output -o eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-output -o eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept
+
+ ### tuple ### limit udp 22 192.168.0.1 80 10.0.0.1 out_eth0
+--A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-output -o eth0 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -14214,7 +14214,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -14288,7 +14288,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -14406,7 +14406,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -14480,7 +14480,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -14524,7 +14524,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -14562,7 +14562,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -14603,7 +14603,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -14646,7 +14646,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -14690,7 +14690,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -14733,7 +14733,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -14776,7 +14776,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -14819,7 +14819,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+diff --git a/tests/ipv6/logging/result b/tests/ipv6/logging/result
+index dd9c077..afd72dd 100644
+--- a/tests/ipv6/logging/result
++++ b/tests/ipv6/logging/result
+@@ -26,23 +26,23 @@ contents of user*.rules:
+ ### RULES ###
+
+ ### tuple ### allow_log any 23 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p tcp --dport 23 -j RETURN
+ -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp --dport 23 -j ACCEPT
+--A ufw-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p udp --dport 23 -j RETURN
+ -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input
+ -A ufw-user-input -p udp --dport 23 -j ACCEPT
+
+ ### tuple ### allow_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba'
+
+ ### tuple ### allow_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba'
+@@ -52,7 +52,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -81,23 +81,23 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### allow_log any 23 ::/0 any ::/0 in
+--A ufw6-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw6-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN
+ -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input
+ -A ufw6-user-input -p tcp --dport 23 -j ACCEPT
+--A ufw6-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw6-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw6-user-logging-input -p udp --dport 23 -j RETURN
+ -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input
+ -A ufw6-user-input -p udp --dport 23 -j ACCEPT
+
+ ### tuple ### allow_log udp 137,138 ::/0 any ::/0 Samba - in
+--A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ufw6-user-logging-input
+ -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba'
+
+ ### tuple ### allow_log tcp 139,445 ::/0 any ::/0 Samba - in
+--A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ufw6-user-logging-input
+ -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba'
+@@ -107,7 +107,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -143,7 +143,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -176,7 +176,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -209,7 +209,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -238,7 +238,7 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### allow_log tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in
+--A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN
+ -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input
+ -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ACCEPT
+@@ -248,7 +248,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -281,7 +281,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -314,7 +314,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -372,7 +372,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -427,7 +427,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -463,7 +463,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -496,7 +496,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -529,7 +529,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -568,7 +568,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -601,7 +601,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -634,7 +634,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -666,23 +666,23 @@ contents of user*.rules:
+ ### RULES ###
+
+ ### tuple ### deny_log any 23 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p tcp --dport 23 -j RETURN
+ -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp --dport 23 -j DROP
+--A ufw-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p udp --dport 23 -j RETURN
+ -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input
+ -A ufw-user-input -p udp --dport 23 -j DROP
+
+ ### tuple ### deny_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba'
+
+ ### tuple ### deny_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba'
+@@ -692,7 +692,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -721,23 +721,23 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### deny_log any 23 ::/0 any ::/0 in
+--A ufw6-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw6-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN
+ -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input
+ -A ufw6-user-input -p tcp --dport 23 -j DROP
+--A ufw6-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw6-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw6-user-logging-input -p udp --dport 23 -j RETURN
+ -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input
+ -A ufw6-user-input -p udp --dport 23 -j DROP
+
+ ### tuple ### deny_log udp 137,138 ::/0 any ::/0 Samba - in
+--A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ufw6-user-logging-input
+ -A ufw6-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba'
+
+ ### tuple ### deny_log tcp 139,445 ::/0 any ::/0 Samba - in
+--A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ufw6-user-logging-input
+ -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba'
+@@ -747,7 +747,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -783,7 +783,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -816,7 +816,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -849,7 +849,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -878,7 +878,7 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### deny_log tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in
+--A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN
+ -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input
+ -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j DROP
+@@ -888,7 +888,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -921,7 +921,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -954,7 +954,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1012,7 +1012,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1067,7 +1067,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1103,7 +1103,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1136,7 +1136,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1169,7 +1169,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1208,7 +1208,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1241,7 +1241,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1274,7 +1274,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1306,33 +1306,33 @@ contents of user*.rules:
+ ### RULES ###
+
+ ### tuple ### limit_log any 23 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p tcp --dport 23 -j RETURN
+ -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input
+--A ufw-user-input -p tcp --dport 23 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp --dport 23 -j ufw-user-limit-accept
+--A ufw-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p udp --dport 23 -j RETURN
+ -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input
+--A ufw-user-input -p udp --dport 23 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p udp --dport 23 -j ufw-user-limit-accept
+
+ ### tuple ### limit_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### tuple ### limit_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### END RULES ###
+@@ -1340,7 +1340,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1373,7 +1373,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1409,7 +1409,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1442,7 +1442,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1475,7 +1475,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1508,7 +1508,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1541,7 +1541,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1574,7 +1574,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1609,30 +1609,30 @@ contents of user*.rules:
+ -A ufw-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p tcp --dport 23 -j RETURN
+ -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input
+--A ufw-user-input -p tcp --dport 23 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp --dport 23 -j ufw-user-limit-accept
+ -A ufw-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p udp --dport 23 -j RETURN
+ -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input
+--A ufw-user-input -p udp --dport 23 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p udp --dport 23 -j ufw-user-limit-accept
+
+ ### tuple ### limit_log-all udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### tuple ### limit_log-all tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### END RULES ###
+@@ -1640,7 +1640,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1673,7 +1673,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1709,7 +1709,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1742,7 +1742,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1775,7 +1775,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1808,7 +1808,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1841,7 +1841,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1874,7 +1874,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1906,23 +1906,23 @@ contents of user*.rules:
+ ### RULES ###
+
+ ### tuple ### reject_log any 23 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p tcp --dport 23 -j RETURN
+ -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp --dport 23 -j REJECT --reject-with tcp-reset
+--A ufw-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p udp --dport 23 -j RETURN
+ -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input
+ -A ufw-user-input -p udp --dport 23 -j REJECT
+
+ ### tuple ### reject_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j REJECT -m comment --comment 'dapp_Samba'
+
+ ### tuple ### reject_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba'
+@@ -1932,7 +1932,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1961,23 +1961,23 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### reject_log any 23 ::/0 any ::/0 in
+--A ufw6-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw6-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN
+ -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input
+ -A ufw6-user-input -p tcp --dport 23 -j REJECT --reject-with tcp-reset
+--A ufw6-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw6-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw6-user-logging-input -p udp --dport 23 -j RETURN
+ -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input
+ -A ufw6-user-input -p udp --dport 23 -j REJECT
+
+ ### tuple ### reject_log udp 137,138 ::/0 any ::/0 Samba - in
+--A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ufw6-user-logging-input
+ -A ufw6-user-input -p udp -m multiport --dports 137,138 -j REJECT -m comment --comment 'dapp_Samba'
+
+ ### tuple ### reject_log tcp 139,445 ::/0 any ::/0 Samba - in
+--A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ufw6-user-logging-input
+ -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba'
+@@ -1987,7 +1987,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2023,7 +2023,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2056,7 +2056,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2089,7 +2089,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2118,7 +2118,7 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### reject_log tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in
+--A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN
+ -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input
+ -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j REJECT --reject-with tcp-reset
+@@ -2128,7 +2128,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2161,7 +2161,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2194,7 +2194,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2252,7 +2252,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2307,7 +2307,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2343,7 +2343,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2376,7 +2376,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2409,7 +2409,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2448,7 +2448,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2481,7 +2481,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2514,7 +2514,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2547,13 +2547,13 @@ contents of user*.rules:
+ ### RULES ###
+
+ ### tuple ### allow_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba'
+
+ ### tuple ### allow_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba'
+@@ -2563,7 +2563,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2592,13 +2592,13 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### allow_log udp 137,138 ::/0 any ::/0 Samba - in
+--A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ufw6-user-logging-input
+ -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba'
+
+ ### tuple ### allow_log tcp 139,445 ::/0 any ::/0 Samba - in
+--A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ufw6-user-logging-input
+ -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba'
+@@ -2614,7 +2614,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2646,13 +2646,13 @@ contents of user*.rules:
+ ### RULES ###
+
+ ### tuple ### deny_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba'
+
+ ### tuple ### deny_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba'
+@@ -2662,7 +2662,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2691,13 +2691,13 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### deny_log udp 137,138 ::/0 any ::/0 Samba - in
+--A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ufw6-user-logging-input
+ -A ufw6-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba'
+
+ ### tuple ### deny_log tcp 139,445 ::/0 any ::/0 Samba - in
+--A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ufw6-user-logging-input
+ -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba'
+@@ -2713,7 +2713,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2749,7 +2749,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2782,7 +2782,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2827,13 +2827,13 @@ contents of user*.rules:
+ ### RULES ###
+
+ ### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 in_eth0
+--A ufw-user-logging-input -i eth0 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -i eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -i eth0 -j RETURN
+ -A ufw-user-input -i eth0 -j ufw-user-logging-input
+ -A ufw-user-input -i eth0 -j ACCEPT
+
+ ### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 out_eth0
+--A ufw-user-logging-output -o eth0 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-output -o eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-output -o eth0 -j RETURN
+ -A ufw-user-output -o eth0 -j ufw-user-logging-output
+ -A ufw-user-output -o eth0 -j ACCEPT
+@@ -2843,7 +2843,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2872,13 +2872,13 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### allow_log any any ::/0 any ::/0 in_eth0
+--A ufw6-user-logging-input -i eth0 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw6-user-logging-input -i eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw6-user-logging-input -i eth0 -j RETURN
+ -A ufw6-user-input -i eth0 -j ufw6-user-logging-input
+ -A ufw6-user-input -i eth0 -j ACCEPT
+
+ ### tuple ### allow_log tcp 24 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in_eth0
+--A ufw6-user-logging-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw6-user-logging-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw6-user-logging-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j RETURN
+ -A ufw6-user-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j ufw6-user-logging-input
+ -A ufw6-user-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j ACCEPT
+@@ -2890,13 +2890,13 @@ COMMIT
+ -A ufw6-user-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j DROP
+
+ ### tuple ### allow_log any any ::/0 any ::/0 out_eth0
+--A ufw6-user-logging-output -o eth0 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw6-user-logging-output -o eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw6-user-logging-output -o eth0 -j RETURN
+ -A ufw6-user-output -o eth0 -j ufw6-user-logging-output
+ -A ufw6-user-output -o eth0 -j ACCEPT
+
+ ### tuple ### allow_log tcp 24 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 out_eth0
+--A ufw6-user-logging-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw6-user-logging-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw6-user-logging-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j RETURN
+ -A ufw6-user-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j ufw6-user-logging-output
+ -A ufw6-user-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j ACCEPT
+@@ -2912,7 +2912,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+diff --git a/tests/ipv6/logging/result.1.3 b/tests/ipv6/logging/result.1.3
+index 5b0c26d..036b49e 100644
+--- a/tests/ipv6/logging/result.1.3
++++ b/tests/ipv6/logging/result.1.3
+@@ -15,23 +15,23 @@ contents of user*.rules:
+ ### RULES ###
+
+ ### tuple ### allow_log any 23 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p tcp --dport 23 -j RETURN
+ -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp --dport 23 -j ACCEPT
+--A ufw-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p udp --dport 23 -j RETURN
+ -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input
+ -A ufw-user-input -p udp --dport 23 -j ACCEPT
+
+ ### tuple ### allow_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba'
+
+ ### tuple ### allow_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba'
+@@ -48,11 +48,11 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### allow_log any 23 ::/0 any ::/0 in
+--A ufw6-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw6-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN
+ -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input
+ -A ufw6-user-input -p tcp --dport 23 -j ACCEPT
+--A ufw6-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw6-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw6-user-logging-input -p udp --dport 23 -j RETURN
+ -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input
+ -A ufw6-user-input -p udp --dport 23 -j ACCEPT
+@@ -111,7 +111,7 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### allow_log tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in
+--A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN
+ -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input
+ -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ACCEPT
+@@ -303,23 +303,23 @@ contents of user*.rules:
+ ### RULES ###
+
+ ### tuple ### deny_log any 23 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p tcp --dport 23 -j RETURN
+ -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp --dport 23 -j DROP
+--A ufw-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p udp --dport 23 -j RETURN
+ -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input
+ -A ufw-user-input -p udp --dport 23 -j DROP
+
+ ### tuple ### deny_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba'
+
+ ### tuple ### deny_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba'
+@@ -336,11 +336,11 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### deny_log any 23 ::/0 any ::/0 in
+--A ufw6-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw6-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN
+ -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input
+ -A ufw6-user-input -p tcp --dport 23 -j DROP
+--A ufw6-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw6-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw6-user-logging-input -p udp --dport 23 -j RETURN
+ -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input
+ -A ufw6-user-input -p udp --dport 23 -j DROP
+@@ -399,7 +399,7 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### deny_log tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in
+--A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN
+ -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input
+ -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j DROP
+@@ -591,33 +591,33 @@ contents of user*.rules:
+ ### RULES ###
+
+ ### tuple ### limit_log any 23 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p tcp --dport 23 -j RETURN
+ -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input
+--A ufw-user-input -p tcp --dport 23 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp --dport 23 -j ufw-user-limit-accept
+--A ufw-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p udp --dport 23 -j RETURN
+ -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input
+--A ufw-user-input -p udp --dport 23 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p udp --dport 23 -j ufw-user-limit-accept
+
+ ### tuple ### limit_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### tuple ### limit_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### END RULES ###
+@@ -730,30 +730,30 @@ contents of user*.rules:
+ -A ufw-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p tcp --dport 23 -j RETURN
+ -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input
+--A ufw-user-input -p tcp --dport 23 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp --dport 23 -j ufw-user-limit-accept
+ -A ufw-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p udp --dport 23 -j RETURN
+ -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input
+--A ufw-user-input -p udp --dport 23 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p udp --dport 23 -j ufw-user-limit-accept
+
+ ### tuple ### limit_log-all udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### tuple ### limit_log-all tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### END RULES ###
+@@ -863,23 +863,23 @@ contents of user*.rules:
+ ### RULES ###
+
+ ### tuple ### reject_log any 23 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p tcp --dport 23 -j RETURN
+ -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp --dport 23 -j REJECT --reject-with tcp-reset
+--A ufw-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p udp --dport 23 -j RETURN
+ -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input
+ -A ufw-user-input -p udp --dport 23 -j REJECT
+
+ ### tuple ### reject_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j REJECT -m comment --comment 'dapp_Samba'
+
+ ### tuple ### reject_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba'
+@@ -896,11 +896,11 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### reject_log any 23 ::/0 any ::/0 in
+--A ufw6-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw6-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN
+ -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input
+ -A ufw6-user-input -p tcp --dport 23 -j REJECT --reject-with tcp-reset
+--A ufw6-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw6-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw6-user-logging-input -p udp --dport 23 -j RETURN
+ -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input
+ -A ufw6-user-input -p udp --dport 23 -j REJECT
+@@ -959,7 +959,7 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### reject_log tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in
+--A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN
+ -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input
+ -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j REJECT --reject-with tcp-reset
+@@ -1152,13 +1152,13 @@ contents of user*.rules:
+ ### RULES ###
+
+ ### tuple ### allow_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba'
+
+ ### tuple ### allow_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba'
+@@ -1198,13 +1198,13 @@ contents of user*.rules:
+ ### RULES ###
+
+ ### tuple ### deny_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba'
+
+ ### tuple ### deny_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba'
+@@ -1285,13 +1285,13 @@ contents of user*.rules:
+ ### RULES ###
+
+ ### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 in_eth0
+--A ufw-user-logging-input -i eth0 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -i eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -i eth0 -j RETURN
+ -A ufw-user-input -i eth0 -j ufw-user-logging-input
+ -A ufw-user-input -i eth0 -j ACCEPT
+
+ ### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 out_eth0
+--A ufw-user-logging-output -o eth0 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-output -o eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-output -o eth0 -j RETURN
+ -A ufw-user-output -o eth0 -j ufw-user-logging-output
+ -A ufw-user-output -o eth0 -j ACCEPT
+@@ -1308,13 +1308,13 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### allow_log any any ::/0 any ::/0 in_eth0
+--A ufw6-user-logging-input -i eth0 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw6-user-logging-input -i eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw6-user-logging-input -i eth0 -j RETURN
+ -A ufw6-user-input -i eth0 -j ufw6-user-logging-input
+ -A ufw6-user-input -i eth0 -j ACCEPT
+
+ ### tuple ### allow_log tcp 24 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in_eth0
+--A ufw6-user-logging-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw6-user-logging-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw6-user-logging-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j RETURN
+ -A ufw6-user-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j ufw6-user-logging-input
+ -A ufw6-user-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j ACCEPT
+@@ -1326,13 +1326,13 @@ COMMIT
+ -A ufw6-user-input -i eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j DROP
+
+ ### tuple ### allow_log any any ::/0 any ::/0 out_eth0
+--A ufw6-user-logging-output -o eth0 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw6-user-logging-output -o eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw6-user-logging-output -o eth0 -j RETURN
+ -A ufw6-user-output -o eth0 -j ufw6-user-logging-output
+ -A ufw6-user-output -o eth0 -j ACCEPT
+
+ ### tuple ### allow_log tcp 24 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 out_eth0
+--A ufw6-user-logging-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw6-user-logging-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw6-user-logging-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j RETURN
+ -A ufw6-user-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j ufw6-user-logging-output
+ -A ufw6-user-output -o eth0 -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 24 -s 2001:db8::/32 -j ACCEPT
+diff --git a/tests/ipv6/rules6/result b/tests/ipv6/rules6/result
+index 4e6a197..4fd299c 100644
+--- a/tests/ipv6/rules6/result
++++ b/tests/ipv6/rules6/result
+@@ -26,7 +26,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -62,7 +62,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -94,7 +94,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -129,7 +129,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -161,7 +161,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -196,7 +196,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -228,7 +228,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -264,7 +264,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -296,7 +296,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -332,7 +332,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -364,7 +364,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -400,7 +400,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -432,7 +432,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -468,7 +468,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -500,7 +500,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -536,7 +536,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -568,7 +568,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -603,7 +603,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -635,7 +635,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -670,7 +670,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -702,7 +702,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -737,7 +737,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -769,7 +769,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -804,7 +804,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -836,7 +836,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -871,7 +871,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -903,7 +903,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -938,7 +938,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -970,7 +970,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1005,7 +1005,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1037,7 +1037,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1072,7 +1072,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1104,7 +1104,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1139,7 +1139,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1171,7 +1171,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1206,7 +1206,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1238,7 +1238,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1273,7 +1273,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1305,7 +1305,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1340,7 +1340,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1372,7 +1372,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1408,7 +1408,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1440,7 +1440,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1475,7 +1475,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1507,7 +1507,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1542,7 +1542,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1574,7 +1574,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1609,7 +1609,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1641,7 +1641,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1677,7 +1677,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1709,7 +1709,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1745,7 +1745,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1777,7 +1777,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1813,7 +1813,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1845,7 +1845,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1881,7 +1881,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1913,7 +1913,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1949,7 +1949,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1981,7 +1981,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2016,7 +2016,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2048,7 +2048,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2083,7 +2083,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2115,7 +2115,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2150,7 +2150,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2182,7 +2182,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2217,7 +2217,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2249,7 +2249,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2284,7 +2284,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2316,7 +2316,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2351,7 +2351,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2383,7 +2383,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2418,7 +2418,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2450,7 +2450,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2485,7 +2485,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2517,7 +2517,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2552,7 +2552,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2584,7 +2584,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2619,7 +2619,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2651,7 +2651,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2686,7 +2686,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2718,7 +2718,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2753,7 +2753,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2785,7 +2785,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2821,7 +2821,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2853,7 +2853,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3099,7 +3099,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3134,7 +3134,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3169,7 +3169,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3204,7 +3204,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3239,7 +3239,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3274,7 +3274,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3309,7 +3309,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3345,7 +3345,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3380,7 +3380,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3415,7 +3415,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3450,7 +3450,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3485,7 +3485,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3520,7 +3520,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3555,7 +3555,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3590,7 +3590,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3625,7 +3625,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3660,7 +3660,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3695,7 +3695,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3730,7 +3730,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3765,7 +3765,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3800,7 +3800,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3835,7 +3835,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3870,7 +3870,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3905,7 +3905,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3940,7 +3940,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3975,7 +3975,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4010,7 +4010,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4045,7 +4045,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4080,7 +4080,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4115,7 +4115,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4150,7 +4150,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4187,7 +4187,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4223,7 +4223,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4261,7 +4261,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4297,7 +4297,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4335,7 +4335,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4371,7 +4371,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4409,7 +4409,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4445,7 +4445,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4483,7 +4483,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4519,7 +4519,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4557,7 +4557,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4593,7 +4593,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4631,7 +4631,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4667,7 +4667,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4705,7 +4705,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4741,7 +4741,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4779,7 +4779,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4815,7 +4815,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4853,7 +4853,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4889,7 +4889,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4927,7 +4927,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4963,7 +4963,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5001,7 +5001,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5037,7 +5037,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5075,7 +5075,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5111,7 +5111,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5149,7 +5149,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5185,7 +5185,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5223,7 +5223,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5259,7 +5259,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5297,7 +5297,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5333,7 +5333,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5371,7 +5371,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5407,7 +5407,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5445,7 +5445,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5481,7 +5481,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5519,7 +5519,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5555,7 +5555,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5593,7 +5593,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5629,7 +5629,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5667,7 +5667,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5703,7 +5703,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5741,7 +5741,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5777,7 +5777,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5815,7 +5815,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5851,7 +5851,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5889,7 +5889,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5925,7 +5925,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5999,7 +5999,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6034,7 +6034,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6069,7 +6069,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6104,7 +6104,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+diff --git a/tests/ipv6/rules64/result b/tests/ipv6/rules64/result
+index 8703253..cc2d397 100644
+--- a/tests/ipv6/rules64/result
++++ b/tests/ipv6/rules64/result
+@@ -29,7 +29,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -66,7 +66,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -104,7 +104,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -140,7 +140,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -178,7 +178,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -214,7 +214,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -252,7 +252,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -288,7 +288,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -326,7 +326,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -367,7 +367,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -404,7 +404,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -440,7 +440,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -475,7 +475,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -508,7 +508,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -539,8 +539,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp --dport 22 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -548,7 +548,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -593,7 +593,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -630,7 +630,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -668,7 +668,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -704,7 +704,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -742,7 +742,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -785,7 +785,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -828,7 +828,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -871,7 +871,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -914,7 +914,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -958,7 +958,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -994,7 +994,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1029,7 +1029,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1062,7 +1062,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1100,7 +1100,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1136,7 +1136,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1171,7 +1171,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1204,7 +1204,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1242,7 +1242,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1278,7 +1278,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1313,7 +1313,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1346,7 +1346,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1384,7 +1384,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1420,7 +1420,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1455,7 +1455,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1488,7 +1488,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1527,7 +1527,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1564,7 +1564,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1599,7 +1599,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1632,7 +1632,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1670,7 +1670,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1706,7 +1706,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1741,7 +1741,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1774,7 +1774,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1812,7 +1812,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1848,7 +1848,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1883,7 +1883,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1916,7 +1916,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1955,7 +1955,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1991,7 +1991,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2026,7 +2026,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2059,7 +2059,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2097,7 +2097,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2133,7 +2133,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2168,7 +2168,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2201,7 +2201,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2240,7 +2240,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2277,7 +2277,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2312,7 +2312,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2345,7 +2345,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2384,7 +2384,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2428,7 +2428,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2471,7 +2471,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2514,7 +2514,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2558,7 +2558,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2601,7 +2601,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2644,7 +2644,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2685,7 +2685,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2720,7 +2720,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2755,7 +2755,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2790,7 +2790,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2825,7 +2825,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2860,7 +2860,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2895,7 +2895,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3472,7 +3472,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3515,7 +3515,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3558,7 +3558,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3601,7 +3601,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3644,7 +3644,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3687,7 +3687,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3728,7 +3728,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3763,7 +3763,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3798,7 +3798,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3833,7 +3833,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3868,7 +3868,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3903,7 +3903,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3940,7 +3940,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -3976,7 +3976,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4014,7 +4014,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4050,7 +4050,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4088,7 +4088,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4124,7 +4124,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4162,7 +4162,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4198,7 +4198,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4236,7 +4236,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4272,7 +4272,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4310,7 +4310,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4346,7 +4346,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4384,7 +4384,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4420,7 +4420,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4458,7 +4458,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4494,7 +4494,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4532,7 +4532,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4568,7 +4568,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4606,7 +4606,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4642,7 +4642,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4680,7 +4680,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4716,7 +4716,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4754,7 +4754,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4790,7 +4790,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4828,7 +4828,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4864,7 +4864,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4902,7 +4902,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4938,7 +4938,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -4976,7 +4976,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5012,7 +5012,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5050,7 +5050,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5086,7 +5086,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5117,8 +5117,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 34,35 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp -m multiport --dports 34,35 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp -m multiport --dports 34,35 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp -m multiport --dports 34,35 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp -m multiport --dports 34,35 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp -m multiport --dports 34,35 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -5126,7 +5126,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5163,8 +5163,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 34,35:39 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp -m multiport --dports 34,35:39 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp -m multiport --dports 34,35:39 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp -m multiport --dports 34,35:39 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp -m multiport --dports 34,35:39 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp -m multiport --dports 34,35:39 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -5172,7 +5172,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5209,8 +5209,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 35:39 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp -m multiport --dports 35:39 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp -m multiport --dports 35:39 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp -m multiport --dports 35:39 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp -m multiport --dports 35:39 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp -m multiport --dports 35:39 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -5218,7 +5218,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5255,8 +5255,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit tcp 15:19,21,22,23 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp -m multiport --dports 15:19,21,22,23 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp -m multiport --dports 15:19,21,22,23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp -m multiport --dports 15:19,21,22,23 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp -m multiport --dports 15:19,21,22,23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp -m multiport --dports 15:19,21,22,23 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -5264,7 +5264,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5301,8 +5301,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 34,35 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p udp -m multiport --dports 34,35 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp -m multiport --dports 34,35 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp -m multiport --dports 34,35 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp -m multiport --dports 34,35 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p udp -m multiport --dports 34,35 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -5310,7 +5310,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5347,8 +5347,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 34,35:39 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p udp -m multiport --dports 34,35:39 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp -m multiport --dports 34,35:39 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp -m multiport --dports 34,35:39 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp -m multiport --dports 34,35:39 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p udp -m multiport --dports 34,35:39 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -5356,7 +5356,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5393,8 +5393,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 35:39 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p udp -m multiport --dports 35:39 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp -m multiport --dports 35:39 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp -m multiport --dports 35:39 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp -m multiport --dports 35:39 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p udp -m multiport --dports 35:39 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -5402,7 +5402,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5439,8 +5439,8 @@ WARN: Checks disabled
+ ### RULES ###
+
+ ### tuple ### limit udp 15:19,21,22,23 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p udp -m multiport --dports 15:19,21,22,23 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp -m multiport --dports 15:19,21,22,23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp -m multiport --dports 15:19,21,22,23 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp -m multiport --dports 15:19,21,22,23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p udp -m multiport --dports 15:19,21,22,23 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -5448,7 +5448,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5493,7 +5493,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5529,7 +5529,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5568,7 +5568,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5604,7 +5604,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5639,7 +5639,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5672,7 +5672,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5710,7 +5710,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5750,7 +5750,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5794,7 +5794,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5831,7 +5831,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5869,7 +5869,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5905,7 +5905,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5943,7 +5943,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -5979,7 +5979,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6017,7 +6017,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6053,7 +6053,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6091,7 +6091,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6127,7 +6127,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6164,7 +6164,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6199,7 +6199,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6234,7 +6234,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6295,7 +6295,7 @@ ipv4 rule in ipv4 section
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6336,7 +6336,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6380,7 +6380,7 @@ ipv6 rule in ipv6 section
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6425,7 +6425,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6487,7 +6487,7 @@ ipv4 rule in ipv6 section
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6532,7 +6532,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6572,11 +6572,11 @@ COMMIT
+ -A ufw-user-input -p udp -d 127.0.0.1 --dport 23 -j ACCEPT
+
+ ### tuple ### allow_log any 8888 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-logging-input -p tcp --dport 8888 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p tcp --dport 8888 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p tcp --dport 8888 -j RETURN
+ -A ufw-user-input -p tcp --dport 8888 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp --dport 8888 -j ACCEPT
+--A ufw-user-logging-input -p udp --dport 8888 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p udp --dport 8888 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p udp --dport 8888 -j RETURN
+ -A ufw-user-input -p udp --dport 8888 -j ufw-user-logging-input
+ -A ufw-user-input -p udp --dport 8888 -j ACCEPT
+@@ -6586,7 +6586,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6619,11 +6619,11 @@ COMMIT
+ -A ufw6-user-input -p udp -d ::1 --dport 24 -j ACCEPT
+
+ ### tuple ### allow_log any 8888 ::/0 any ::/0 in
+--A ufw6-user-logging-input -p tcp --dport 8888 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw6-user-logging-input -p tcp --dport 8888 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw6-user-logging-input -p tcp --dport 8888 -j RETURN
+ -A ufw6-user-input -p tcp --dport 8888 -j ufw6-user-logging-input
+ -A ufw6-user-input -p tcp --dport 8888 -j ACCEPT
+--A ufw6-user-logging-input -p udp --dport 8888 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw6-user-logging-input -p udp --dport 8888 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw6-user-logging-input -p udp --dport 8888 -j RETURN
+ -A ufw6-user-input -p udp --dport 8888 -j ufw6-user-logging-input
+ -A ufw6-user-input -p udp --dport 8888 -j ACCEPT
+@@ -6637,7 +6637,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6681,7 +6681,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6714,7 +6714,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6768,7 +6768,7 @@ Interfaces
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6810,7 +6810,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6854,7 +6854,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6887,7 +6887,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6940,7 +6940,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -6982,7 +6982,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7026,7 +7026,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7059,7 +7059,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7094,7 +7094,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7137,7 +7137,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7180,7 +7180,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7223,7 +7223,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7264,7 +7264,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7299,7 +7299,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7334,7 +7334,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7369,7 +7369,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7406,7 +7406,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7442,7 +7442,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7480,7 +7480,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -7516,7 +7516,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+diff --git a/tests/root/bugs/result b/tests/root/bugs/result
+index e7ee4da..34bee1a 100644
+--- a/tests/root/bugs/result
++++ b/tests/root/bugs/result
+@@ -34,7 +34,7 @@ WARN: Checks disabled
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+diff --git a/tests/root/live/result b/tests/root/live/result
+index 78148f4..7b183c5 100644
+--- a/tests/root/live/result
++++ b/tests/root/live/result
+@@ -145,8 +145,8 @@ Anywhere ALLOW 192.168.0.0/16
+ -A ufw-user-input -p udp -d 1.2.3.4 --dport 5469 -s 1.2.3.5 --sport 5469 -j ACCEPT
+
+ ### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ ### tuple ### allow any 53 ::/0 any ::/0 in
+ -A ufw6-user-input -p tcp --dport 53 -j ACCEPT
+ -A ufw6-user-input -p udp --dport 53 -j ACCEPT
+@@ -368,8 +368,8 @@ Anywhere ALLOW 192.168.0.0/16
+ -A ufw-user-input -p udp -d 1.2.3.4 --dport 5469 -s 1.2.3.5 --sport 5469 -j ACCEPT
+
+ ### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ TESTING ARGS (delete allow/deny to/from)
+ 48: delete allow 53
+ WARN: Checks disabled
+@@ -1057,8 +1057,8 @@ Status: active
+ -A ufw-user-input -i eth1 -p udp -d 192.168.0.1 --dport 22 -j REJECT
+ --
+ ### tuple ### limit any any 0.0.0.0/0 80 10.0.0.1 in_eth1
+--A ufw-user-input -i eth1 -p tcp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -i eth1 -p tcp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -i eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -i eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ --
+ ### tuple ### allow any any 192.168.0.1 any 10.0.0.1 in_eth1
+ -A ufw-user-input -i eth1 -d 192.168.0.1 -s 10.0.0.1 -j ACCEPT
+@@ -1072,8 +1072,8 @@ Status: active
+ -A ufw-user-input -i eth1 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT
+ --
+ ### tuple ### limit any 22 192.168.0.1 80 10.0.0.1 in_eth1
+--A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ --
+ ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth2
+ -A ufw-user-input -i eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba'
+@@ -1082,11 +1082,11 @@ Status: active
+ -A ufw-user-input -i eth2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba'
+
+ ### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 in_eth0
+--A ufw-user-logging-input -i eth0 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -i eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -i eth0 -j RETURN
+ --
+ ### tuple ### allow_log tcp 24 10.0.0.1 any 192.168.0.1 in_eth0
+--A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j RETURN
+ --
+ ### tuple ### deny_log-all tcp 25 10.0.0.1 any 192.168.0.1 in_eth0
+@@ -1109,7 +1109,7 @@ Status: active
+ -A ufw6-user-input -i eth2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba'
+
+ ### tuple ### allow_log any any ::/0 any ::/0 in_eth0
+--A ufw6-user-logging-input -i eth0 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw6-user-logging-input -i eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw6-user-logging-input -i eth0 -j RETURN
+ --
+ ### tuple ### allow udp 137,138 ::/0 any ::/0 Samba - in_eth0
+@@ -1312,8 +1312,8 @@ Status: active
+ -A ufw-user-output -o eth1 -p udp -d 192.168.0.1 --dport 22 -j REJECT
+ --
+ ### tuple ### limit any any 0.0.0.0/0 80 10.0.0.1 out_eth1
+--A ufw-user-output -o eth1 -p tcp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-output -o eth1 -p tcp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-output -o eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-output -o eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ --
+ ### tuple ### allow any any 192.168.0.1 any 10.0.0.1 out_eth1
+ -A ufw-user-output -o eth1 -d 192.168.0.1 -s 10.0.0.1 -j ACCEPT
+@@ -1327,8 +1327,8 @@ Status: active
+ -A ufw-user-output -o eth1 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT
+ --
+ ### tuple ### limit any 22 192.168.0.1 80 10.0.0.1 out_eth1
+--A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ --
+ ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - out_eth2
+ -A ufw-user-output -o eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba'
+@@ -1337,11 +1337,11 @@ Status: active
+ -A ufw-user-output -o eth2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba'
+
+ ### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 out_eth0
+--A ufw-user-logging-output -o eth0 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-output -o eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-output -o eth0 -j RETURN
+ --
+ ### tuple ### allow_log tcp 24 10.0.0.1 any 192.168.0.1 out_eth0
+--A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j RETURN
+ --
+ ### tuple ### deny_log-all tcp 25 10.0.0.1 any 192.168.0.1 out_eth0
+@@ -1364,7 +1364,7 @@ Status: active
+ -A ufw6-user-output -o eth2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba'
+
+ ### tuple ### allow_log any any ::/0 any ::/0 out_eth0
+--A ufw6-user-logging-output -o eth0 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw6-user-logging-output -o eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw6-user-logging-output -o eth0 -j RETURN
+ --
+ ### tuple ### allow udp 137,138 ::/0 any ::/0 Samba - out_eth0
+@@ -1556,8 +1556,8 @@ Status: active
+ -A ufw-user-input -i eth1 -p udp -d 192.168.0.1 --dport 22 -j REJECT
+ --
+ ### tuple ### limit any any 0.0.0.0/0 80 10.0.0.1 in_eth1
+--A ufw-user-input -i eth1 -p tcp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -i eth1 -p tcp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -i eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -i eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ --
+ ### tuple ### allow any any 192.168.0.1 any 10.0.0.1 in_eth1
+ -A ufw-user-input -i eth1 -d 192.168.0.1 -s 10.0.0.1 -j ACCEPT
+@@ -1571,8 +1571,8 @@ Status: active
+ -A ufw-user-input -i eth1 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT
+ --
+ ### tuple ### limit any 22 192.168.0.1 80 10.0.0.1 in_eth1
+--A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ --
+ ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth2
+ -A ufw-user-input -i eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba'
+@@ -1581,11 +1581,11 @@ Status: active
+ -A ufw-user-input -i eth2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba'
+
+ ### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 in_eth0
+--A ufw-user-logging-input -i eth0 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -i eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -i eth0 -j RETURN
+ --
+ ### tuple ### allow_log tcp 24 10.0.0.1 any 192.168.0.1 in_eth0
+--A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -i eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j RETURN
+ --
+ ### tuple ### deny_log-all tcp 25 10.0.0.1 any 192.168.0.1 in_eth0
+@@ -1777,8 +1777,8 @@ Status: active
+ -A ufw-user-output -o eth1 -p udp -d 192.168.0.1 --dport 22 -j REJECT
+ --
+ ### tuple ### limit any any 0.0.0.0/0 80 10.0.0.1 out_eth1
+--A ufw-user-output -o eth1 -p tcp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-output -o eth1 -p tcp -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-output -o eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-output -o eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ --
+ ### tuple ### allow any any 192.168.0.1 any 10.0.0.1 out_eth1
+ -A ufw-user-output -o eth1 -d 192.168.0.1 -s 10.0.0.1 -j ACCEPT
+@@ -1792,8 +1792,8 @@ Status: active
+ -A ufw-user-output -o eth1 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT
+ --
+ ### tuple ### limit any 22 192.168.0.1 80 10.0.0.1 out_eth1
+--A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ --
+ ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - out_eth2
+ -A ufw-user-output -o eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba'
+@@ -1802,11 +1802,11 @@ Status: active
+ -A ufw-user-output -o eth2 -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba'
+
+ ### tuple ### allow_log any any 0.0.0.0/0 any 0.0.0.0/0 out_eth0
+--A ufw-user-logging-output -o eth0 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-output -o eth0 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-output -o eth0 -j RETURN
+ --
+ ### tuple ### allow_log tcp 24 10.0.0.1 any 192.168.0.1 out_eth0
+--A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-output -o eth0 -p tcp -d 10.0.0.1 --dport 24 -s 192.168.0.1 -j RETURN
+ --
+ ### tuple ### deny_log-all tcp 25 10.0.0.1 any 192.168.0.1 out_eth0
+diff --git a/tests/root/live_apps/result b/tests/root/live_apps/result
+index c0aa6e2..cb97ffb 100644
+--- a/tests/root/live_apps/result
++++ b/tests/root/live_apps/result
+@@ -1235,7 +1235,7 @@ Rule inserted
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1318,7 +1318,7 @@ Rule deleted
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1444,7 +1444,7 @@ Rule inserted
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1543,7 +1543,7 @@ Rule deleted
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1647,7 +1647,7 @@ Rule inserted (v6)
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1696,7 +1696,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1755,7 +1755,7 @@ Rule deleted (v6)
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1788,7 +1788,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1889,7 +1889,7 @@ Rule inserted
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1932,7 +1932,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2005,7 +2005,7 @@ Rule deleted
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2038,7 +2038,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -2173,23 +2173,23 @@ Samba on eth0 LIMIT 10.0.0.1
+
+
+ ### tuple ### limit udp 137,138 192.168.0.1 any 0.0.0.0/0 Samba - in_eth0
+--A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+ --
+ ### tuple ### limit tcp 139,445 192.168.0.1 any 0.0.0.0/0 Samba - in_eth0
+--A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+ --
+ ### tuple ### limit udp 137,138 0.0.0.0/0 any 10.0.0.1 Samba - in_eth0
+--A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -i eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+ --
+ ### tuple ### limit tcp 139,445 0.0.0.0/0 any 10.0.0.1 Samba - in_eth0
+--A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -i eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+ 225: delete limit in on eth0 to 192.168.0.1 app Samba
+ WARN: Checks disabled
+@@ -2447,23 +2447,23 @@ Samba LIMIT OUT 10.0.0.1 on eth0
+
+
+ ### tuple ### limit udp 137,138 192.168.0.1 any 0.0.0.0/0 Samba - out_eth0
+--A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -d 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+ --
+ ### tuple ### limit tcp 139,445 192.168.0.1 any 0.0.0.0/0 Samba - out_eth0
+--A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -d 192.168.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+ --
+ ### tuple ### limit udp 137,138 0.0.0.0/0 any 10.0.0.1 Samba - out_eth0
+--A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-output -o eth0 -p udp -m multiport --dports 137,138 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+ --
+ ### tuple ### limit tcp 139,445 0.0.0.0/0 any 10.0.0.1 Samba - out_eth0
+--A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-output -o eth0 -p tcp -m multiport --dports 139,445 -s 10.0.0.1 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+ 259: delete limit out on eth0 to 192.168.0.1 app Samba
+ WARN: Checks disabled
+diff --git a/tests/root/logging/result b/tests/root/logging/result
+index bbcc434..583ec46 100644
+--- a/tests/root/logging/result
++++ b/tests/root/logging/result
+@@ -35,23 +35,23 @@ contents of user*.rules:
+ ### RULES ###
+
+ ### tuple ### allow_log any 23 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p tcp --dport 23 -j RETURN
+ -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp --dport 23 -j ACCEPT
+--A ufw-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p udp --dport 23 -j RETURN
+ -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input
+ -A ufw-user-input -p udp --dport 23 -j ACCEPT
+
+ ### tuple ### allow_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba'
+
+ ### tuple ### allow_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba'
+@@ -61,7 +61,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -90,29 +90,29 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### allow_log any 23 ::/0 any ::/0 in
+--A ufw6-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw6-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN
+ -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input
+ -A ufw6-user-input -p tcp --dport 23 -j ACCEPT
+--A ufw6-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw6-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw6-user-logging-input -p udp --dport 23 -j RETURN
+ -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input
+ -A ufw6-user-input -p udp --dport 23 -j ACCEPT
+
+ ### tuple ### allow_log udp 137,138 ::/0 any ::/0 Samba - in
+--A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ufw6-user-logging-input
+ -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba'
+
+ ### tuple ### allow_log tcp 139,445 ::/0 any ::/0 Samba - in
+--A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ufw6-user-logging-input
+ -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba'
+
+ ### tuple ### allow_log tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in
+--A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
++-A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
+ -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN
+ -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input
+ -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ACCEPT
+@@ -122,7 +122,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -167,7 +167,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -200,7 +200,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -261,7 +261,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -322,7 +322,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -367,7 +367,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -400,7 +400,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -435,23 +435,23 @@ contents of user*.rules:
+ ### RULES ###
+
+ ### tuple ### deny_log any 23 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p tcp --dport 23 -j RETURN
+ -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp --dport 23 -j DROP
+--A ufw-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p udp --dport 23 -j RETURN
+ -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input
+ -A ufw-user-input -p udp --dport 23 -j DROP
+
+ ### tuple ### deny_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba'
+
+ ### tuple ### deny_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba'
+@@ -461,7 +461,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -490,29 +490,29 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### deny_log any 23 ::/0 any ::/0 in
+--A ufw6-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw6-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN
+ -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input
+ -A ufw6-user-input -p tcp --dport 23 -j DROP
+--A ufw6-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw6-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw6-user-logging-input -p udp --dport 23 -j RETURN
+ -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input
+ -A ufw6-user-input -p udp --dport 23 -j DROP
+
+ ### tuple ### deny_log udp 137,138 ::/0 any ::/0 Samba - in
+--A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ufw6-user-logging-input
+ -A ufw6-user-input -p udp -m multiport --dports 137,138 -j DROP -m comment --comment 'dapp_Samba'
+
+ ### tuple ### deny_log tcp 139,445 ::/0 any ::/0 Samba - in
+--A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ufw6-user-logging-input
+ -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j DROP -m comment --comment 'dapp_Samba'
+
+ ### tuple ### deny_log tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in
+--A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN
+ -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input
+ -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j DROP
+@@ -522,7 +522,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -567,7 +567,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -600,7 +600,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -661,7 +661,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -722,7 +722,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -767,7 +767,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -800,7 +800,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -835,33 +835,33 @@ contents of user*.rules:
+ ### RULES ###
+
+ ### tuple ### limit_log any 23 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p tcp --dport 23 -j RETURN
+ -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input
+--A ufw-user-input -p tcp --dport 23 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp --dport 23 -j ufw-user-limit-accept
+--A ufw-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p udp --dport 23 -j RETURN
+ -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input
+--A ufw-user-input -p udp --dport 23 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p udp --dport 23 -j ufw-user-limit-accept
+
+ ### tuple ### limit_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### tuple ### limit_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### END RULES ###
+@@ -869,7 +869,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -902,7 +902,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -947,7 +947,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -980,7 +980,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1018,30 +1018,30 @@ contents of user*.rules:
+ -A ufw-user-logging-input -p tcp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p tcp --dport 23 -j RETURN
+ -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input
+--A ufw-user-input -p tcp --dport 23 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp --dport 23 -j ufw-user-limit-accept
+ -A ufw-user-logging-input -p udp --dport 23 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p udp --dport 23 -j RETURN
+ -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input
+--A ufw-user-input -p udp --dport 23 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p udp --dport 23 -j ufw-user-limit-accept
+
+ ### tuple ### limit_log-all udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -p udp -m multiport --dports 137,138 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### tuple ### limit_log-all tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW LIMIT] "
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --set -m comment --comment 'dapp_Samba'
+--A ufw-user-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --set -m comment --comment 'dapp_Samba'
++-A ufw-user-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit -m comment --comment 'dapp_Samba'
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-limit-accept -m comment --comment 'dapp_Samba'
+
+ ### END RULES ###
+@@ -1049,7 +1049,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1082,7 +1082,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1127,7 +1127,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1160,7 +1160,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1195,23 +1195,23 @@ contents of user*.rules:
+ ### RULES ###
+
+ ### tuple ### reject_log any 23 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p tcp --dport 23 -j RETURN
+ -A ufw-user-input -p tcp --dport 23 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp --dport 23 -j REJECT --reject-with tcp-reset
+--A ufw-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p udp --dport 23 -j RETURN
+ -A ufw-user-input -p udp --dport 23 -j ufw-user-logging-input
+ -A ufw-user-input -p udp --dport 23 -j REJECT
+
+ ### tuple ### reject_log udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j ufw-user-logging-input
+ -A ufw-user-input -p udp -m multiport --dports 137,138 -j REJECT -m comment --comment 'dapp_Samba'
+
+ ### tuple ### reject_log tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+--A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ufw-user-logging-input
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba'
+@@ -1221,7 +1221,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1250,29 +1250,29 @@ COMMIT
+ ### RULES ###
+
+ ### tuple ### reject_log any 23 ::/0 any ::/0 in
+--A ufw6-user-logging-input -p tcp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw6-user-logging-input -p tcp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw6-user-logging-input -p tcp --dport 23 -j RETURN
+ -A ufw6-user-input -p tcp --dport 23 -j ufw6-user-logging-input
+ -A ufw6-user-input -p tcp --dport 23 -j REJECT --reject-with tcp-reset
+--A ufw6-user-logging-input -p udp --dport 23 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw6-user-logging-input -p udp --dport 23 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw6-user-logging-input -p udp --dport 23 -j RETURN
+ -A ufw6-user-input -p udp --dport 23 -j ufw6-user-logging-input
+ -A ufw6-user-input -p udp --dport 23 -j REJECT
+
+ ### tuple ### reject_log udp 137,138 ::/0 any ::/0 Samba - in
+--A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw6-user-logging-input -p udp -m multiport --dports 137,138 -j RETURN
+ -A ufw6-user-input -p udp -m multiport --dports 137,138 -j ufw6-user-logging-input
+ -A ufw6-user-input -p udp -m multiport --dports 137,138 -j REJECT -m comment --comment 'dapp_Samba'
+
+ ### tuple ### reject_log tcp 139,445 ::/0 any ::/0 Samba - in
+--A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw6-user-logging-input -p tcp -m multiport --dports 139,445 -j RETURN
+ -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ufw6-user-logging-input
+ -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j REJECT --reject-with tcp-reset -m comment --comment 'dapp_Samba'
+
+ ### tuple ### reject_log tcp 25 2001:db8:3:4:5:6:7:8 any 2001:db8::/32 in
+--A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m state --state NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
++-A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -m conntrack --ctstate NEW -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
+ -A ufw6-user-logging-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j RETURN
+ -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j ufw6-user-logging-input
+ -A ufw6-user-input -p tcp -d 2001:db8:3:4:5:6:7:8 --dport 25 -s 2001:db8::/32 -j REJECT --reject-with tcp-reset
+@@ -1282,7 +1282,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1327,7 +1327,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1360,7 +1360,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1421,7 +1421,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1482,7 +1482,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1527,7 +1527,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1560,7 +1560,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1590,7 +1590,7 @@ contents of user*.rules:
+ ### LOGGING ###
+ -A ufw-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+@@ -1623,7 +1623,7 @@ COMMIT
+ ### LOGGING ###
+ -A ufw6-after-logging-input -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-after-logging-forward -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+--I ufw6-logging-deny -m state --state INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
++-I ufw6-logging-deny -m conntrack --ctstate INVALID -j RETURN -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-deny -j LOG --log-prefix "[UFW BLOCK] " -m limit --limit 3/min --limit-burst 10
+ -A ufw6-logging-allow -j LOG --log-prefix "[UFW ALLOW] " -m limit --limit 3/min --limit-burst 10
+ ### END LOGGING ###
+diff --git a/tests/root/valid/result b/tests/root/valid/result
+index 3a493da..320a728 100644
+--- a/tests/root/valid/result
++++ b/tests/root/valid/result
+@@ -234,8 +234,8 @@ Rules updated
+ -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP
+
+ ### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ 27: deny 53
+ WARN: Checks disabled
+ Rules updated
+@@ -255,8 +255,8 @@ Rules updated
+ -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP
+
+ ### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ 28: allow 80/tcp
+ WARN: Checks disabled
+ Rules updated
+@@ -276,8 +276,8 @@ Rules updated
+ -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP
+
+ ### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ 29: allow from 10.0.0.0/8
+ WARN: Checks disabled
+ Rules updated
+@@ -297,8 +297,8 @@ Rules updated
+ -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP
+
+ ### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ --
+ ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in
+ -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT
+@@ -322,8 +322,8 @@ Rules updated
+ -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP
+
+ ### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ --
+ ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in
+ -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT
+@@ -350,8 +350,8 @@ Rules updated
+ -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP
+
+ ### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ --
+ ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in
+ -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT
+@@ -381,8 +381,8 @@ Rules updated
+ -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP
+
+ ### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ --
+ ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in
+ -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT
+@@ -415,8 +415,8 @@ Rules updated
+ -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP
+
+ ### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ --
+ ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in
+ -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT
+@@ -452,8 +452,8 @@ Rules updated
+ -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP
+
+ ### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ --
+ ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in
+ -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT
+@@ -1173,8 +1173,8 @@ Rules updated
+
+
+ ### tuple ### limit any any 0.0.0.0/0 any 192.168.0.1 in
+--A ufw-user-input -s 192.168.0.1 -m state --state NEW -m recent --set
+--A ufw-user-input -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -s 192.168.0.1 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -1189,8 +1189,8 @@ Rules updated
+
+
+ ### tuple ### limit any any 10.0.0.1 any 0.0.0.0/0 in
+--A ufw-user-input -d 10.0.0.1 -m state --state NEW -m recent --set
+--A ufw-user-input -d 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -d 10.0.0.1 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -d 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -d 10.0.0.1 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -1205,8 +1205,8 @@ Rules updated
+
+
+ ### tuple ### limit any any 10.0.0.1 any 192.168.0.1 in
+--A ufw-user-input -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m recent --set
+--A ufw-user-input -d 10.0.0.1 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -d 10.0.0.1 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -d 10.0.0.1 -s 192.168.0.1 -j ufw-user-limit-accept
+
+ ### END RULES ###
+@@ -1221,11 +1221,11 @@ Rules updated
+
+
+ ### tuple ### limit any any 0.0.0.0/0 80 192.168.0.1 in
+--A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept
+--A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ 151: delete limit from 192.168.0.1 port 80
+ WARN: Checks disabled
+ Rules updated
+@@ -1237,11 +1237,11 @@ Rules updated
+
+
+ ### tuple ### limit any 25 10.0.0.1 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -j ufw-user-limit-accept
+--A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ 153: delete limit to 10.0.0.1 port 25
+ WARN: Checks disabled
+ Rules updated
+@@ -1253,11 +1253,11 @@ Rules updated
+
+
+ ### tuple ### limit any any 10.0.0.1 80 192.168.0.1 in
+--A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept
+--A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ 155: delete limit to 10.0.0.1 from 192.168.0.1 port 80
+ WARN: Checks disabled
+ Rules updated
+@@ -1269,11 +1269,11 @@ Rules updated
+
+
+ ### tuple ### limit any 25 10.0.0.1 any 192.168.0.1 in
+--A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -j ufw-user-limit-accept
+--A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ 157: delete limit to 10.0.0.1 port 25 from 192.168.0.1
+ WARN: Checks disabled
+ Rules updated
+@@ -1285,11 +1285,11 @@ Rules updated
+
+
+ ### tuple ### limit any 25 10.0.0.1 80 192.168.0.1 in
+--A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ -A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -j ufw-user-limit-accept
+--A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ 159: delete limit to 10.0.0.1 port 25 from 192.168.0.1 port 80
+ WARN: Checks disabled
+ Rules updated
+@@ -1301,8 +1301,8 @@ Rules updated
+
+
+ ### tuple ### limit udp any 0.0.0.0/0 80 192.168.0.1 in
+--A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ 161: delete limit from 192.168.0.1 port 80 proto udp
+ WARN: Checks disabled
+ Rules updated
+@@ -1314,8 +1314,8 @@ Rules updated
+
+
+ ### tuple ### limit udp 25 10.0.0.1 any 0.0.0.0/0 in
+--A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ 163: delete limit to 10.0.0.1 port 25 proto udp
+ WARN: Checks disabled
+ Rules updated
+@@ -1327,8 +1327,8 @@ Rules updated
+
+
+ ### tuple ### limit udp any 10.0.0.1 80 192.168.0.1 in
+--A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ 165: delete limit to 10.0.0.1 from 192.168.0.1 port 80 proto udp
+ WARN: Checks disabled
+ Rules updated
+@@ -1340,8 +1340,8 @@ Rules updated
+
+
+ ### tuple ### limit udp 25 10.0.0.1 any 192.168.0.1 in
+--A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ 167: delete limit to 10.0.0.1 port 25 proto udp from 192.168.0.1
+ WARN: Checks disabled
+ Rules updated
+@@ -1353,8 +1353,8 @@ Rules updated
+
+
+ ### tuple ### limit udp 25 10.0.0.1 80 192.168.0.1 in
+--A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ 169: delete limit to 10.0.0.1 port 25 proto udp from 192.168.0.1 port 80
+ WARN: Checks disabled
+ Rules updated
+@@ -1366,8 +1366,8 @@ Rules updated
+
+
+ ### tuple ### limit tcp any 0.0.0.0/0 80 192.168.0.1 in
+--A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ 171: delete limit from 192.168.0.1 port 80 proto tcp
+ WARN: Checks disabled
+ Rules updated
+@@ -1379,8 +1379,8 @@ Rules updated
+
+
+ ### tuple ### limit tcp 25 10.0.0.1 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ 173: delete limit to 10.0.0.1 port 25 proto tcp
+ WARN: Checks disabled
+ Rules updated
+@@ -1392,8 +1392,8 @@ Rules updated
+
+
+ ### tuple ### limit tcp any 10.0.0.1 80 192.168.0.1 in
+--A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp -d 10.0.0.1 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ 175: delete limit to 10.0.0.1 from 192.168.0.1 port 80 proto tcp
+ WARN: Checks disabled
+ Rules updated
+@@ -1405,8 +1405,8 @@ Rules updated
+
+
+ ### tuple ### limit tcp 25 10.0.0.1 any 192.168.0.1 in
+--A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ 177: delete limit to 10.0.0.1 port 25 proto tcp from 192.168.0.1
+ WARN: Checks disabled
+ Rules updated
+@@ -1418,8 +1418,8 @@ Rules updated
+
+
+ ### tuple ### limit tcp 25 10.0.0.1 80 192.168.0.1 in
+--A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp -d 10.0.0.1 --dport 25 -s 192.168.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ 179: delete limit to 10.0.0.1 port 25 proto tcp from 192.168.0.1 port 80
+ WARN: Checks disabled
+ Rules updated
+diff --git a/tests/root/valid6/result b/tests/root/valid6/result
+index dc76378..74fcd86 100644
+--- a/tests/root/valid6/result
++++ b/tests/root/valid6/result
+@@ -1670,8 +1670,8 @@ Rules updated
+
+
+ ### tuple ### limit ah any 10.0.0.1 any 0.0.0.0/0 in
+--A ufw-user-input -p ah -d 10.0.0.1 -m state --state NEW -m recent --set
+--A ufw-user-input -p ah -d 10.0.0.1 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p ah -d 10.0.0.1 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p ah -d 10.0.0.1 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ 249: delete limit to 10.0.0.1 proto ah
+ WARN: Checks disabled
+ Rules updated
+diff --git a/tests/root_kern/limit6/result b/tests/root_kern/limit6/result
+index 008d993..7a3a1ad 100644
+--- a/tests/root_kern/limit6/result
++++ b/tests/root_kern/limit6/result
+@@ -40,27 +40,27 @@ Anywhere (v6) LIMIT 24/udp
+
+
+ ### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --set
+--A ufw-user-input -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ --
+ ### tuple ### limit udp any 0.0.0.0/0 24 0.0.0.0/0 in
+--A ufw-user-input -p udp --sport 24 -m state --state NEW -m recent --set
+--A ufw-user-input -p udp --sport 24 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -p udp --sport 24 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p udp --sport 24 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ --
+ ### tuple ### limit any 23 0.0.0.0/0 any 0.0.0.0/0 in_eth1
+--A ufw-user-input -i eth1 -p tcp --dport 23 -m state --state NEW -m recent --set
+--A ufw-user-input -i eth1 -p tcp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++-A ufw-user-input -i eth1 -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -i eth1 -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ ### tuple ### limit tcp 22 ::/0 any ::/0 in
+--A ufw6-user-input -p tcp --dport 22 -m state --state NEW -m recent --set
+--A ufw6-user-input -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw6-user-limit
++-A ufw6-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set
++-A ufw6-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw6-user-limit
+ --
+ ### tuple ### limit udp any ::/0 24 ::/0 in
+--A ufw6-user-input -p udp --sport 24 -m state --state NEW -m recent --set
+--A ufw6-user-input -p udp --sport 24 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw6-user-limit
++-A ufw6-user-input -p udp --sport 24 -m conntrack --ctstate NEW -m recent --set
++-A ufw6-user-input -p udp --sport 24 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw6-user-limit
+ --
+ ### tuple ### limit any 23 ::/0 any ::/0 in_eth1
+--A ufw6-user-input -i eth1 -p tcp --dport 23 -m state --state NEW -m recent --set
+--A ufw6-user-input -i eth1 -p tcp --dport 23 -m state --state NEW -m recent --update --seconds 30 --hitcount 6 -j ufw6-user-limit
++-A ufw6-user-input -i eth1 -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --set
++-A ufw6-user-input -i eth1 -p tcp --dport 23 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw6-user-limit
+ TESTING ARGS (delete allow/deny to/from)
+ 6: delete limit 22/tcp
+ WARN: Checks disabled
diff --git a/meta-networking/recipes-connectivity/ufw/ufw/0008-support-.-setup.py-build-LP-819600.patch b/meta-networking/recipes-connectivity/ufw/ufw/0008-support-.-setup.py-build-LP-819600.patch
new file mode 100644
index 0000000000..4184e33f41
--- /dev/null
+++ b/meta-networking/recipes-connectivity/ufw/ufw/0008-support-.-setup.py-build-LP-819600.patch
@@ -0,0 +1,93 @@
+support ./setup.py build (LP: #819600)
+
+Written by Jamie Strandboge <jamie@canonical.com>
+
+The patch was imported from git://git.launchpad.net/ufw
+commit id 10dc74cdc0948e4038d2921e7428cbf2896df98c
+
+Removed ChangeLog patch due to backport status of this patch.
+Modified for statement to match the one in 0.33 setup.py
+
+Upstream-Status: Backport
+Signed-off-by: Jate Sujjavanich <jatedev@gmail.com>
+
+diff --git a/setup.py b/setup.py
+index 730c568..4e1ec9a 100644
+--- a/setup.py
++++ b/setup.py
+@@ -64,37 +64,44 @@ class Install(_install, object):
+ real_sharedir = os.path.join(real_prefix, 'share', 'ufw')
+
+ # Update the modules' paths
+- for file in [ 'common.py', 'util.py' ]:
+- print("Updating " + file)
+- subprocess.call(["sed",
+- "-i",
+- "s%#CONFIG_PREFIX#%" + real_confdir + "%g",
+- os.path.join('staging', file)])
+-
+- subprocess.call(["sed",
+- "-i",
+- "s%#STATE_PREFIX#%" + real_statedir + "%g",
+- os.path.join('staging', file)])
+-
+- subprocess.call(["sed",
+- "-i",
+- "s%#PREFIX#%" + real_prefix + "%g",
+- os.path.join('staging', file)])
+-
+- subprocess.call(["sed",
+- "-i",
+- "s%#IPTABLES_DIR#%" + iptables_dir + "%g",
+- os.path.join('staging', file)])
+-
+- subprocess.call(["sed",
+- "-i",
+- "s%#SHARE_DIR#%" + real_sharedir + "%g",
+- os.path.join('staging', file)])
+-
+- subprocess.call(["sed",
+- "-i.jjm",
+- "s%/sbin/iptables%" + iptables_exe + "%g",
+- os.path.join('staging', file)])
++ for fn in [ 'common.py', 'util.py' ]:
++ # 'staging' is used with just 'install' but build_lib is used when
++ # using 'build'. We could probably override 'def build()' but this
++ # at least works
++ for d in [os.path.join(self.build_lib, "ufw"), 'staging']:
++ f = os.path.join(d, fn)
++ if not os.path.exists(f):
++ continue
++ print("Updating " + f)
++ subprocess.call(["sed",
++ "-i",
++ "s%#CONFIG_PREFIX#%" + real_confdir + "%g",
++ f])
++
++ subprocess.call(["sed",
++ "-i",
++ "s%#STATE_PREFIX#%" + real_statedir + "%g",
++ f])
++
++ subprocess.call(["sed",
++ "-i",
++ "s%#PREFIX#%" + real_prefix + "%g",
++ f])
++
++ subprocess.call(["sed",
++ "-i",
++ "s%#IPTABLES_DIR#%" + iptables_dir + "%g",
++ f])
++
++ subprocess.call(["sed",
++ "-i",
++ "s%#SHARE_DIR#%" + real_sharedir + "%g",
++ f])
++
++ subprocess.call(["sed",
++ "-i.jjm",
++ "s%/sbin/iptables%" + iptables_exe + "%g",
++ f])
+
+ # Now byte-compile everything
+ super(Install, self).run()
diff --git a/meta-networking/recipes-connectivity/ufw/ufw/0009-adjust-runtime-tests-to-use-daytime-port.patch b/meta-networking/recipes-connectivity/ufw/ufw/0009-adjust-runtime-tests-to-use-daytime-port.patch
new file mode 100644
index 0000000000..5f9e68df82
--- /dev/null
+++ b/meta-networking/recipes-connectivity/ufw/ufw/0009-adjust-runtime-tests-to-use-daytime-port.patch
@@ -0,0 +1,2895 @@
+adjust runtime tests to use daytime/port 13 instead of ssh/port 22 everywhere
+
+and adjust to use daytime/port 13 instead of http/port 80 and https/port 443 in
+good/logging and ipv6/bad_args6 (Closes: 849628)
+
+Patch from git://git.launchpad.net/ufw
+Commit f1ecc2475f8612f1ea87bd43a088d39009145dd8
+
+Written by Jamie Strandboge <jamie@ubuntu.com>
+
+Removed code not present (tests/live_route).
+Omitted result output that did not seem to change.
+
+Upstream-Status: Backport
+Signed-off-by: Jate Sujjavanich <jatedev@gmail.com>
+
+diff --git a/tests/root/bugs/result b/tests/root/bugs/result
+index 34bee1a..d1fab59 100644
+--- a/tests/root/bugs/result
++++ b/tests/root/bugs/result
+@@ -94,7 +94,7 @@ Could not delete non-existent rule
+
+
+ iptables -L -n:
+-ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 /* 'dapp_Apache' */
++ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 /* 'dapp_Apache' */
+
+ Chain ufw-user-limit (0 references)
+ 10: delete allow Apache
+@@ -254,7 +254,7 @@ WARN: Checks disabled
+ Status: active
+
+
+-37: delete allow 22
++37: delete allow 13
+ WARN: Checks disabled
+ Could not delete non-existent rule
+ Could not delete non-existent rule (v6)
+@@ -266,7 +266,7 @@ Could not delete non-existent rule
+ Could not delete non-existent rule (v6)
+
+
+-39: delete allow to 127.0.0.1 port 22
++39: delete allow to 127.0.0.1 port 13
+ WARN: Checks disabled
+ Could not delete non-existent rule
+
+@@ -276,7 +276,7 @@ WARN: Checks disabled
+ Could not delete non-existent rule
+
+
+-41: delete allow to ::1 port 22
++41: delete allow to ::1 port 13
+ WARN: Checks disabled
+ Could not delete non-existent rule (v6)
+
+diff --git a/tests/root/bugs/runtest.sh b/tests/root/bugs/runtest.sh
+index 0c4db9b..4bd68d7 100755
+--- a/tests/root/bugs/runtest.sh
++++ b/tests/root/bugs/runtest.sh
+@@ -93,11 +93,11 @@ sed -i "s/IPV6=.*/IPV6=yes/" $TESTPATH/etc/default/ufw
+ do_cmd "0" nostats disable
+ do_cmd "0" nostats enable
+ do_cmd "0" status
+-do_cmd "0" delete allow 22
++do_cmd "0" delete allow 13
+ do_cmd "0" delete allow Apache
+-do_cmd "0" delete allow to 127.0.0.1 port 22
++do_cmd "0" delete allow to 127.0.0.1 port 13
+ do_cmd "0" delete allow to 127.0.0.1 app Apache
+-do_cmd "0" delete allow to ::1 port 22
++do_cmd "0" delete allow to ::1 port 13
+ do_cmd "0" delete allow to ::1 app Apache
+ do_cmd "0" status
+
+diff --git a/tests/root/live/result b/tests/root/live/result
+index 7b183c5..e862327 100644
+--- a/tests/root/live/result
++++ b/tests/root/live/result
+@@ -71,7 +71,7 @@ WARN: Checks disabled
+ Rule added
+
+
+-14: limit 22/tcp
++14: limit 13/tcp
+ WARN: Checks disabled
+ Rule added
+ Skipping unsupported IPv6 'limit' rule
+@@ -103,7 +103,7 @@ Anywhere ALLOW 172.16.0.0/12
+ Anywhere ALLOW 192.168.0.0/16
+ 514/udp DENY 1.2.3.4
+ 1.2.3.4 5469/udp ALLOW 1.2.3.5 5469/udp
+-22/tcp LIMIT Anywhere
++13/tcp LIMIT Anywhere
+ 53 ALLOW Anywhere (v6)
+ 23/tcp ALLOW Anywhere (v6)
+ 25/tcp ALLOW Anywhere (v6)
+@@ -144,9 +144,9 @@ Anywhere ALLOW 192.168.0.0/16
+ ### tuple ### allow udp 5469 1.2.3.4 5469 1.2.3.5 in
+ -A ufw-user-input -p udp -d 1.2.3.4 --dport 5469 -s 1.2.3.5 --sport 5469 -j ACCEPT
+
+-### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set
+--A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ ### tuple ### allow any 53 ::/0 any ::/0 in
+ -A ufw6-user-input -p tcp --dport 53 -j ACCEPT
+ -A ufw6-user-input -p udp --dport 53 -j ACCEPT
+@@ -221,7 +221,7 @@ WARN: Checks disabled
+ Rule deleted
+
+
+-28: delete limit 22/tcp
++28: delete limit 13/tcp
+ WARN: Checks disabled
+ Rule deleted
+ Skipping unsupported IPv6 'limit' rule
+@@ -311,7 +311,7 @@ WARN: Checks disabled
+ Rule added
+
+
+-46: limit 22/tcp
++46: limit 13/tcp
+ WARN: Checks disabled
+ Rule added
+
+@@ -332,7 +332,7 @@ Anywhere ALLOW 172.16.0.0/12
+ Anywhere ALLOW 192.168.0.0/16
+ 514/udp DENY 1.2.3.4
+ 1.2.3.4 5469/udp ALLOW 1.2.3.5 5469/udp
+-22/tcp LIMIT Anywhere
++13/tcp LIMIT Anywhere
+
+
+
+@@ -367,9 +367,9 @@ Anywhere ALLOW 192.168.0.0/16
+ ### tuple ### allow udp 5469 1.2.3.4 5469 1.2.3.5 in
+ -A ufw-user-input -p udp -d 1.2.3.4 --dport 5469 -s 1.2.3.5 --sport 5469 -j ACCEPT
+
+-### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set
+--A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ TESTING ARGS (delete allow/deny to/from)
+ 48: delete allow 53
+ WARN: Checks disabled
+@@ -421,7 +421,7 @@ WARN: Checks disabled
+ Rule deleted
+
+
+-58: delete limit 22/tcp
++58: delete limit 13/tcp
+ WARN: Checks disabled
+ Rule deleted
+
+@@ -667,7 +667,7 @@ WARN: Checks disabled
+ Rule added
+
+
+-99: limit 22/tcp
++99: limit 13/tcp
+ WARN: Checks disabled
+ Rule added
+ Skipping unsupported IPv6 'limit' rule
+@@ -699,7 +699,7 @@ Status: active
+ [ 8] Anywhere ALLOW IN 192.168.0.0/16
+ [ 9] 514/udp DENY IN 1.2.3.4
+ [10] 1.2.3.4 5469/udp ALLOW IN 1.2.3.5 5469/udp
+-[11] 22/tcp LIMIT IN Anywhere
++[11] 13/tcp LIMIT IN Anywhere
+ [12] 53 ALLOW IN Anywhere (v6)
+ [13] 23/tcp ALLOW IN Anywhere (v6)
+ [14] 25/tcp ALLOW IN Anywhere (v6)
+@@ -763,7 +763,7 @@ WARN: Checks disabled
+ Rule deleted
+
+
+-113: delete limit 22/tcp
++113: delete limit 13/tcp
+ WARN: Checks disabled
+ Rule deleted
+ Skipping unsupported IPv6 'limit' rule
+@@ -841,7 +841,7 @@ WARN: Checks disabled
+ Rule added
+
+
+-129: limit 22/tcp
++129: limit 13/tcp
+ WARN: Checks disabled
+ Rule added
+
+@@ -862,7 +862,7 @@ Status: active
+ [ 8] Anywhere ALLOW IN 192.168.0.0/16
+ [ 9] 514/udp DENY IN 1.2.3.4
+ [10] 1.2.3.4 5469/udp ALLOW IN 1.2.3.5 5469/udp
+-[11] 22/tcp LIMIT IN Anywhere
++[11] 13/tcp LIMIT IN Anywhere
+
+
+
+@@ -916,7 +916,7 @@ WARN: Checks disabled
+ Rule deleted
+
+
+-141: delete limit 22/tcp
++141: delete limit 13/tcp
+ WARN: Checks disabled
+ Rule deleted
+
+@@ -943,7 +943,7 @@ Rule added (v6)
+ 146: deny in on eth1:1
+
+
+-147: reject in on eth1 to 192.168.0.1 port 22
++147: reject in on eth1 to 192.168.0.1 port 13
+ WARN: Checks disabled
+ Rule added
+
+@@ -958,7 +958,7 @@ WARN: Checks disabled
+ Rule added
+
+
+-150: deny in on eth1 to 192.168.0.1 port 22 from 10.0.0.1
++150: deny in on eth1 to 192.168.0.1 port 13 from 10.0.0.1
+ WARN: Checks disabled
+ Rule added
+
+@@ -968,7 +968,7 @@ WARN: Checks disabled
+ Rule added
+
+
+-152: limit in on eth1 to 192.168.0.1 port 22 from 10.0.0.1 port 80
++152: limit in on eth1 to 192.168.0.1 port 13 from 10.0.0.1 port 80
+ WARN: Checks disabled
+ Rule added
+
+@@ -1002,12 +1002,12 @@ Status: active
+ To Action From
+ -- ------ ----
+ [ 1] Anywhere on eth1 ALLOW IN Anywhere
+-[ 2] 192.168.0.1 22 on eth1 REJECT IN Anywhere
++[ 2] 192.168.0.1 13 on eth1 REJECT IN Anywhere
+ [ 3] Anywhere on eth1 LIMIT IN 10.0.0.1 80
+ [ 4] 192.168.0.1 on eth1 ALLOW IN 10.0.0.1
+-[ 5] 192.168.0.1 22 on eth1 DENY IN 10.0.0.1
++[ 5] 192.168.0.1 13 on eth1 DENY IN 10.0.0.1
+ [ 6] 192.168.0.1 on eth1 REJECT IN 10.0.0.1 80
+-[ 7] 192.168.0.1 22 on eth1 LIMIT IN 10.0.0.1 80
++[ 7] 192.168.0.1 13 on eth1 LIMIT IN 10.0.0.1 80
+ [ 8] Anywhere on eth0 ALLOW IN Anywhere (log)
+ [ 9] 10.0.0.1 24/tcp on eth0 ALLOW IN 192.168.0.1 (log)
+ [10] 10.0.0.1 25/tcp on eth0 DENY IN 192.168.0.1 (log-all)
+@@ -1031,12 +1031,12 @@ Status: active
+ To Action From
+ -- ------ ----
+ [ 1] Anywhere on eth1 ALLOW IN Anywhere
+-[ 2] 192.168.0.1 22 on eth1 REJECT IN Anywhere
++[ 2] 192.168.0.1 13 on eth1 REJECT IN Anywhere
+ [ 3] Anywhere on eth1 LIMIT IN 10.0.0.1 80
+ [ 4] 192.168.0.1 on eth1 ALLOW IN 10.0.0.1
+-[ 5] 192.168.0.1 22 on eth1 DENY IN 10.0.0.1
++[ 5] 192.168.0.1 13 on eth1 DENY IN 10.0.0.1
+ [ 6] 192.168.0.1 on eth1 REJECT IN 10.0.0.1 80
+-[ 7] 192.168.0.1 22 on eth1 LIMIT IN 10.0.0.1 80
++[ 7] 192.168.0.1 13 on eth1 LIMIT IN 10.0.0.1 80
+ [ 8] Samba on eth2 ALLOW IN Anywhere
+ [ 9] Anywhere on eth0 ALLOW IN Anywhere (log)
+ [10] 10.0.0.1 24/tcp on eth0 ALLOW IN 192.168.0.1 (log)
+@@ -1052,9 +1052,9 @@ Status: active
+ ### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 in_eth1
+ -A ufw-user-input -i eth1 -j ACCEPT
+
+-### tuple ### reject any 22 192.168.0.1 any 0.0.0.0/0 in_eth1
+--A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -j REJECT --reject-with tcp-reset
+--A ufw-user-input -i eth1 -p udp -d 192.168.0.1 --dport 22 -j REJECT
++### tuple ### reject any 13 192.168.0.1 any 0.0.0.0/0 in_eth1
++-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 13 -j REJECT --reject-with tcp-reset
++-A ufw-user-input -i eth1 -p udp -d 192.168.0.1 --dport 13 -j REJECT
+ --
+ ### tuple ### limit any any 0.0.0.0/0 80 10.0.0.1 in_eth1
+ -A ufw-user-input -i eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
+@@ -1063,17 +1063,17 @@ Status: active
+ ### tuple ### allow any any 192.168.0.1 any 10.0.0.1 in_eth1
+ -A ufw-user-input -i eth1 -d 192.168.0.1 -s 10.0.0.1 -j ACCEPT
+
+-### tuple ### deny any 22 192.168.0.1 any 10.0.0.1 in_eth1
+--A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j DROP
+--A ufw-user-input -i eth1 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j DROP
++### tuple ### deny any 13 192.168.0.1 any 10.0.0.1 in_eth1
++-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP
++-A ufw-user-input -i eth1 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP
+ --
+ ### tuple ### reject any any 192.168.0.1 80 10.0.0.1 in_eth1
+ -A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT --reject-with tcp-reset
+ -A ufw-user-input -i eth1 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT
+ --
+-### tuple ### limit any 22 192.168.0.1 80 10.0.0.1 in_eth1
+--A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
+--A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++### tuple ### limit any 13 192.168.0.1 80 10.0.0.1 in_eth1
++-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ --
+ ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth2
+ -A ufw-user-input -i eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba'
+@@ -1124,7 +1124,7 @@ Rule deleted
+ Rule deleted (v6)
+
+
+-161: delete reject in on eth1 to 192.168.0.1 port 22
++161: delete reject in on eth1 to 192.168.0.1 port 13
+ WARN: Checks disabled
+ Rule deleted
+
+@@ -1139,7 +1139,7 @@ WARN: Checks disabled
+ Rule deleted
+
+
+-164: delete deny in on eth1 to 192.168.0.1 port 22 from 10.0.0.1
++164: delete deny in on eth1 to 192.168.0.1 port 13 from 10.0.0.1
+ WARN: Checks disabled
+ Rule deleted
+
+@@ -1149,7 +1149,7 @@ WARN: Checks disabled
+ Rule deleted
+
+
+-166: delete limit in on eth1 to 192.168.0.1 port 22 from 10.0.0.1 port 80
++166: delete limit in on eth1 to 192.168.0.1 port 13 from 10.0.0.1 port 80
+ WARN: Checks disabled
+ Rule deleted
+
+@@ -1198,7 +1198,7 @@ Rule added (v6)
+ 175: deny out on eth1:1
+
+
+-176: reject out on eth1 to 192.168.0.1 port 22
++176: reject out on eth1 to 192.168.0.1 port 13
+ WARN: Checks disabled
+ Rule added
+
+@@ -1213,7 +1213,7 @@ WARN: Checks disabled
+ Rule added
+
+
+-179: deny out on eth1 to 192.168.0.1 port 22 from 10.0.0.1
++179: deny out on eth1 to 192.168.0.1 port 13 from 10.0.0.1
+ WARN: Checks disabled
+ Rule added
+
+@@ -1223,7 +1223,7 @@ WARN: Checks disabled
+ Rule added
+
+
+-181: limit out on eth1 to 192.168.0.1 port 22 from 10.0.0.1 port 80
++181: limit out on eth1 to 192.168.0.1 port 13 from 10.0.0.1 port 80
+ WARN: Checks disabled
+ Rule added
+
+@@ -1257,12 +1257,12 @@ Status: active
+ To Action From
+ -- ------ ----
+ [ 1] Anywhere ALLOW OUT Anywhere on eth1 (out)
+-[ 2] 192.168.0.1 22 REJECT OUT Anywhere on eth1 (out)
++[ 2] 192.168.0.1 13 REJECT OUT Anywhere on eth1 (out)
+ [ 3] Anywhere LIMIT OUT 10.0.0.1 80 on eth1 (out)
+ [ 4] 192.168.0.1 ALLOW OUT 10.0.0.1 on eth1 (out)
+-[ 5] 192.168.0.1 22 DENY OUT 10.0.0.1 on eth1 (out)
++[ 5] 192.168.0.1 13 DENY OUT 10.0.0.1 on eth1 (out)
+ [ 6] 192.168.0.1 REJECT OUT 10.0.0.1 80 on eth1 (out)
+-[ 7] 192.168.0.1 22 LIMIT OUT 10.0.0.1 80 on eth1 (out)
++[ 7] 192.168.0.1 13 LIMIT OUT 10.0.0.1 80 on eth1 (out)
+ [ 8] Anywhere ALLOW OUT Anywhere on eth0 (log, out)
+ [ 9] 10.0.0.1 24/tcp ALLOW OUT 192.168.0.1 on eth0 (log, out)
+ [10] 10.0.0.1 25/tcp DENY OUT 192.168.0.1 on eth0 (log-all, out)
+@@ -1286,12 +1286,12 @@ Status: active
+ To Action From
+ -- ------ ----
+ [ 1] Anywhere ALLOW OUT Anywhere on eth1 (out)
+-[ 2] 192.168.0.1 22 REJECT OUT Anywhere on eth1 (out)
++[ 2] 192.168.0.1 13 REJECT OUT Anywhere on eth1 (out)
+ [ 3] Anywhere LIMIT OUT 10.0.0.1 80 on eth1 (out)
+ [ 4] 192.168.0.1 ALLOW OUT 10.0.0.1 on eth1 (out)
+-[ 5] 192.168.0.1 22 DENY OUT 10.0.0.1 on eth1 (out)
++[ 5] 192.168.0.1 13 DENY OUT 10.0.0.1 on eth1 (out)
+ [ 6] 192.168.0.1 REJECT OUT 10.0.0.1 80 on eth1 (out)
+-[ 7] 192.168.0.1 22 LIMIT OUT 10.0.0.1 80 on eth1 (out)
++[ 7] 192.168.0.1 13 LIMIT OUT 10.0.0.1 80 on eth1 (out)
+ [ 8] Samba ALLOW OUT Anywhere on eth2 (out)
+ [ 9] Anywhere ALLOW OUT Anywhere on eth0 (log, out)
+ [10] 10.0.0.1 24/tcp ALLOW OUT 192.168.0.1 on eth0 (log, out)
+@@ -1307,9 +1307,9 @@ Status: active
+ ### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 out_eth1
+ -A ufw-user-output -o eth1 -j ACCEPT
+
+-### tuple ### reject any 22 192.168.0.1 any 0.0.0.0/0 out_eth1
+--A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -j REJECT --reject-with tcp-reset
+--A ufw-user-output -o eth1 -p udp -d 192.168.0.1 --dport 22 -j REJECT
++### tuple ### reject any 13 192.168.0.1 any 0.0.0.0/0 out_eth1
++-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 13 -j REJECT --reject-with tcp-reset
++-A ufw-user-output -o eth1 -p udp -d 192.168.0.1 --dport 13 -j REJECT
+ --
+ ### tuple ### limit any any 0.0.0.0/0 80 10.0.0.1 out_eth1
+ -A ufw-user-output -o eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
+@@ -1318,17 +1318,17 @@ Status: active
+ ### tuple ### allow any any 192.168.0.1 any 10.0.0.1 out_eth1
+ -A ufw-user-output -o eth1 -d 192.168.0.1 -s 10.0.0.1 -j ACCEPT
+
+-### tuple ### deny any 22 192.168.0.1 any 10.0.0.1 out_eth1
+--A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j DROP
+--A ufw-user-output -o eth1 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j DROP
++### tuple ### deny any 13 192.168.0.1 any 10.0.0.1 out_eth1
++-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP
++-A ufw-user-output -o eth1 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP
+ --
+ ### tuple ### reject any any 192.168.0.1 80 10.0.0.1 out_eth1
+ -A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT --reject-with tcp-reset
+ -A ufw-user-output -o eth1 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT
+ --
+-### tuple ### limit any 22 192.168.0.1 80 10.0.0.1 out_eth1
+--A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
+--A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++### tuple ### limit any 13 192.168.0.1 80 10.0.0.1 out_eth1
++-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ --
+ ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - out_eth2
+ -A ufw-user-output -o eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba'
+@@ -1379,7 +1379,7 @@ Rule deleted
+ Rule deleted (v6)
+
+
+-190: delete reject out on eth1 to 192.168.0.1 port 22
++190: delete reject out on eth1 to 192.168.0.1 port 13
+ WARN: Checks disabled
+ Rule deleted
+
+@@ -1394,7 +1394,7 @@ WARN: Checks disabled
+ Rule deleted
+
+
+-193: delete deny out on eth1 to 192.168.0.1 port 22 from 10.0.0.1
++193: delete deny out on eth1 to 192.168.0.1 port 13 from 10.0.0.1
+ WARN: Checks disabled
+ Rule deleted
+
+@@ -1404,7 +1404,7 @@ WARN: Checks disabled
+ Rule deleted
+
+
+-195: delete limit out on eth1 to 192.168.0.1 port 22 from 10.0.0.1 port 80
++195: delete limit out on eth1 to 192.168.0.1 port 13 from 10.0.0.1 port 80
+ WARN: Checks disabled
+ Rule deleted
+
+@@ -1452,7 +1452,7 @@ Rule added
+ 204: deny in on eth1:1
+
+
+-205: reject in on eth1 to 192.168.0.1 port 22
++205: reject in on eth1 to 192.168.0.1 port 13
+ WARN: Checks disabled
+ Rule added
+
+@@ -1467,7 +1467,7 @@ WARN: Checks disabled
+ Rule added
+
+
+-208: deny in on eth1 to 192.168.0.1 port 22 from 10.0.0.1
++208: deny in on eth1 to 192.168.0.1 port 13 from 10.0.0.1
+ WARN: Checks disabled
+ Rule added
+
+@@ -1477,7 +1477,7 @@ WARN: Checks disabled
+ Rule added
+
+
+-210: limit in on eth1 to 192.168.0.1 port 22 from 10.0.0.1 port 80
++210: limit in on eth1 to 192.168.0.1 port 13 from 10.0.0.1 port 80
+ WARN: Checks disabled
+ Rule added
+
+@@ -1509,12 +1509,12 @@ Status: active
+ To Action From
+ -- ------ ----
+ [ 1] Anywhere on eth1 ALLOW IN Anywhere
+-[ 2] 192.168.0.1 22 on eth1 REJECT IN Anywhere
++[ 2] 192.168.0.1 13 on eth1 REJECT IN Anywhere
+ [ 3] Anywhere on eth1 LIMIT IN 10.0.0.1 80
+ [ 4] 192.168.0.1 on eth1 ALLOW IN 10.0.0.1
+-[ 5] 192.168.0.1 22 on eth1 DENY IN 10.0.0.1
++[ 5] 192.168.0.1 13 on eth1 DENY IN 10.0.0.1
+ [ 6] 192.168.0.1 on eth1 REJECT IN 10.0.0.1 80
+-[ 7] 192.168.0.1 22 on eth1 LIMIT IN 10.0.0.1 80
++[ 7] 192.168.0.1 13 on eth1 LIMIT IN 10.0.0.1 80
+ [ 8] Anywhere on eth0 ALLOW IN Anywhere (log)
+ [ 9] 10.0.0.1 24/tcp on eth0 ALLOW IN 192.168.0.1 (log)
+ [10] 10.0.0.1 25/tcp on eth0 DENY IN 192.168.0.1 (log-all)
+@@ -1534,12 +1534,12 @@ Status: active
+ To Action From
+ -- ------ ----
+ [ 1] Anywhere on eth1 ALLOW IN Anywhere
+-[ 2] 192.168.0.1 22 on eth1 REJECT IN Anywhere
++[ 2] 192.168.0.1 13 on eth1 REJECT IN Anywhere
+ [ 3] Anywhere on eth1 LIMIT IN 10.0.0.1 80
+ [ 4] 192.168.0.1 on eth1 ALLOW IN 10.0.0.1
+-[ 5] 192.168.0.1 22 on eth1 DENY IN 10.0.0.1
++[ 5] 192.168.0.1 13 on eth1 DENY IN 10.0.0.1
+ [ 6] 192.168.0.1 on eth1 REJECT IN 10.0.0.1 80
+-[ 7] 192.168.0.1 22 on eth1 LIMIT IN 10.0.0.1 80
++[ 7] 192.168.0.1 13 on eth1 LIMIT IN 10.0.0.1 80
+ [ 8] Samba on eth2 ALLOW IN Anywhere
+ [ 9] Anywhere on eth0 ALLOW IN Anywhere (log)
+ [10] 10.0.0.1 24/tcp on eth0 ALLOW IN 192.168.0.1 (log)
+@@ -1551,9 +1551,9 @@ Status: active
+ ### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 in_eth1
+ -A ufw-user-input -i eth1 -j ACCEPT
+
+-### tuple ### reject any 22 192.168.0.1 any 0.0.0.0/0 in_eth1
+--A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -j REJECT --reject-with tcp-reset
+--A ufw-user-input -i eth1 -p udp -d 192.168.0.1 --dport 22 -j REJECT
++### tuple ### reject any 13 192.168.0.1 any 0.0.0.0/0 in_eth1
++-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 13 -j REJECT --reject-with tcp-reset
++-A ufw-user-input -i eth1 -p udp -d 192.168.0.1 --dport 13 -j REJECT
+ --
+ ### tuple ### limit any any 0.0.0.0/0 80 10.0.0.1 in_eth1
+ -A ufw-user-input -i eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
+@@ -1562,17 +1562,17 @@ Status: active
+ ### tuple ### allow any any 192.168.0.1 any 10.0.0.1 in_eth1
+ -A ufw-user-input -i eth1 -d 192.168.0.1 -s 10.0.0.1 -j ACCEPT
+
+-### tuple ### deny any 22 192.168.0.1 any 10.0.0.1 in_eth1
+--A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j DROP
+--A ufw-user-input -i eth1 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j DROP
++### tuple ### deny any 13 192.168.0.1 any 10.0.0.1 in_eth1
++-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP
++-A ufw-user-input -i eth1 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP
+ --
+ ### tuple ### reject any any 192.168.0.1 80 10.0.0.1 in_eth1
+ -A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT --reject-with tcp-reset
+ -A ufw-user-input -i eth1 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT
+ --
+-### tuple ### limit any 22 192.168.0.1 80 10.0.0.1 in_eth1
+--A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
+--A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++### tuple ### limit any 13 192.168.0.1 80 10.0.0.1 in_eth1
++-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -i eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ --
+ ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - in_eth2
+ -A ufw-user-input -i eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba'
+@@ -1603,7 +1603,7 @@ WARN: Checks disabled
+ Rule deleted
+
+
+-219: delete reject in on eth1 to 192.168.0.1 port 22
++219: delete reject in on eth1 to 192.168.0.1 port 13
+ WARN: Checks disabled
+ Rule deleted
+
+@@ -1618,7 +1618,7 @@ WARN: Checks disabled
+ Rule deleted
+
+
+-222: delete deny in on eth1 to 192.168.0.1 port 22 from 10.0.0.1
++222: delete deny in on eth1 to 192.168.0.1 port 13 from 10.0.0.1
+ WARN: Checks disabled
+ Rule deleted
+
+@@ -1628,7 +1628,7 @@ WARN: Checks disabled
+ Rule deleted
+
+
+-224: delete limit in on eth1 to 192.168.0.1 port 22 from 10.0.0.1 port 80
++224: delete limit in on eth1 to 192.168.0.1 port 13 from 10.0.0.1 port 80
+ WARN: Checks disabled
+ Rule deleted
+
+@@ -1673,7 +1673,7 @@ Rule added
+ 233: deny out on eth1:1
+
+
+-234: reject out on eth1 to 192.168.0.1 port 22
++234: reject out on eth1 to 192.168.0.1 port 13
+ WARN: Checks disabled
+ Rule added
+
+@@ -1688,7 +1688,7 @@ WARN: Checks disabled
+ Rule added
+
+
+-237: deny out on eth1 to 192.168.0.1 port 22 from 10.0.0.1
++237: deny out on eth1 to 192.168.0.1 port 13 from 10.0.0.1
+ WARN: Checks disabled
+ Rule added
+
+@@ -1698,7 +1698,7 @@ WARN: Checks disabled
+ Rule added
+
+
+-239: limit out on eth1 to 192.168.0.1 port 22 from 10.0.0.1 port 80
++239: limit out on eth1 to 192.168.0.1 port 13 from 10.0.0.1 port 80
+ WARN: Checks disabled
+ Rule added
+
+@@ -1730,12 +1730,12 @@ Status: active
+ To Action From
+ -- ------ ----
+ [ 1] Anywhere ALLOW OUT Anywhere on eth1 (out)
+-[ 2] 192.168.0.1 22 REJECT OUT Anywhere on eth1 (out)
++[ 2] 192.168.0.1 13 REJECT OUT Anywhere on eth1 (out)
+ [ 3] Anywhere LIMIT OUT 10.0.0.1 80 on eth1 (out)
+ [ 4] 192.168.0.1 ALLOW OUT 10.0.0.1 on eth1 (out)
+-[ 5] 192.168.0.1 22 DENY OUT 10.0.0.1 on eth1 (out)
++[ 5] 192.168.0.1 13 DENY OUT 10.0.0.1 on eth1 (out)
+ [ 6] 192.168.0.1 REJECT OUT 10.0.0.1 80 on eth1 (out)
+-[ 7] 192.168.0.1 22 LIMIT OUT 10.0.0.1 80 on eth1 (out)
++[ 7] 192.168.0.1 13 LIMIT OUT 10.0.0.1 80 on eth1 (out)
+ [ 8] Anywhere ALLOW OUT Anywhere on eth0 (log, out)
+ [ 9] 10.0.0.1 24/tcp ALLOW OUT 192.168.0.1 on eth0 (log, out)
+ [10] 10.0.0.1 25/tcp DENY OUT 192.168.0.1 on eth0 (log-all, out)
+@@ -1755,12 +1755,12 @@ Status: active
+ To Action From
+ -- ------ ----
+ [ 1] Anywhere ALLOW OUT Anywhere on eth1 (out)
+-[ 2] 192.168.0.1 22 REJECT OUT Anywhere on eth1 (out)
++[ 2] 192.168.0.1 13 REJECT OUT Anywhere on eth1 (out)
+ [ 3] Anywhere LIMIT OUT 10.0.0.1 80 on eth1 (out)
+ [ 4] 192.168.0.1 ALLOW OUT 10.0.0.1 on eth1 (out)
+-[ 5] 192.168.0.1 22 DENY OUT 10.0.0.1 on eth1 (out)
++[ 5] 192.168.0.1 13 DENY OUT 10.0.0.1 on eth1 (out)
+ [ 6] 192.168.0.1 REJECT OUT 10.0.0.1 80 on eth1 (out)
+-[ 7] 192.168.0.1 22 LIMIT OUT 10.0.0.1 80 on eth1 (out)
++[ 7] 192.168.0.1 13 LIMIT OUT 10.0.0.1 80 on eth1 (out)
+ [ 8] Samba ALLOW OUT Anywhere on eth2 (out)
+ [ 9] Anywhere ALLOW OUT Anywhere on eth0 (log, out)
+ [10] 10.0.0.1 24/tcp ALLOW OUT 192.168.0.1 on eth0 (log, out)
+@@ -1772,9 +1772,9 @@ Status: active
+ ### tuple ### allow any any 0.0.0.0/0 any 0.0.0.0/0 out_eth1
+ -A ufw-user-output -o eth1 -j ACCEPT
+
+-### tuple ### reject any 22 192.168.0.1 any 0.0.0.0/0 out_eth1
+--A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -j REJECT --reject-with tcp-reset
+--A ufw-user-output -o eth1 -p udp -d 192.168.0.1 --dport 22 -j REJECT
++### tuple ### reject any 13 192.168.0.1 any 0.0.0.0/0 out_eth1
++-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 13 -j REJECT --reject-with tcp-reset
++-A ufw-user-output -o eth1 -p udp -d 192.168.0.1 --dport 13 -j REJECT
+ --
+ ### tuple ### limit any any 0.0.0.0/0 80 10.0.0.1 out_eth1
+ -A ufw-user-output -o eth1 -p tcp -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
+@@ -1783,17 +1783,17 @@ Status: active
+ ### tuple ### allow any any 192.168.0.1 any 10.0.0.1 out_eth1
+ -A ufw-user-output -o eth1 -d 192.168.0.1 -s 10.0.0.1 -j ACCEPT
+
+-### tuple ### deny any 22 192.168.0.1 any 10.0.0.1 out_eth1
+--A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j DROP
+--A ufw-user-output -o eth1 -p udp -d 192.168.0.1 --dport 22 -s 10.0.0.1 -j DROP
++### tuple ### deny any 13 192.168.0.1 any 10.0.0.1 out_eth1
++-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP
++-A ufw-user-output -o eth1 -p udp -d 192.168.0.1 --dport 13 -s 10.0.0.1 -j DROP
+ --
+ ### tuple ### reject any any 192.168.0.1 80 10.0.0.1 out_eth1
+ -A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT --reject-with tcp-reset
+ -A ufw-user-output -o eth1 -p udp -d 192.168.0.1 -s 10.0.0.1 --sport 80 -j REJECT
+ --
+-### tuple ### limit any 22 192.168.0.1 80 10.0.0.1 out_eth1
+--A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
+--A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 22 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++### tuple ### limit any 13 192.168.0.1 80 10.0.0.1 out_eth1
++-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-output -o eth1 -p tcp -d 192.168.0.1 --dport 13 -s 10.0.0.1 --sport 80 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ --
+ ### tuple ### allow udp 137,138 0.0.0.0/0 any 0.0.0.0/0 Samba - out_eth2
+ -A ufw-user-output -o eth2 -p udp -m multiport --dports 137,138 -j ACCEPT -m comment --comment 'dapp_Samba'
+@@ -1824,7 +1824,7 @@ WARN: Checks disabled
+ Rule deleted
+
+
+-248: delete reject out on eth1 to 192.168.0.1 port 22
++248: delete reject out on eth1 to 192.168.0.1 port 13
+ WARN: Checks disabled
+ Rule deleted
+
+@@ -1839,7 +1839,7 @@ WARN: Checks disabled
+ Rule deleted
+
+
+-251: delete deny out on eth1 to 192.168.0.1 port 22 from 10.0.0.1
++251: delete deny out on eth1 to 192.168.0.1 port 13 from 10.0.0.1
+ WARN: Checks disabled
+ Rule deleted
+
+@@ -1849,7 +1849,7 @@ WARN: Checks disabled
+ Rule deleted
+
+
+-253: delete limit out on eth1 to 192.168.0.1 port 22 from 10.0.0.1 port 80
++253: delete limit out on eth1 to 192.168.0.1 port 13 from 10.0.0.1 port 80
+ WARN: Checks disabled
+ Rule deleted
+
+@@ -2591,7 +2591,7 @@ Verify secondary chains
+ 494: disable
+
+
+-495: allow 22/tcp
++495: allow 13/tcp
+
+
+ 496: enable
+@@ -2675,7 +2675,7 @@ Verify secondary chains
+ 522: enable
+
+
+-523: delete allow 22/tcp
++523: delete allow 13/tcp
+
+
+ Reset test
+@@ -3033,7 +3033,7 @@ Setting IPV6 to yes
+ 588: enable
+
+
+-589: limit 22/tcp
++589: limit 13/tcp
+
+
+ 590: allow in on eth0 to 2001::211:aaaa:bbbb:d54c port 123 proto tcp
+@@ -3045,12 +3045,12 @@ Setting IPV6 to yes
+ 592: show added
+ WARN: Checks disabled
+ Added user rules (see 'ufw status' for running firewall):
+-ufw limit 22/tcp
++ufw limit 13/tcp
+ ufw deny Samba
+ ufw allow in on eth0 to 2001::211:aaaa:bbbb:d54c port 123 proto tcp
+
+
+-593: delete limit 22/tcp
++593: delete limit 13/tcp
+
+
+ 594: delete allow in on eth0 to 2001::211:aaaa:bbbb:d54c port 123 proto tcp
+@@ -3072,7 +3072,7 @@ Setting IPV6 to no
+ 598: enable
+
+
+-599: limit 22/tcp
++599: limit 13/tcp
+
+
+ 600: deny Samba
+@@ -3081,11 +3081,11 @@ Setting IPV6 to no
+ 601: show added
+ WARN: Checks disabled
+ Added user rules (see 'ufw status' for running firewall):
+-ufw limit 22/tcp
++ufw limit 13/tcp
+ ufw deny Samba
+
+
+-602: delete limit 22/tcp
++602: delete limit 13/tcp
+
+
+ 603: delete deny Samba
+diff --git a/tests/root/live/runtest.sh b/tests/root/live/runtest.sh
+index 3dd4e35..228e3e6 100755
+--- a/tests/root/live/runtest.sh
++++ b/tests/root/live/runtest.sh
+@@ -43,7 +43,7 @@ do
+ do_cmd "0" allow from 192.168.0.0/16
+ do_cmd "0" deny proto udp from 1.2.3.4 to any port 514
+ do_cmd "0" allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469
+- do_cmd "0" limit 22/tcp
++ do_cmd "0" limit 13/tcp
+ if [ "$ipv6" = "yes" ]; then
+ do_cmd "0" deny proto tcp from 2001:db8::/32 to any port 25
+ do_cmd "0" deny from 2001:db8::/32 port 26 to 2001:db8:3:4:5:6:7:8
+@@ -63,7 +63,7 @@ do
+ do_cmd "0" delete allow from 192.168.0.0/16
+ do_cmd "0" delete deny proto udp from 1.2.3.4 to any port 514
+ do_cmd "0" delete allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469
+- do_cmd "0" delete limit 22/tcp
++ do_cmd "0" delete limit 13/tcp
+ if [ "$ipv6" = "yes" ]; then
+ do_cmd "0" delete deny proto tcp from 2001:db8::/32 to any port 25
+ do_cmd "0" delete deny from 2001:db8::/32 port 26 to 2001:db8:3:4:5:6:7:8
+@@ -132,7 +132,7 @@ do
+ do_cmd "0" allow from 192.168.0.0/16
+ do_cmd "0" deny proto udp from 1.2.3.4 to any port 514
+ do_cmd "0" allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469
+- do_cmd "0" limit 22/tcp
++ do_cmd "0" limit 13/tcp
+ if [ "$ipv6" = "yes" ]; then
+ do_cmd "0" deny proto tcp from 2001:db8::/32 to any port 25
+ do_cmd "0" deny from 2001:db8::/32 port 26 to 2001:db8:3:4:5:6:7:8
+@@ -149,7 +149,7 @@ do
+ do_cmd "0" delete allow from 192.168.0.0/16
+ do_cmd "0" delete deny proto udp from 1.2.3.4 to any port 514
+ do_cmd "0" delete allow proto udp from 1.2.3.5 port 5469 to 1.2.3.4 port 5469
+- do_cmd "0" delete limit 22/tcp
++ do_cmd "0" delete limit 13/tcp
+ if [ "$ipv6" = "yes" ]; then
+ do_cmd "0" delete deny proto tcp from 2001:db8::/32 to any port 25
+ do_cmd "0" delete deny from 2001:db8::/32 port 26 to 2001:db8:3:4:5:6:7:8
+@@ -168,12 +168,12 @@ do
+
+ do_cmd "0" allow $i on eth1
+ do_cmd "1" null deny $i on eth1:1
+- do_cmd "0" reject $i on eth1 to 192.168.0.1 port 22
++ do_cmd "0" reject $i on eth1 to 192.168.0.1 port 13
+ do_cmd "0" limit $i on eth1 from 10.0.0.1 port 80
+ do_cmd "0" allow $i on eth1 to 192.168.0.1 from 10.0.0.1
+- do_cmd "0" deny $i on eth1 to 192.168.0.1 port 22 from 10.0.0.1
++ do_cmd "0" deny $i on eth1 to 192.168.0.1 port 13 from 10.0.0.1
+ do_cmd "0" reject $i on eth1 to 192.168.0.1 from 10.0.0.1 port 80
+- do_cmd "0" limit $i on eth1 to 192.168.0.1 port 22 from 10.0.0.1 port 80
++ do_cmd "0" limit $i on eth1 to 192.168.0.1 port 13 from 10.0.0.1 port 80
+
+ do_cmd "0" allow $i on eth0 log
+ do_cmd "0" allow $i on eth0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp
+@@ -189,12 +189,12 @@ do
+
+ # delete what we added
+ do_cmd "0" delete allow $i on eth1
+- do_cmd "0" delete reject $i on eth1 to 192.168.0.1 port 22
++ do_cmd "0" delete reject $i on eth1 to 192.168.0.1 port 13
+ do_cmd "0" delete limit $i on eth1 from 10.0.0.1 port 80
+ do_cmd "0" delete allow $i on eth1 to 192.168.0.1 from 10.0.0.1
+- do_cmd "0" delete deny $i on eth1 to 192.168.0.1 port 22 from 10.0.0.1
++ do_cmd "0" delete deny $i on eth1 to 192.168.0.1 port 13 from 10.0.0.1
+ do_cmd "0" delete reject $i on eth1 to 192.168.0.1 from 10.0.0.1 port 80
+- do_cmd "0" delete limit $i on eth1 to 192.168.0.1 port 22 from 10.0.0.1 port 80
++ do_cmd "0" delete limit $i on eth1 to 192.168.0.1 port 13 from 10.0.0.1 port 80
+
+ do_cmd "0" delete allow $i on eth0 log
+ do_cmd "0" delete allow $i on eth0 log from 192.168.0.1 to 10.0.0.1 port 24 proto tcp
+@@ -312,7 +312,7 @@ do_cmd "0" nostats disable
+ echo "'Resource temporarily unavailable' test" >> $TESTTMP/result
+ do_cmd "0" nostats disable
+ $TESTSTATE/ufw-init flush-all >/dev/null
+-do_cmd "0" nostats allow 22/tcp
++do_cmd "0" nostats allow 13/tcp
+ do_cmd "0" nostats enable
+ $TESTSTATE/ufw-init stop >/dev/null
+ for i in `seq 1 25`; do
+@@ -327,7 +327,7 @@ for i in `seq 1 25`; do
+ let count=count+1
+ done
+ do_cmd "0" nostats enable
+-do_cmd "0" nostats delete allow 22/tcp
++do_cmd "0" nostats delete allow 13/tcp
+
+ echo "Reset test" >> $TESTTMP/result
+ do_cmd "0" nostats enable
+@@ -445,13 +445,13 @@ do
+ sed -i "s/IPV6=.*/IPV6=$ipv6/" $TESTPATH/etc/default/ufw
+ do_cmd "0" nostats disable
+ do_cmd "0" nostats enable
+- do_cmd "0" nostats limit 22/tcp
++ do_cmd "0" nostats limit 13/tcp
+ if [ "$ipv6" = "yes" ]; then
+ do_cmd "0" nostats allow in on eth0 to 2001::211:aaaa:bbbb:d54c port 123 proto tcp
+ fi
+ do_cmd "0" nostats deny Samba
+ do_cmd "0" show added
+- do_cmd "0" nostats delete limit 22/tcp
++ do_cmd "0" nostats delete limit 13/tcp
+ if [ "$ipv6" = "yes" ]; then
+ do_cmd "0" nostats delete allow in on eth0 to 2001::211:aaaa:bbbb:d54c port 123 proto tcp
+ fi
+diff --git a/tests/root/live_apps/result b/tests/root/live_apps/result
+index cb97ffb..1d9338e 100644
+--- a/tests/root/live_apps/result
++++ b/tests/root/live_apps/result
+@@ -31,7 +31,7 @@ Rule added
+ Rule added (v6)
+
+
+-6: allow to any app Samba from any port 22
++6: allow to any app Samba from any port 13
+ WARN: Checks disabled
+ Rule added
+ Rule added (v6)
+@@ -58,7 +58,7 @@ WARN: Checks disabled
+ Rule added (v6)
+
+
+-11: allow to 2001:db8::/32 app Samba from 2001:db8::/32 port 22
++11: allow to 2001:db8::/32 app Samba from 2001:db8::/32 port 13
+ WARN: Checks disabled
+ Rule added (v6)
+
+@@ -78,18 +78,18 @@ Apache ALLOW Anywhere
+ Samba ALLOW Anywhere
+ Anywhere ALLOW Samba
+ Samba ALLOW Bind9
+-Samba ALLOW 22
++Samba ALLOW 13
+ Apache ALLOW 88
+ Apache (v6) ALLOW Anywhere (v6)
+ Samba (v6) ALLOW Anywhere (v6)
+ Anywhere (v6) ALLOW Samba (v6)
+ Samba (v6) ALLOW Bind9 (v6)
+-Samba (v6) ALLOW 22
++Samba (v6) ALLOW 13
+ Apache (v6) ALLOW 88
+ 2001:db8::/32 Samba ALLOW Anywhere (v6)
+ Anywhere (v6) ALLOW 2001:db8::/32 Samba
+ 2001:db8::/32 Samba ALLOW 2001:db8::/32 Bind9
+-2001:db8::/32 Samba ALLOW 2001:db8::/32 22
++2001:db8::/32 Samba ALLOW 2001:db8::/32 13
+ 2001:db8::/32 Apache ALLOW 2001:db8::/32 88
+
+
+@@ -110,8 +110,8 @@ Anywhere ALLOW IN 137,138/udp (Samba)
+ Anywhere ALLOW IN 139,445/tcp (Samba)
+ 137,138/udp (Samba) ALLOW IN 53/udp (Bind9)
+ 139,445/tcp (Samba) ALLOW IN 53/tcp (Bind9)
+-137,138/udp (Samba) ALLOW IN 22/udp
+-139,445/tcp (Samba) ALLOW IN 22/tcp
++137,138/udp (Samba) ALLOW IN 13/udp
++139,445/tcp (Samba) ALLOW IN 13/tcp
+ 80/tcp (Apache) ALLOW IN 88/tcp
+ 80/tcp (Apache (v6)) ALLOW IN Anywhere (v6)
+ 137,138/udp (Samba (v6)) ALLOW IN Anywhere (v6)
+@@ -120,8 +120,8 @@ Anywhere (v6) ALLOW IN 137,138/udp (Samba (v6))
+ Anywhere (v6) ALLOW IN 139,445/tcp (Samba (v6))
+ 137,138/udp (Samba (v6)) ALLOW IN 53/udp (Bind9 (v6))
+ 139,445/tcp (Samba (v6)) ALLOW IN 53/tcp (Bind9 (v6))
+-137,138/udp (Samba (v6)) ALLOW IN 22/udp
+-139,445/tcp (Samba (v6)) ALLOW IN 22/tcp
++137,138/udp (Samba (v6)) ALLOW IN 13/udp
++139,445/tcp (Samba (v6)) ALLOW IN 13/tcp
+ 80/tcp (Apache (v6)) ALLOW IN 88/tcp
+ 2001:db8::/32 137,138/udp (Samba) ALLOW IN Anywhere (v6)
+ 2001:db8::/32 139,445/tcp (Samba) ALLOW IN Anywhere (v6)
+@@ -129,8 +129,8 @@ Anywhere (v6) ALLOW IN 2001:db8::/32 137,138/udp (Samba)
+ Anywhere (v6) ALLOW IN 2001:db8::/32 139,445/tcp (Samba)
+ 2001:db8::/32 137,138/udp (Samba) ALLOW IN 2001:db8::/32 53/udp (Bind9)
+ 2001:db8::/32 139,445/tcp (Samba) ALLOW IN 2001:db8::/32 53/tcp (Bind9)
+-2001:db8::/32 137,138/udp (Samba) ALLOW IN 2001:db8::/32 22/udp
+-2001:db8::/32 139,445/tcp (Samba) ALLOW IN 2001:db8::/32 22/tcp
++2001:db8::/32 137,138/udp (Samba) ALLOW IN 2001:db8::/32 13/udp
++2001:db8::/32 139,445/tcp (Samba) ALLOW IN 2001:db8::/32 13/tcp
+ 2001:db8::/32 80/tcp (Apache) ALLOW IN 2001:db8::/32 88/tcp
+
+
+@@ -159,7 +159,7 @@ Rule deleted
+ Rule deleted (v6)
+
+
+-19: delete allow to any app Samba from any port 22
++19: delete allow to any app Samba from any port 13
+ WARN: Checks disabled
+ Rule deleted
+ Rule deleted (v6)
+@@ -186,7 +186,7 @@ WARN: Checks disabled
+ Rule deleted (v6)
+
+
+-24: delete allow to 2001:db8::/32 app Samba from 2001:db8::/32 port 22
++24: delete allow to 2001:db8::/32 app Samba from 2001:db8::/32 port 13
+ WARN: Checks disabled
+ Rule deleted (v6)
+
+@@ -228,7 +228,7 @@ WARN: Checks disabled
+ Rule added
+
+
+-33: allow to any app Samba from any port 22
++33: allow to any app Samba from any port 13
+ WARN: Checks disabled
+ Rule added
+
+@@ -253,7 +253,7 @@ WARN: Checks disabled
+ Rule added
+
+
+-38: allow to 192.168.2.0/24 app Samba from 192.168.2.0/24 port 22
++38: allow to 192.168.2.0/24 app Samba from 192.168.2.0/24 port 13
+ WARN: Checks disabled
+ Rule added
+
+@@ -273,12 +273,12 @@ Apache ALLOW Anywhere
+ Samba ALLOW Anywhere
+ Anywhere ALLOW Samba
+ Samba ALLOW Bind9
+-Samba ALLOW 22
++Samba ALLOW 13
+ Apache ALLOW 88
+ 192.168.2.0/24 Samba ALLOW Anywhere
+ Anywhere ALLOW 192.168.2.0/24 Samba
+ 192.168.2.0/24 Samba ALLOW 192.168.2.0/24 Bind9
+-192.168.2.0/24 Samba ALLOW 192.168.2.0/24 22
++192.168.2.0/24 Samba ALLOW 192.168.2.0/24 13
+ 192.168.2.0/24 Apache ALLOW 192.168.2.0/24 88
+
+
+@@ -299,8 +299,8 @@ Anywhere ALLOW IN 137,138/udp (Samba)
+ Anywhere ALLOW IN 139,445/tcp (Samba)
+ 137,138/udp (Samba) ALLOW IN 53/udp (Bind9)
+ 139,445/tcp (Samba) ALLOW IN 53/tcp (Bind9)
+-137,138/udp (Samba) ALLOW IN 22/udp
+-139,445/tcp (Samba) ALLOW IN 22/tcp
++137,138/udp (Samba) ALLOW IN 13/udp
++139,445/tcp (Samba) ALLOW IN 13/tcp
+ 80/tcp (Apache) ALLOW IN 88/tcp
+ 192.168.2.0/24 137,138/udp (Samba) ALLOW IN Anywhere
+ 192.168.2.0/24 139,445/tcp (Samba) ALLOW IN Anywhere
+@@ -308,8 +308,8 @@ Anywhere ALLOW IN 192.168.2.0/24 137,138/udp (Samba)
+ Anywhere ALLOW IN 192.168.2.0/24 139,445/tcp (Samba)
+ 192.168.2.0/24 137,138/udp (Samba) ALLOW IN 192.168.2.0/24 53/udp (Bind9)
+ 192.168.2.0/24 139,445/tcp (Samba) ALLOW IN 192.168.2.0/24 53/tcp (Bind9)
+-192.168.2.0/24 137,138/udp (Samba) ALLOW IN 192.168.2.0/24 22/udp
+-192.168.2.0/24 139,445/tcp (Samba) ALLOW IN 192.168.2.0/24 22/tcp
++192.168.2.0/24 137,138/udp (Samba) ALLOW IN 192.168.2.0/24 13/udp
++192.168.2.0/24 139,445/tcp (Samba) ALLOW IN 192.168.2.0/24 13/tcp
+ 192.168.2.0/24 80/tcp (Apache) ALLOW IN 192.168.2.0/24 88/tcp
+
+
+@@ -334,7 +334,7 @@ WARN: Checks disabled
+ Rule deleted
+
+
+-46: delete allow to any app Samba from any port 22
++46: delete allow to any app Samba from any port 13
+ WARN: Checks disabled
+ Rule deleted
+
+@@ -359,7 +359,7 @@ WARN: Checks disabled
+ Rule deleted
+
+
+-51: delete allow to 192.168.2.0/24 app Samba from 192.168.2.0/24 port 22
++51: delete allow to 192.168.2.0/24 app Samba from 192.168.2.0/24 port 13
+ WARN: Checks disabled
+ Rule deleted
+
+@@ -406,7 +406,7 @@ Rule added
+ Rule added (v6)
+
+
+-60: allow to any app Samba from any port 22
++60: allow to any app Samba from any port 13
+ WARN: Checks disabled
+ Rule added
+ Rule added (v6)
+@@ -433,7 +433,7 @@ WARN: Checks disabled
+ Rule added (v6)
+
+
+-65: allow to 2001:db8::/32 app Samba from 2001:db8::/32 port 22
++65: allow to 2001:db8::/32 app Samba from 2001:db8::/32 port 13
+ WARN: Checks disabled
+ Rule added (v6)
+
+@@ -453,18 +453,18 @@ Apache ALLOW Anywhere
+ Samba ALLOW Anywhere
+ Anywhere ALLOW Samba
+ Samba ALLOW Bind9
+-Samba ALLOW 22
++Samba ALLOW 13
+ Apache ALLOW 88
+ Apache (v6) ALLOW Anywhere (v6)
+ Samba (v6) ALLOW Anywhere (v6)
+ Anywhere (v6) ALLOW Samba (v6)
+ Samba (v6) ALLOW Bind9 (v6)
+-Samba (v6) ALLOW 22
++Samba (v6) ALLOW 13
+ Apache (v6) ALLOW 88
+ 2001:db8::/32 Samba ALLOW Anywhere (v6)
+ Anywhere (v6) ALLOW 2001:db8::/32 Samba
+ 2001:db8::/32 Samba ALLOW 2001:db8::/32 Bind9
+-2001:db8::/32 Samba ALLOW 2001:db8::/32 22
++2001:db8::/32 Samba ALLOW 2001:db8::/32 13
+ 2001:db8::/32 Apache ALLOW 2001:db8::/32 88
+
+
+@@ -485,8 +485,8 @@ Anywhere ALLOW IN 137,138/udp (Samba)
+ Anywhere ALLOW IN 139,445/tcp (Samba)
+ 137,138/udp (Samba) ALLOW IN 53/udp (Bind9)
+ 139,445/tcp (Samba) ALLOW IN 53/tcp (Bind9)
+-137,138/udp (Samba) ALLOW IN 22/udp
+-139,445/tcp (Samba) ALLOW IN 22/tcp
++137,138/udp (Samba) ALLOW IN 13/udp
++139,445/tcp (Samba) ALLOW IN 13/tcp
+ 80/tcp (Apache) ALLOW IN 88/tcp
+ 80/tcp (Apache (v6)) ALLOW IN Anywhere (v6)
+ 137,138/udp (Samba (v6)) ALLOW IN Anywhere (v6)
+@@ -495,8 +495,8 @@ Anywhere (v6) ALLOW IN 137,138/udp (Samba (v6))
+ Anywhere (v6) ALLOW IN 139,445/tcp (Samba (v6))
+ 137,138/udp (Samba (v6)) ALLOW IN 53/udp (Bind9 (v6))
+ 139,445/tcp (Samba (v6)) ALLOW IN 53/tcp (Bind9 (v6))
+-137,138/udp (Samba (v6)) ALLOW IN 22/udp
+-139,445/tcp (Samba (v6)) ALLOW IN 22/tcp
++137,138/udp (Samba (v6)) ALLOW IN 13/udp
++139,445/tcp (Samba (v6)) ALLOW IN 13/tcp
+ 80/tcp (Apache (v6)) ALLOW IN 88/tcp
+ 2001:db8::/32 137,138/udp (Samba) ALLOW IN Anywhere (v6)
+ 2001:db8::/32 139,445/tcp (Samba) ALLOW IN Anywhere (v6)
+@@ -504,8 +504,8 @@ Anywhere (v6) ALLOW IN 2001:db8::/32 137,138/udp (Samba)
+ Anywhere (v6) ALLOW IN 2001:db8::/32 139,445/tcp (Samba)
+ 2001:db8::/32 137,138/udp (Samba) ALLOW IN 2001:db8::/32 53/udp (Bind9)
+ 2001:db8::/32 139,445/tcp (Samba) ALLOW IN 2001:db8::/32 53/tcp (Bind9)
+-2001:db8::/32 137,138/udp (Samba) ALLOW IN 2001:db8::/32 22/udp
+-2001:db8::/32 139,445/tcp (Samba) ALLOW IN 2001:db8::/32 22/tcp
++2001:db8::/32 137,138/udp (Samba) ALLOW IN 2001:db8::/32 13/udp
++2001:db8::/32 139,445/tcp (Samba) ALLOW IN 2001:db8::/32 13/tcp
+ 2001:db8::/32 80/tcp (Apache) ALLOW IN 2001:db8::/32 88/tcp
+
+
+@@ -532,18 +532,18 @@ Apache ALLOW Anywhere
+ Samba ALLOW Anywhere
+ Anywhere ALLOW Samba
+ Samba ALLOW Bind9
+-Samba ALLOW 22
++Samba ALLOW 13
+ Apache ALLOW 88
+ Apache (v6) ALLOW Anywhere (v6)
+ Samba (v6) ALLOW Anywhere (v6)
+ Anywhere (v6) ALLOW Samba (v6)
+ Samba (v6) ALLOW Bind9 (v6)
+-Samba (v6) ALLOW 22
++Samba (v6) ALLOW 13
+ Apache (v6) ALLOW 88
+ 2001:db8::/32 Samba ALLOW Anywhere (v6)
+ Anywhere (v6) ALLOW 2001:db8::/32 Samba
+ 2001:db8::/32 Samba ALLOW 2001:db8::/32 Bind9
+-2001:db8::/32 Samba ALLOW 2001:db8::/32 22
++2001:db8::/32 Samba ALLOW 2001:db8::/32 13
+ 2001:db8::/32 Apache ALLOW 2001:db8::/32 88
+
+
+@@ -564,8 +564,8 @@ Anywhere ALLOW IN 138,9999/udp (Samba)
+ Anywhere ALLOW IN 139,445/tcp (Samba)
+ 138,9999/udp (Samba) ALLOW IN 53/udp (Bind9)
+ 139,445/tcp (Samba) ALLOW IN 53/tcp (Bind9)
+-138,9999/udp (Samba) ALLOW IN 22/udp
+-139,445/tcp (Samba) ALLOW IN 22/tcp
++138,9999/udp (Samba) ALLOW IN 13/udp
++139,445/tcp (Samba) ALLOW IN 13/tcp
+ 8888/tcp (Apache) ALLOW IN 88/tcp
+ 8888/tcp (Apache (v6)) ALLOW IN Anywhere (v6)
+ 138,9999/udp (Samba (v6)) ALLOW IN Anywhere (v6)
+@@ -574,8 +574,8 @@ Anywhere (v6) ALLOW IN 138,9999/udp (Samba (v6))
+ Anywhere (v6) ALLOW IN 139,445/tcp (Samba (v6))
+ 138,9999/udp (Samba (v6)) ALLOW IN 53/udp (Bind9 (v6))
+ 139,445/tcp (Samba (v6)) ALLOW IN 53/tcp (Bind9 (v6))
+-138,9999/udp (Samba (v6)) ALLOW IN 22/udp
+-139,445/tcp (Samba (v6)) ALLOW IN 22/tcp
++138,9999/udp (Samba (v6)) ALLOW IN 13/udp
++139,445/tcp (Samba (v6)) ALLOW IN 13/tcp
+ 8888/tcp (Apache (v6)) ALLOW IN 88/tcp
+ 2001:db8::/32 138,9999/udp (Samba) ALLOW IN Anywhere (v6)
+ 2001:db8::/32 139,445/tcp (Samba) ALLOW IN Anywhere (v6)
+@@ -583,8 +583,8 @@ Anywhere (v6) ALLOW IN 2001:db8::/32 138,9999/udp (Samba)
+ Anywhere (v6) ALLOW IN 2001:db8::/32 139,445/tcp (Samba)
+ 2001:db8::/32 138,9999/udp (Samba) ALLOW IN 2001:db8::/32 53/udp (Bind9)
+ 2001:db8::/32 139,445/tcp (Samba) ALLOW IN 2001:db8::/32 53/tcp (Bind9)
+-2001:db8::/32 138,9999/udp (Samba) ALLOW IN 2001:db8::/32 22/udp
+-2001:db8::/32 139,445/tcp (Samba) ALLOW IN 2001:db8::/32 22/tcp
++2001:db8::/32 138,9999/udp (Samba) ALLOW IN 2001:db8::/32 13/udp
++2001:db8::/32 139,445/tcp (Samba) ALLOW IN 2001:db8::/32 13/tcp
+ 2001:db8::/32 8888/tcp (Apache) ALLOW IN 2001:db8::/32 88/tcp
+
+
+@@ -613,7 +613,7 @@ Rule deleted
+ Rule deleted (v6)
+
+
+-77: delete allow to any app Samba from any port 22
++77: delete allow to any app Samba from any port 13
+ WARN: Checks disabled
+ Rule deleted
+ Rule deleted (v6)
+@@ -640,7 +640,7 @@ WARN: Checks disabled
+ Rule deleted (v6)
+
+
+-82: delete allow to 2001:db8::/32 app Samba from 2001:db8::/32 port 22
++82: delete allow to 2001:db8::/32 app Samba from 2001:db8::/32 port 13
+ WARN: Checks disabled
+ Rule deleted (v6)
+
+@@ -682,7 +682,7 @@ WARN: Checks disabled
+ Rule added
+
+
+-91: allow to any app Samba from any port 22
++91: allow to any app Samba from any port 13
+ WARN: Checks disabled
+ Rule added
+
+@@ -707,7 +707,7 @@ WARN: Checks disabled
+ Rule added
+
+
+-96: allow to 192.168.2.0/24 app Samba from 192.168.2.0/24 port 22
++96: allow to 192.168.2.0/24 app Samba from 192.168.2.0/24 port 13
+ WARN: Checks disabled
+ Rule added
+
+@@ -727,12 +727,12 @@ Apache ALLOW Anywhere
+ Samba ALLOW Anywhere
+ Anywhere ALLOW Samba
+ Samba ALLOW Bind9
+-Samba ALLOW 22
++Samba ALLOW 13
+ Apache ALLOW 88
+ 192.168.2.0/24 Samba ALLOW Anywhere
+ Anywhere ALLOW 192.168.2.0/24 Samba
+ 192.168.2.0/24 Samba ALLOW 192.168.2.0/24 Bind9
+-192.168.2.0/24 Samba ALLOW 192.168.2.0/24 22
++192.168.2.0/24 Samba ALLOW 192.168.2.0/24 13
+ 192.168.2.0/24 Apache ALLOW 192.168.2.0/24 88
+
+
+@@ -753,8 +753,8 @@ Anywhere ALLOW IN 137,138/udp (Samba)
+ Anywhere ALLOW IN 139,445/tcp (Samba)
+ 137,138/udp (Samba) ALLOW IN 53/udp (Bind9)
+ 139,445/tcp (Samba) ALLOW IN 53/tcp (Bind9)
+-137,138/udp (Samba) ALLOW IN 22/udp
+-139,445/tcp (Samba) ALLOW IN 22/tcp
++137,138/udp (Samba) ALLOW IN 13/udp
++139,445/tcp (Samba) ALLOW IN 13/tcp
+ 80/tcp (Apache) ALLOW IN 88/tcp
+ 192.168.2.0/24 137,138/udp (Samba) ALLOW IN Anywhere
+ 192.168.2.0/24 139,445/tcp (Samba) ALLOW IN Anywhere
+@@ -762,8 +762,8 @@ Anywhere ALLOW IN 192.168.2.0/24 137,138/udp (Samba)
+ Anywhere ALLOW IN 192.168.2.0/24 139,445/tcp (Samba)
+ 192.168.2.0/24 137,138/udp (Samba) ALLOW IN 192.168.2.0/24 53/udp (Bind9)
+ 192.168.2.0/24 139,445/tcp (Samba) ALLOW IN 192.168.2.0/24 53/tcp (Bind9)
+-192.168.2.0/24 137,138/udp (Samba) ALLOW IN 192.168.2.0/24 22/udp
+-192.168.2.0/24 139,445/tcp (Samba) ALLOW IN 192.168.2.0/24 22/tcp
++192.168.2.0/24 137,138/udp (Samba) ALLOW IN 192.168.2.0/24 13/udp
++192.168.2.0/24 139,445/tcp (Samba) ALLOW IN 192.168.2.0/24 13/tcp
+ 192.168.2.0/24 80/tcp (Apache) ALLOW IN 192.168.2.0/24 88/tcp
+
+
+@@ -790,12 +790,12 @@ Apache ALLOW Anywhere
+ Samba ALLOW Anywhere
+ Anywhere ALLOW Samba
+ Samba ALLOW Bind9
+-Samba ALLOW 22
++Samba ALLOW 13
+ Apache ALLOW 88
+ 192.168.2.0/24 Samba ALLOW Anywhere
+ Anywhere ALLOW 192.168.2.0/24 Samba
+ 192.168.2.0/24 Samba ALLOW 192.168.2.0/24 Bind9
+-192.168.2.0/24 Samba ALLOW 192.168.2.0/24 22
++192.168.2.0/24 Samba ALLOW 192.168.2.0/24 13
+ 192.168.2.0/24 Apache ALLOW 192.168.2.0/24 88
+
+
+@@ -816,8 +816,8 @@ Anywhere ALLOW IN 138,9999/udp (Samba)
+ Anywhere ALLOW IN 139,445/tcp (Samba)
+ 138,9999/udp (Samba) ALLOW IN 53/udp (Bind9)
+ 139,445/tcp (Samba) ALLOW IN 53/tcp (Bind9)
+-138,9999/udp (Samba) ALLOW IN 22/udp
+-139,445/tcp (Samba) ALLOW IN 22/tcp
++138,9999/udp (Samba) ALLOW IN 13/udp
++139,445/tcp (Samba) ALLOW IN 13/tcp
+ 8888/tcp (Apache) ALLOW IN 88/tcp
+ 192.168.2.0/24 138,9999/udp (Samba) ALLOW IN Anywhere
+ 192.168.2.0/24 139,445/tcp (Samba) ALLOW IN Anywhere
+@@ -825,8 +825,8 @@ Anywhere ALLOW IN 192.168.2.0/24 138,9999/udp (Samba)
+ Anywhere ALLOW IN 192.168.2.0/24 139,445/tcp (Samba)
+ 192.168.2.0/24 138,9999/udp (Samba) ALLOW IN 192.168.2.0/24 53/udp (Bind9)
+ 192.168.2.0/24 139,445/tcp (Samba) ALLOW IN 192.168.2.0/24 53/tcp (Bind9)
+-192.168.2.0/24 138,9999/udp (Samba) ALLOW IN 192.168.2.0/24 22/udp
+-192.168.2.0/24 139,445/tcp (Samba) ALLOW IN 192.168.2.0/24 22/tcp
++192.168.2.0/24 138,9999/udp (Samba) ALLOW IN 192.168.2.0/24 13/udp
++192.168.2.0/24 139,445/tcp (Samba) ALLOW IN 192.168.2.0/24 13/tcp
+ 192.168.2.0/24 8888/tcp (Apache) ALLOW IN 192.168.2.0/24 88/tcp
+
+
+@@ -851,7 +851,7 @@ WARN: Checks disabled
+ Rule deleted
+
+
+-108: delete allow to any app Samba from any port 22
++108: delete allow to any app Samba from any port 13
+ WARN: Checks disabled
+ Rule deleted
+
+@@ -876,7 +876,7 @@ WARN: Checks disabled
+ Rule deleted
+
+
+-113: delete allow to 192.168.2.0/24 app Samba from 192.168.2.0/24 port 22
++113: delete allow to 192.168.2.0/24 app Samba from 192.168.2.0/24 port 13
+ WARN: Checks disabled
+ Rule deleted
+
+@@ -1356,7 +1356,7 @@ WARN: Checks disabled
+ Rule added
+
+
+-164: allow 22
++164: allow 13
+ WARN: Checks disabled
+ Rule added
+
+@@ -1435,9 +1435,9 @@ Rule inserted
+ ### tuple ### allow tcp 139,445 10.0.0.1 any 192.168.0.1 Samba - in
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba'
+
+-### tuple ### allow any 22 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 -j ACCEPT
+--A ufw-user-input -p udp --dport 22 -j ACCEPT
++### tuple ### allow any 13 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-input -p tcp --dport 13 -j ACCEPT
++-A ufw-user-input -p udp --dport 13 -j ACCEPT
+
+ ### END RULES ###
+
+@@ -1488,7 +1488,7 @@ WARN: Checks disabled
+ Rule deleted
+
+
+-173: delete allow 22
++173: delete allow 13
+ WARN: Checks disabled
+ Rule deleted
+
+@@ -1799,7 +1799,7 @@ Rule added
+ Rule added (v6)
+
+
+-192: allow 22
++192: allow 13
+ WARN: Checks disabled
+ Rule added
+ Rule added (v6)
+@@ -1880,9 +1880,9 @@ Rule inserted
+ ### tuple ### allow tcp 139,445 10.0.0.1 any 192.168.0.1 Samba - in
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -d 10.0.0.1 -s 192.168.0.1 -j ACCEPT -m comment --comment 'dapp_Samba'
+
+-### tuple ### allow any 22 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 -j ACCEPT
+--A ufw-user-input -p udp --dport 22 -j ACCEPT
++### tuple ### allow any 13 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-input -p tcp --dport 13 -j ACCEPT
++-A ufw-user-input -p udp --dport 13 -j ACCEPT
+
+ ### END RULES ###
+
+@@ -1923,9 +1923,9 @@ COMMIT
+ ### tuple ### allow tcp 139,445 ::/0 any ::/0 Samba - in
+ -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba'
+
+-### tuple ### allow any 22 ::/0 any ::/0 in
+--A ufw6-user-input -p tcp --dport 22 -j ACCEPT
+--A ufw6-user-input -p udp --dport 22 -j ACCEPT
++### tuple ### allow any 13 ::/0 any ::/0 in
++-A ufw6-user-input -p tcp --dport 13 -j ACCEPT
++-A ufw6-user-input -p udp --dport 13 -j ACCEPT
+
+ ### END RULES ###
+
+@@ -1949,7 +1949,7 @@ Rule deleted
+ Rule deleted (v6)
+
+
+-201: delete allow 22
++201: delete allow 13
+ WARN: Checks disabled
+ Rule deleted
+ Rule deleted (v6)
+@@ -2606,7 +2606,7 @@ Setting IPV6 to yes
+ 278: allow Samba
+
+
+-279: allow 22/tcp
++279: allow 13/tcp
+
+
+ ### tuple ### allow udp any 0.0.0.0/0 137,138 0.0.0.0/0 - Samba in
+@@ -2621,8 +2621,8 @@ Setting IPV6 to yes
+ ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba'
+
+-### tuple ### allow tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 -j ACCEPT
++### tuple ### allow tcp 13 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-input -p tcp --dport 13 -j ACCEPT
+
+ ### tuple ### allow udp any ::/0 137,138 ::/0 - Samba in
+ -A ufw6-user-input -p udp -m multiport --sports 137,138 -j ACCEPT -m comment --comment 'sapp_Samba'
+@@ -2636,8 +2636,8 @@ Setting IPV6 to yes
+ ### tuple ### allow tcp 139,445 ::/0 any ::/0 Samba - in
+ -A ufw6-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba'
+
+-### tuple ### allow tcp 22 ::/0 any ::/0 in
+--A ufw6-user-input -p tcp --dport 22 -j ACCEPT
++### tuple ### allow tcp 13 ::/0 any ::/0 in
++-A ufw6-user-input -p tcp --dport 13 -j ACCEPT
+
+ 280: --force delete 6
+
+@@ -2706,7 +2706,7 @@ Setting IPV6 to no
+ 289: allow Samba
+
+
+-290: allow 22/tcp
++290: allow 13/tcp
+
+
+ ### tuple ### allow udp any 0.0.0.0/0 137,138 0.0.0.0/0 - Samba in
+@@ -2721,8 +2721,8 @@ Setting IPV6 to no
+ ### tuple ### allow tcp 139,445 0.0.0.0/0 any 0.0.0.0/0 Samba - in
+ -A ufw-user-input -p tcp -m multiport --dports 139,445 -j ACCEPT -m comment --comment 'dapp_Samba'
+
+-### tuple ### allow tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 -j ACCEPT
++### tuple ### allow tcp 13 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-input -p tcp --dport 13 -j ACCEPT
+
+ 291: --force delete 3
+
+diff --git a/tests/root/live_apps/runtest.sh b/tests/root/live_apps/runtest.sh
+index 04bbde3..5feb86c 100755
+--- a/tests/root/live_apps/runtest.sh
++++ b/tests/root/live_apps/runtest.sh
+@@ -51,7 +51,7 @@ do
+ do_cmd "0" allow to $loc app Samba
+ do_cmd "0" allow from $loc app Samba
+ do_cmd "0" allow to $loc app Samba from $loc app Bind9
+- do_cmd "0" allow to $loc app Samba from $loc port 22
++ do_cmd "0" allow to $loc app Samba from $loc port 13
+ do_cmd "0" allow to $loc app Apache from $loc port 88
+ done
+ do_cmd "0" status
+@@ -78,7 +78,7 @@ do
+ do_cmd "0" delete allow to $loc app Samba
+ do_cmd "0" delete allow from $loc app Samba
+ do_cmd "0" delete allow to $loc app Samba from $loc app Bind9
+- do_cmd "0" delete allow to $loc app Samba from $loc port 22
++ do_cmd "0" delete allow to $loc app Samba from $loc port 13
+ do_cmd "0" delete allow to $loc app Apache from $loc port 88
+ done
+ do_cmd "0" status
+@@ -188,7 +188,7 @@ for ipv6 in no yes ; do
+ cat $TESTSTATE/user6.rules >> $TESTTMP/result
+
+ do_cmd "0" allow Samba
+- do_cmd "0" allow 22
++ do_cmd "0" allow 13
+ do_cmd "0" insert 2 allow from any to any app Samba
+ do_cmd "0" insert 2 allow from 192.168.0.1 to 10.0.0.1 app Samba
+ do_cmd "0" insert 2 allow from 192.168.0.1 to any app Samba
+@@ -209,7 +209,7 @@ for ipv6 in no yes ; do
+ }
+
+ do_cmd "0" delete allow Samba
+- do_cmd "0" delete allow 22
++ do_cmd "0" delete allow 13
+ do_cmd "0" delete allow from any to any app Samba
+ do_cmd "0" delete allow from 192.168.0.1 to 10.0.0.1 app Samba
+ do_cmd "0" delete allow from 192.168.0.1 to any app Samba
+@@ -258,7 +258,7 @@ do
+
+ do_cmd "0" nostats allow from any app Samba
+ do_cmd "0" nostats allow Samba
+- do_cmd "0" nostats allow 22/tcp
++ do_cmd "0" nostats allow 13/tcp
+
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+ if [ "$ipv6" = "yes" ]; then
+@@ -267,16 +267,16 @@ do
+
+ if [ "$ipv6" = "yes" ]; then
+ do_cmd "0" null --force delete 6
+- grep -v -q "^### tuple ### allow any 22 " $TESTSTATE/user6.rules || {
+- echo "Failed: Found port '22' in user6.rules" >> $TESTTMP/result
++ grep -v -q "^### tuple ### allow any 13 " $TESTSTATE/user6.rules || {
++ echo "Failed: Found port '13' in user6.rules" >> $TESTTMP/result
+ exit 1
+ }
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+ fi
+
+ do_cmd "0" null --force delete 3
+- grep -v -q "^### tuple ### allow any 22 " $TESTSTATE/user.rules || {
+- echo "Failed: Found port '22' in user.rules" >> $TESTTMP/result
++ grep -v -q "^### tuple ### allow any 13 " $TESTSTATE/user.rules || {
++ echo "Failed: Found port '13' in user.rules" >> $TESTTMP/result
+ exit 1
+ }
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+diff --git a/tests/root/valid/result b/tests/root/valid/result
+index 320a728..752b6f2 100644
+--- a/tests/root/valid/result
++++ b/tests/root/valid/result
+@@ -215,7 +215,7 @@ Rules updated
+ ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in
+ -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP
+
+-26: limit 22/tcp
++26: limit 13/tcp
+ WARN: Checks disabled
+ Rules updated
+
+@@ -233,9 +233,9 @@ Rules updated
+ ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in
+ -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP
+
+-### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set
+--A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ 27: deny 53
+ WARN: Checks disabled
+ Rules updated
+@@ -254,9 +254,9 @@ Rules updated
+ ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in
+ -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP
+
+-### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set
+--A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ 28: allow 80/tcp
+ WARN: Checks disabled
+ Rules updated
+@@ -275,9 +275,9 @@ Rules updated
+ ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in
+ -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP
+
+-### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set
+--A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ 29: allow from 10.0.0.0/8
+ WARN: Checks disabled
+ Rules updated
+@@ -296,9 +296,9 @@ Rules updated
+ ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in
+ -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP
+
+-### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set
+--A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ --
+ ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in
+ -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT
+@@ -321,9 +321,9 @@ Rules updated
+ ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in
+ -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP
+
+-### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set
+--A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ --
+ ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in
+ -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT
+@@ -349,9 +349,9 @@ Rules updated
+ ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in
+ -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP
+
+-### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set
+--A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ --
+ ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in
+ -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT
+@@ -380,9 +380,9 @@ Rules updated
+ ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in
+ -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP
+
+-### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set
+--A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ --
+ ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in
+ -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT
+@@ -414,9 +414,9 @@ Rules updated
+ ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in
+ -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP
+
+-### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set
+--A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ --
+ ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in
+ -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT
+@@ -451,9 +451,9 @@ Rules updated
+ ### tuple ### deny tcp 25 192.168.0.1 any 10.0.0.0/8 in
+ -A ufw-user-input -p tcp -d 192.168.0.1 --dport 25 -s 10.0.0.0/8 -j DROP
+
+-### tuple ### limit tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --set
+--A ufw-user-input -p tcp --dport 22 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
++### tuple ### limit tcp 13 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --set
++-A ufw-user-input -p tcp --dport 13 -m conntrack --ctstate NEW -m recent --update --seconds 30 --hitcount 6 -j ufw-user-limit
+ --
+ ### tuple ### allow any any 0.0.0.0/0 any 10.0.0.0/8 in
+ -A ufw-user-input -s 10.0.0.0/8 -j ACCEPT
+@@ -483,7 +483,7 @@ WARN: Checks disabled
+ Rules updated
+
+
+-37: delete limit 22/tcp
++37: delete limit 13/tcp
+ WARN: Checks disabled
+ Rules updated
+
+@@ -659,41 +659,41 @@ WARN: Checks disabled
+ Rules updated
+
+
+-66: allow ssh
++66: allow daytime
+ WARN: Checks disabled
+ Rules updated
+
+
+-### tuple ### allow any 22 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 -j ACCEPT
+--A ufw-user-input -p udp --dport 22 -j ACCEPT
+-67: delete allow ssh
++### tuple ### allow any 13 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-input -p tcp --dport 13 -j ACCEPT
++-A ufw-user-input -p udp --dport 13 -j ACCEPT
++67: delete allow daytime
+ WARN: Checks disabled
+ Rules updated
+
+
+-68: allow ssh/tcp
++68: allow daytime/tcp
+ WARN: Checks disabled
+ Rules updated
+
+
+-### tuple ### allow tcp 22 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 -j ACCEPT
++### tuple ### allow tcp 13 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-input -p tcp --dport 13 -j ACCEPT
+
+-69: delete allow ssh/tcp
++69: delete allow daytime/tcp
+ WARN: Checks disabled
+ Rules updated
+
+
+-70: allow ssh/udp
++70: allow daytime/udp
+ WARN: Checks disabled
+ Rules updated
+
+
+-### tuple ### allow udp 22 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p udp --dport 22 -j ACCEPT
++### tuple ### allow udp 13 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-input -p udp --dport 13 -j ACCEPT
+
+-71: delete allow ssh/udp
++71: delete allow daytime/udp
+ WARN: Checks disabled
+ Rules updated
+
+@@ -1679,28 +1679,28 @@ WARN: Checks disabled
+ Rules updated
+
+
+-219: allow to any port smtp from any port ssh
++219: allow to any port smtp from any port daytime
+ WARN: Checks disabled
+ Rules updated
+
+
+-### tuple ### allow tcp 25 0.0.0.0/0 22 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 25 --sport 22 -j ACCEPT
++### tuple ### allow tcp 25 0.0.0.0/0 13 0.0.0.0/0 in
++-A ufw-user-input -p tcp --dport 25 --sport 13 -j ACCEPT
+
+-220: delete allow to any port smtp from any port ssh
++220: delete allow to any port smtp from any port daytime
+ WARN: Checks disabled
+ Rules updated
+
+
+-221: allow to any port ssh from any port smtp
++221: allow to any port daytime from any port smtp
+ WARN: Checks disabled
+ Rules updated
+
+
+-### tuple ### allow tcp 22 0.0.0.0/0 25 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 --sport 25 -j ACCEPT
++### tuple ### allow tcp 13 0.0.0.0/0 25 0.0.0.0/0 in
++-A ufw-user-input -p tcp --dport 13 --sport 25 -j ACCEPT
+
+-222: delete allow to any port ssh from any port smtp
++222: delete allow to any port daytime from any port smtp
+ WARN: Checks disabled
+ Rules updated
+
+@@ -1744,28 +1744,28 @@ WARN: Checks disabled
+ Rules updated
+
+
+-229: allow to any port tftp from any port ssh
++229: allow to any port tftp from any port daytime
+ WARN: Checks disabled
+ Rules updated
+
+
+-### tuple ### allow udp 69 0.0.0.0/0 22 0.0.0.0/0 in
+--A ufw-user-input -p udp --dport 69 --sport 22 -j ACCEPT
++### tuple ### allow udp 69 0.0.0.0/0 13 0.0.0.0/0 in
++-A ufw-user-input -p udp --dport 69 --sport 13 -j ACCEPT
+
+-230: delete allow to any port tftp from any port ssh
++230: delete allow to any port tftp from any port daytime
+ WARN: Checks disabled
+ Rules updated
+
+
+-231: allow to any port ssh from any port tftp
++231: allow to any port daytime from any port tftp
+ WARN: Checks disabled
+ Rules updated
+
+
+-### tuple ### allow udp 22 0.0.0.0/0 69 0.0.0.0/0 in
+--A ufw-user-input -p udp --dport 22 --sport 69 -j ACCEPT
++### tuple ### allow udp 13 0.0.0.0/0 69 0.0.0.0/0 in
++-A ufw-user-input -p udp --dport 13 --sport 69 -j ACCEPT
+
+-232: delete allow to any port ssh from any port tftp
++232: delete allow to any port daytime from any port tftp
+ WARN: Checks disabled
+ Rules updated
+
+@@ -1796,41 +1796,41 @@ WARN: Checks disabled
+ Rules updated
+
+
+-237: allow to any port ssh from any port 23
++237: allow to any port daytime from any port 23
+ WARN: Checks disabled
+ Rules updated
+
+
+-### tuple ### allow any 22 0.0.0.0/0 23 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 --sport 23 -j ACCEPT
+--A ufw-user-input -p udp --dport 22 --sport 23 -j ACCEPT
+-238: delete allow to any port ssh from any port 23
++### tuple ### allow any 13 0.0.0.0/0 23 0.0.0.0/0 in
++-A ufw-user-input -p tcp --dport 13 --sport 23 -j ACCEPT
++-A ufw-user-input -p udp --dport 13 --sport 23 -j ACCEPT
++238: delete allow to any port daytime from any port 23
+ WARN: Checks disabled
+ Rules updated
+
+
+-239: allow to any port 23 from any port ssh
++239: allow to any port 23 from any port daytime
+ WARN: Checks disabled
+ Rules updated
+
+
+-### tuple ### allow any 23 0.0.0.0/0 22 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 23 --sport 22 -j ACCEPT
+--A ufw-user-input -p udp --dport 23 --sport 22 -j ACCEPT
+-240: delete allow to any port 23 from any port ssh
++### tuple ### allow any 23 0.0.0.0/0 13 0.0.0.0/0 in
++-A ufw-user-input -p tcp --dport 23 --sport 13 -j ACCEPT
++-A ufw-user-input -p udp --dport 23 --sport 13 -j ACCEPT
++240: delete allow to any port 23 from any port daytime
+ WARN: Checks disabled
+ Rules updated
+
+
+-241: allow to any port ssh from any port domain
++241: allow to any port daytime from any port domain
+ WARN: Checks disabled
+ Rules updated
+
+
+-### tuple ### allow any 22 0.0.0.0/0 53 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 --sport 53 -j ACCEPT
+--A ufw-user-input -p udp --dport 22 --sport 53 -j ACCEPT
+-242: delete allow to any port ssh from any port domain
++### tuple ### allow any 13 0.0.0.0/0 53 0.0.0.0/0 in
++-A ufw-user-input -p tcp --dport 13 --sport 53 -j ACCEPT
++-A ufw-user-input -p udp --dport 13 --sport 53 -j ACCEPT
++242: delete allow to any port daytime from any port domain
+ WARN: Checks disabled
+ Rules updated
+
+@@ -1848,28 +1848,28 @@ WARN: Checks disabled
+ Rules updated
+
+
+-245: allow to any port smtp from any port ssh proto tcp
++245: allow to any port smtp from any port daytime proto tcp
+ WARN: Checks disabled
+ Rules updated
+
+
+-### tuple ### allow tcp 25 0.0.0.0/0 22 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 25 --sport 22 -j ACCEPT
++### tuple ### allow tcp 25 0.0.0.0/0 13 0.0.0.0/0 in
++-A ufw-user-input -p tcp --dport 25 --sport 13 -j ACCEPT
+
+-246: delete allow to any port smtp from any port ssh proto tcp
++246: delete allow to any port smtp from any port daytime proto tcp
+ WARN: Checks disabled
+ Rules updated
+
+
+-247: allow to any port ssh from any port smtp proto tcp
++247: allow to any port daytime from any port smtp proto tcp
+ WARN: Checks disabled
+ Rules updated
+
+
+-### tuple ### allow tcp 22 0.0.0.0/0 25 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 --sport 25 -j ACCEPT
++### tuple ### allow tcp 13 0.0.0.0/0 25 0.0.0.0/0 in
++-A ufw-user-input -p tcp --dport 13 --sport 25 -j ACCEPT
+
+-248: delete allow to any port ssh from any port smtp proto tcp
++248: delete allow to any port daytime from any port smtp proto tcp
+ WARN: Checks disabled
+ Rules updated
+
+@@ -1913,28 +1913,28 @@ WARN: Checks disabled
+ Rules updated
+
+
+-255: allow to any port tftp from any port ssh proto udp
++255: allow to any port tftp from any port daytime proto udp
+ WARN: Checks disabled
+ Rules updated
+
+
+-### tuple ### allow udp 69 0.0.0.0/0 22 0.0.0.0/0 in
+--A ufw-user-input -p udp --dport 69 --sport 22 -j ACCEPT
++### tuple ### allow udp 69 0.0.0.0/0 13 0.0.0.0/0 in
++-A ufw-user-input -p udp --dport 69 --sport 13 -j ACCEPT
+
+-256: delete allow to any port tftp from any port ssh proto udp
++256: delete allow to any port tftp from any port daytime proto udp
+ WARN: Checks disabled
+ Rules updated
+
+
+-257: allow to any port ssh from any port tftp proto udp
++257: allow to any port daytime from any port tftp proto udp
+ WARN: Checks disabled
+ Rules updated
+
+
+-### tuple ### allow udp 22 0.0.0.0/0 69 0.0.0.0/0 in
+--A ufw-user-input -p udp --dport 22 --sport 69 -j ACCEPT
++### tuple ### allow udp 13 0.0.0.0/0 69 0.0.0.0/0 in
++-A ufw-user-input -p udp --dport 13 --sport 69 -j ACCEPT
+
+-258: delete allow to any port ssh from any port tftp proto udp
++258: delete allow to any port daytime from any port tftp proto udp
+ WARN: Checks disabled
+ Rules updated
+
+@@ -1965,80 +1965,80 @@ WARN: Checks disabled
+ Rules updated
+
+
+-263: allow to any port ssh from any port 23 proto tcp
++263: allow to any port daytime from any port 23 proto tcp
+ WARN: Checks disabled
+ Rules updated
+
+
+-### tuple ### allow tcp 22 0.0.0.0/0 23 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 --sport 23 -j ACCEPT
++### tuple ### allow tcp 13 0.0.0.0/0 23 0.0.0.0/0 in
++-A ufw-user-input -p tcp --dport 13 --sport 23 -j ACCEPT
+
+-264: delete allow to any port ssh from any port 23 proto tcp
++264: delete allow to any port daytime from any port 23 proto tcp
+ WARN: Checks disabled
+ Rules updated
+
+
+-265: allow to any port 23 from any port ssh proto tcp
++265: allow to any port 23 from any port daytime proto tcp
+ WARN: Checks disabled
+ Rules updated
+
+
+-### tuple ### allow tcp 23 0.0.0.0/0 22 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 23 --sport 22 -j ACCEPT
++### tuple ### allow tcp 23 0.0.0.0/0 13 0.0.0.0/0 in
++-A ufw-user-input -p tcp --dport 23 --sport 13 -j ACCEPT
+
+-266: delete allow to any port 23 from any port ssh proto tcp
++266: delete allow to any port 23 from any port daytime proto tcp
+ WARN: Checks disabled
+ Rules updated
+
+
+-267: allow to any port ssh from any port domain proto tcp
++267: allow to any port daytime from any port domain proto tcp
+ WARN: Checks disabled
+ Rules updated
+
+
+-### tuple ### allow tcp 22 0.0.0.0/0 53 0.0.0.0/0 in
+--A ufw-user-input -p tcp --dport 22 --sport 53 -j ACCEPT
++### tuple ### allow tcp 13 0.0.0.0/0 53 0.0.0.0/0 in
++-A ufw-user-input -p tcp --dport 13 --sport 53 -j ACCEPT
+
+-268: delete allow to any port ssh from any port domain proto tcp
++268: delete allow to any port daytime from any port domain proto tcp
+ WARN: Checks disabled
+ Rules updated
+
+
+-269: allow to any port ssh from any port 23 proto udp
++269: allow to any port daytime from any port 23 proto udp
+ WARN: Checks disabled
+ Rules updated
+
+
+-### tuple ### allow udp 22 0.0.0.0/0 23 0.0.0.0/0 in
+--A ufw-user-input -p udp --dport 22 --sport 23 -j ACCEPT
++### tuple ### allow udp 13 0.0.0.0/0 23 0.0.0.0/0 in
++-A ufw-user-input -p udp --dport 13 --sport 23 -j ACCEPT
+
+-270: delete allow to any port ssh from any port 23 proto udp
++270: delete allow to any port daytime from any port 23 proto udp
+ WARN: Checks disabled
+ Rules updated
+
+
+-271: allow to any port 23 from any port ssh proto udp
++271: allow to any port 23 from any port daytime proto udp
+ WARN: Checks disabled
+ Rules updated
+
+
+-### tuple ### allow udp 23 0.0.0.0/0 22 0.0.0.0/0 in
+--A ufw-user-input -p udp --dport 23 --sport 22 -j ACCEPT
++### tuple ### allow udp 23 0.0.0.0/0 13 0.0.0.0/0 in
++-A ufw-user-input -p udp --dport 23 --sport 13 -j ACCEPT
+
+-272: delete allow to any port 23 from any port ssh proto udp
++272: delete allow to any port 23 from any port daytime proto udp
+ WARN: Checks disabled
+ Rules updated
+
+
+-273: allow to any port ssh from any port domain proto udp
++273: allow to any port daytime from any port domain proto udp
+ WARN: Checks disabled
+ Rules updated
+
+
+-### tuple ### allow udp 22 0.0.0.0/0 53 0.0.0.0/0 in
+--A ufw-user-input -p udp --dport 22 --sport 53 -j ACCEPT
++### tuple ### allow udp 13 0.0.0.0/0 53 0.0.0.0/0 in
++-A ufw-user-input -p udp --dport 13 --sport 53 -j ACCEPT
+
+-274: delete allow to any port ssh from any port domain proto udp
++274: delete allow to any port daytime from any port domain proto udp
+ WARN: Checks disabled
+ Rules updated
+
+@@ -2196,41 +2196,41 @@ WARN: Checks disabled
+ Rules updated
+
+
+-297: allow to 192.168.0.1 port 80:83,22 proto tcp
++297: allow to 192.168.0.1 port 80:83,13 proto tcp
+ WARN: Checks disabled
+ Rules updated
+
+
+-### tuple ### allow tcp 22,80:83 192.168.0.1 any 0.0.0.0/0 in
+--A ufw-user-input -p tcp -m multiport --dports 22,80:83 -d 192.168.0.1 -j ACCEPT
++### tuple ### allow tcp 13,80:83 192.168.0.1 any 0.0.0.0/0 in
++-A ufw-user-input -p tcp -m multiport --dports 13,80:83 -d 192.168.0.1 -j ACCEPT
+
+-298: delete allow to 192.168.0.1 port 80:83,22 proto tcp
++298: delete allow to 192.168.0.1 port 80:83,13 proto tcp
+ WARN: Checks disabled
+ Rules updated
+
+
+-299: allow from 192.168.0.1 port 35:39 to 192.168.0.2 port 22 proto tcp
++299: allow from 192.168.0.1 port 35:39 to 192.168.0.2 port 13 proto tcp
+ WARN: Checks disabled
+ Rules updated
+
+
+-### tuple ### allow tcp 22 192.168.0.2 35:39 192.168.0.1 in
+--A ufw-user-input -p tcp -m multiport --dports 22 -m multiport --sports 35:39 -d 192.168.0.2 -s 192.168.0.1 -j ACCEPT
++### tuple ### allow tcp 13 192.168.0.2 35:39 192.168.0.1 in
++-A ufw-user-input -p tcp -m multiport --dports 13 -m multiport --sports 35:39 -d 192.168.0.2 -s 192.168.0.1 -j ACCEPT
+
+-300: delete allow from 192.168.0.1 port 35:39 to 192.168.0.2 port 22 proto tcp
++300: delete allow from 192.168.0.1 port 35:39 to 192.168.0.2 port 13 proto tcp
+ WARN: Checks disabled
+ Rules updated
+
+
+-301: allow to any port 23,21,15:19,22 from any port 24:26 proto udp
++301: allow to any port 23,21,15:19,13 from any port 24:26 proto udp
+ WARN: Checks disabled
+ Rules updated
+
+
+-### tuple ### allow udp 15:19,21,22,23 0.0.0.0/0 24:26 0.0.0.0/0 in
+--A ufw-user-input -p udp -m multiport --dports 15:19,21,22,23 -m multiport --sports 24:26 -j ACCEPT
++### tuple ### allow udp 13,15:19,21,23 0.0.0.0/0 24:26 0.0.0.0/0 in
++-A ufw-user-input -p udp -m multiport --dports 13,15:19,21,23 -m multiport --sports 24:26 -j ACCEPT
+
+-302: delete allow to any port 23,21,15:19,22 from any port 24:26 proto udp
++302: delete allow to any port 23,21,15:19,13 from any port 24:26 proto udp
+ WARN: Checks disabled
+ Rules updated
+
+@@ -2274,15 +2274,15 @@ WARN: Checks disabled
+ Rules updated
+
+
+-309: deny 23,21,15:19,22/udp
++309: deny 23,21,15:19,13/udp
+ WARN: Checks disabled
+ Rules updated
+
+
+-### tuple ### deny udp 15:19,21,22,23 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p udp -m multiport --dports 15:19,21,22,23 -j DROP
++### tuple ### deny udp 13,15:19,21,23 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-input -p udp -m multiport --dports 13,15:19,21,23 -j DROP
+
+-310: delete deny 23,21,15:19,22/udp
++310: delete deny 23,21,15:19,13/udp
+ WARN: Checks disabled
+ Rules updated
+
+diff --git a/tests/root/valid/runtest.sh b/tests/root/valid/runtest.sh
+index aa03d99..feeacba 100755
+--- a/tests/root/valid/runtest.sh
++++ b/tests/root/valid/runtest.sh
+@@ -76,7 +76,7 @@ do_cmd "0" deny to any port 80 proto tcp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+ do_cmd "0" deny from 10.0.0.0/8 to 192.168.0.1 port 25 proto tcp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" limit 22/tcp
++do_cmd "0" limit 13/tcp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+ do_cmd "0" deny 53
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+@@ -97,7 +97,7 @@ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+
+ do_cmd "0" delete allow 25/tcp
+ do_cmd "0" delete deny from 10.0.0.0/8 to 192.168.0.1 port 25 proto tcp
+-do_cmd "0" delete limit 22/tcp
++do_cmd "0" delete limit 13/tcp
+ do_cmd "0" delete deny 53
+ do_cmd "0" delete allow 80/tcp
+ do_cmd "0" delete allow from 10.0.0.0/8
+@@ -160,19 +160,19 @@ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+ do_cmd "0" delete allow tftp/udp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+
+-do_cmd "0" allow ssh
++do_cmd "0" allow daytime
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" delete allow ssh
++do_cmd "0" delete allow daytime
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+
+-do_cmd "0" allow ssh/tcp
++do_cmd "0" allow daytime/tcp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" delete allow ssh/tcp
++do_cmd "0" delete allow daytime/tcp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+
+-do_cmd "0" allow ssh/udp
++do_cmd "0" allow daytime/udp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" delete allow ssh/udp
++do_cmd "0" delete allow daytime/udp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+
+
+@@ -250,13 +250,13 @@ do_cmd "0" allow to any port smtp from any port smtp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+ do_cmd "0" delete allow to any port smtp from any port smtp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port smtp from any port ssh
++do_cmd "0" allow to any port smtp from any port daytime
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port smtp from any port ssh
++do_cmd "0" delete allow to any port smtp from any port daytime
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port ssh from any port smtp
++do_cmd "0" allow to any port daytime from any port smtp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port ssh from any port smtp
++do_cmd "0" delete allow to any port daytime from any port smtp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+ do_cmd "0" allow to any port smtp from any port 23
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+@@ -270,13 +270,13 @@ do_cmd "0" allow to any port tftp from any port tftp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+ do_cmd "0" delete allow to any port tftp from any port tftp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port tftp from any port ssh
++do_cmd "0" allow to any port tftp from any port daytime
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port tftp from any port ssh
++do_cmd "0" delete allow to any port tftp from any port daytime
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port ssh from any port tftp
++do_cmd "0" allow to any port daytime from any port tftp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port ssh from any port tftp
++do_cmd "0" delete allow to any port daytime from any port tftp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+ do_cmd "0" allow to any port tftp from any port 23
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+@@ -286,30 +286,30 @@ do_cmd "0" allow to any port 23 from any port tftp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+ do_cmd "0" delete allow to any port 23 from any port tftp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port ssh from any port 23
++do_cmd "0" allow to any port daytime from any port 23
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port ssh from any port 23
++do_cmd "0" delete allow to any port daytime from any port 23
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port 23 from any port ssh
++do_cmd "0" allow to any port 23 from any port daytime
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port 23 from any port ssh
++do_cmd "0" delete allow to any port 23 from any port daytime
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port ssh from any port domain
++do_cmd "0" allow to any port daytime from any port domain
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port ssh from any port domain
++do_cmd "0" delete allow to any port daytime from any port domain
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+
+ do_cmd "0" allow to any port smtp from any port smtp proto tcp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+ do_cmd "0" delete allow to any port smtp from any port smtp proto tcp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port smtp from any port ssh proto tcp
++do_cmd "0" allow to any port smtp from any port daytime proto tcp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port smtp from any port ssh proto tcp
++do_cmd "0" delete allow to any port smtp from any port daytime proto tcp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port ssh from any port smtp proto tcp
++do_cmd "0" allow to any port daytime from any port smtp proto tcp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port ssh from any port smtp proto tcp
++do_cmd "0" delete allow to any port daytime from any port smtp proto tcp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+ do_cmd "0" allow to any port smtp from any port 23 proto tcp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+@@ -323,13 +323,13 @@ do_cmd "0" allow to any port tftp from any port tftp proto udp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+ do_cmd "0" delete allow to any port tftp from any port tftp proto udp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port tftp from any port ssh proto udp
++do_cmd "0" allow to any port tftp from any port daytime proto udp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port tftp from any port ssh proto udp
++do_cmd "0" delete allow to any port tftp from any port daytime proto udp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port ssh from any port tftp proto udp
++do_cmd "0" allow to any port daytime from any port tftp proto udp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port ssh from any port tftp proto udp
++do_cmd "0" delete allow to any port daytime from any port tftp proto udp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+ do_cmd "0" allow to any port tftp from any port 23 proto udp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+@@ -339,29 +339,29 @@ do_cmd "0" allow to any port 23 from any port tftp proto udp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+ do_cmd "0" delete allow to any port 23 from any port tftp proto udp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port ssh from any port 23 proto tcp
++do_cmd "0" allow to any port daytime from any port 23 proto tcp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port ssh from any port 23 proto tcp
++do_cmd "0" delete allow to any port daytime from any port 23 proto tcp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port 23 from any port ssh proto tcp
++do_cmd "0" allow to any port 23 from any port daytime proto tcp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port 23 from any port ssh proto tcp
++do_cmd "0" delete allow to any port 23 from any port daytime proto tcp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port ssh from any port domain proto tcp
++do_cmd "0" allow to any port daytime from any port domain proto tcp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port ssh from any port domain proto tcp
++do_cmd "0" delete allow to any port daytime from any port domain proto tcp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port ssh from any port 23 proto udp
++do_cmd "0" allow to any port daytime from any port 23 proto udp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port ssh from any port 23 proto udp
++do_cmd "0" delete allow to any port daytime from any port 23 proto udp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port 23 from any port ssh proto udp
++do_cmd "0" allow to any port 23 from any port daytime proto udp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port 23 from any port ssh proto udp
++do_cmd "0" delete allow to any port 23 from any port daytime proto udp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port ssh from any port domain proto udp
++do_cmd "0" allow to any port daytime from any port domain proto udp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port ssh from any port domain proto udp
++do_cmd "0" delete allow to any port daytime from any port domain proto udp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+
+ echo "TESTING NETMASK" >> $TESTTMP/result
+@@ -413,17 +413,17 @@ do_cmd "0" allow to 192.168.0.1 port 80:83 proto tcp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+ do_cmd "0" delete allow to 192.168.0.1 port 80:83 proto tcp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" allow to 192.168.0.1 port 80:83,22 proto tcp
++do_cmd "0" allow to 192.168.0.1 port 80:83,13 proto tcp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to 192.168.0.1 port 80:83,22 proto tcp
++do_cmd "0" delete allow to 192.168.0.1 port 80:83,13 proto tcp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" allow from 192.168.0.1 port 35:39 to 192.168.0.2 port 22 proto tcp
++do_cmd "0" allow from 192.168.0.1 port 35:39 to 192.168.0.2 port 13 proto tcp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" delete allow from 192.168.0.1 port 35:39 to 192.168.0.2 port 22 proto tcp
++do_cmd "0" delete allow from 192.168.0.1 port 35:39 to 192.168.0.2 port 13 proto tcp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port 23,21,15:19,22 from any port 24:26 proto udp
++do_cmd "0" allow to any port 23,21,15:19,13 from any port 24:26 proto udp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port 23,21,15:19,22 from any port 24:26 proto udp
++do_cmd "0" delete allow to any port 23,21,15:19,13 from any port 24:26 proto udp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+ do_cmd "0" allow 34,35/tcp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+@@ -437,9 +437,9 @@ do_cmd "0" deny 35:39/udp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+ do_cmd "0" delete deny 35:39/udp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" deny 23,21,15:19,22/udp
++do_cmd "0" deny 23,21,15:19,13/udp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+-do_cmd "0" delete deny 23,21,15:19,22/udp
++do_cmd "0" delete deny 23,21,15:19,13/udp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+
+ cleanup
+diff --git a/tests/root/valid6/result b/tests/root/valid6/result
+index 74fcd86..f568a2f 100644
+--- a/tests/root/valid6/result
++++ b/tests/root/valid6/result
+@@ -1049,31 +1049,31 @@ Rules updated
+ Rules updated (v6)
+
+
+-164: allow to any port smtp from any port ssh
++164: allow to any port smtp from any port daytime
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+
+
+-### tuple ### allow tcp 25 ::/0 22 ::/0 in
+--A ufw6-user-input -p tcp --dport 25 --sport 22 -j ACCEPT
++### tuple ### allow tcp 25 ::/0 13 ::/0 in
++-A ufw6-user-input -p tcp --dport 25 --sport 13 -j ACCEPT
+
+-165: delete allow to any port smtp from any port ssh
++165: delete allow to any port smtp from any port daytime
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+
+
+-166: allow to any port ssh from any port smtp
++166: allow to any port daytime from any port smtp
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+
+
+-### tuple ### allow tcp 22 ::/0 25 ::/0 in
+--A ufw6-user-input -p tcp --dport 22 --sport 25 -j ACCEPT
++### tuple ### allow tcp 13 ::/0 25 ::/0 in
++-A ufw6-user-input -p tcp --dport 13 --sport 25 -j ACCEPT
+
+-167: delete allow to any port ssh from any port smtp
++167: delete allow to any port daytime from any port smtp
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+@@ -1124,31 +1124,31 @@ Rules updated
+ Rules updated (v6)
+
+
+-174: allow to any port tftp from any port ssh
++174: allow to any port tftp from any port daytime
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+
+
+-### tuple ### allow udp 69 ::/0 22 ::/0 in
+--A ufw6-user-input -p udp --dport 69 --sport 22 -j ACCEPT
++### tuple ### allow udp 69 ::/0 13 ::/0 in
++-A ufw6-user-input -p udp --dport 69 --sport 13 -j ACCEPT
+
+-175: delete allow to any port tftp from any port ssh
++175: delete allow to any port tftp from any port daytime
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+
+
+-176: allow to any port ssh from any port tftp
++176: allow to any port daytime from any port tftp
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+
+
+-### tuple ### allow udp 22 ::/0 69 ::/0 in
+--A ufw6-user-input -p udp --dport 22 --sport 69 -j ACCEPT
++### tuple ### allow udp 13 ::/0 69 ::/0 in
++-A ufw6-user-input -p udp --dport 13 --sport 69 -j ACCEPT
+
+-177: delete allow to any port ssh from any port tftp
++177: delete allow to any port daytime from any port tftp
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+@@ -1184,46 +1184,46 @@ Rules updated
+ Rules updated (v6)
+
+
+-182: allow to any port ssh from any port 23
++182: allow to any port daytime from any port 23
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+
+
+-### tuple ### allow any 22 ::/0 23 ::/0 in
+--A ufw6-user-input -p tcp --dport 22 --sport 23 -j ACCEPT
+--A ufw6-user-input -p udp --dport 22 --sport 23 -j ACCEPT
+-183: delete allow to any port ssh from any port 23
++### tuple ### allow any 13 ::/0 23 ::/0 in
++-A ufw6-user-input -p tcp --dport 13 --sport 23 -j ACCEPT
++-A ufw6-user-input -p udp --dport 13 --sport 23 -j ACCEPT
++183: delete allow to any port daytime from any port 23
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+
+
+-184: allow to any port 23 from any port ssh
++184: allow to any port 23 from any port daytime
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+
+
+-### tuple ### allow any 23 ::/0 22 ::/0 in
+--A ufw6-user-input -p tcp --dport 23 --sport 22 -j ACCEPT
+--A ufw6-user-input -p udp --dport 23 --sport 22 -j ACCEPT
+-185: delete allow to any port 23 from any port ssh
++### tuple ### allow any 23 ::/0 13 ::/0 in
++-A ufw6-user-input -p tcp --dport 23 --sport 13 -j ACCEPT
++-A ufw6-user-input -p udp --dport 23 --sport 13 -j ACCEPT
++185: delete allow to any port 23 from any port daytime
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+
+
+-186: allow to any port ssh from any port domain
++186: allow to any port daytime from any port domain
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+
+
+-### tuple ### allow any 22 ::/0 53 ::/0 in
+--A ufw6-user-input -p tcp --dport 22 --sport 53 -j ACCEPT
+--A ufw6-user-input -p udp --dport 22 --sport 53 -j ACCEPT
+-187: delete allow to any port ssh from any port domain
++### tuple ### allow any 13 ::/0 53 ::/0 in
++-A ufw6-user-input -p tcp --dport 13 --sport 53 -j ACCEPT
++-A ufw6-user-input -p udp --dport 13 --sport 53 -j ACCEPT
++187: delete allow to any port daytime from any port domain
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+@@ -1244,31 +1244,31 @@ Rules updated
+ Rules updated (v6)
+
+
+-190: allow to any port smtp from any port ssh proto tcp
++190: allow to any port smtp from any port daytime proto tcp
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+
+
+-### tuple ### allow tcp 25 ::/0 22 ::/0 in
+--A ufw6-user-input -p tcp --dport 25 --sport 22 -j ACCEPT
++### tuple ### allow tcp 25 ::/0 13 ::/0 in
++-A ufw6-user-input -p tcp --dport 25 --sport 13 -j ACCEPT
+
+-191: delete allow to any port smtp from any port ssh proto tcp
++191: delete allow to any port smtp from any port daytime proto tcp
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+
+
+-192: allow to any port ssh from any port smtp proto tcp
++192: allow to any port daytime from any port smtp proto tcp
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+
+
+-### tuple ### allow tcp 22 ::/0 25 ::/0 in
+--A ufw6-user-input -p tcp --dport 22 --sport 25 -j ACCEPT
++### tuple ### allow tcp 13 ::/0 25 ::/0 in
++-A ufw6-user-input -p tcp --dport 13 --sport 25 -j ACCEPT
+
+-193: delete allow to any port ssh from any port smtp proto tcp
++193: delete allow to any port daytime from any port smtp proto tcp
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+@@ -1319,31 +1319,31 @@ Rules updated
+ Rules updated (v6)
+
+
+-200: allow to any port tftp from any port ssh proto udp
++200: allow to any port tftp from any port daytime proto udp
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+
+
+-### tuple ### allow udp 69 ::/0 22 ::/0 in
+--A ufw6-user-input -p udp --dport 69 --sport 22 -j ACCEPT
++### tuple ### allow udp 69 ::/0 13 ::/0 in
++-A ufw6-user-input -p udp --dport 69 --sport 13 -j ACCEPT
+
+-201: delete allow to any port tftp from any port ssh proto udp
++201: delete allow to any port tftp from any port daytime proto udp
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+
+
+-202: allow to any port ssh from any port tftp proto udp
++202: allow to any port daytime from any port tftp proto udp
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+
+
+-### tuple ### allow udp 22 ::/0 69 ::/0 in
+--A ufw6-user-input -p udp --dport 22 --sport 69 -j ACCEPT
++### tuple ### allow udp 13 ::/0 69 ::/0 in
++-A ufw6-user-input -p udp --dport 13 --sport 69 -j ACCEPT
+
+-203: delete allow to any port ssh from any port tftp proto udp
++203: delete allow to any port daytime from any port tftp proto udp
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+@@ -1379,91 +1379,91 @@ Rules updated
+ Rules updated (v6)
+
+
+-208: allow to any port ssh from any port 23 proto tcp
++208: allow to any port daytime from any port 23 proto tcp
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+
+
+-### tuple ### allow tcp 22 ::/0 23 ::/0 in
+--A ufw6-user-input -p tcp --dport 22 --sport 23 -j ACCEPT
++### tuple ### allow tcp 13 ::/0 23 ::/0 in
++-A ufw6-user-input -p tcp --dport 13 --sport 23 -j ACCEPT
+
+-209: delete allow to any port ssh from any port 23 proto tcp
++209: delete allow to any port daytime from any port 23 proto tcp
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+
+
+-210: allow to any port 23 from any port ssh proto tcp
++210: allow to any port 23 from any port daytime proto tcp
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+
+
+-### tuple ### allow tcp 23 ::/0 22 ::/0 in
+--A ufw6-user-input -p tcp --dport 23 --sport 22 -j ACCEPT
++### tuple ### allow tcp 23 ::/0 13 ::/0 in
++-A ufw6-user-input -p tcp --dport 23 --sport 13 -j ACCEPT
+
+-211: delete allow to any port 23 from any port ssh proto tcp
++211: delete allow to any port 23 from any port daytime proto tcp
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+
+
+-212: allow to any port ssh from any port domain proto tcp
++212: allow to any port daytime from any port domain proto tcp
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+
+
+-### tuple ### allow tcp 22 ::/0 53 ::/0 in
+--A ufw6-user-input -p tcp --dport 22 --sport 53 -j ACCEPT
++### tuple ### allow tcp 13 ::/0 53 ::/0 in
++-A ufw6-user-input -p tcp --dport 13 --sport 53 -j ACCEPT
+
+-213: delete allow to any port ssh from any port domain proto tcp
++213: delete allow to any port daytime from any port domain proto tcp
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+
+
+-214: allow to any port ssh from any port 23 proto udp
++214: allow to any port daytime from any port 23 proto udp
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+
+
+-### tuple ### allow udp 22 ::/0 23 ::/0 in
+--A ufw6-user-input -p udp --dport 22 --sport 23 -j ACCEPT
++### tuple ### allow udp 13 ::/0 23 ::/0 in
++-A ufw6-user-input -p udp --dport 13 --sport 23 -j ACCEPT
+
+-215: delete allow to any port ssh from any port 23 proto udp
++215: delete allow to any port daytime from any port 23 proto udp
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+
+
+-216: allow to any port 23 from any port ssh proto udp
++216: allow to any port 23 from any port daytime proto udp
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+
+
+-### tuple ### allow udp 23 ::/0 22 ::/0 in
+--A ufw6-user-input -p udp --dport 23 --sport 22 -j ACCEPT
++### tuple ### allow udp 23 ::/0 13 ::/0 in
++-A ufw6-user-input -p udp --dport 23 --sport 13 -j ACCEPT
+
+-217: delete allow to any port 23 from any port ssh proto udp
++217: delete allow to any port 23 from any port daytime proto udp
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+
+
+-218: allow to any port ssh from any port domain proto udp
++218: allow to any port daytime from any port domain proto udp
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+
+
+-### tuple ### allow udp 22 ::/0 53 ::/0 in
+--A ufw6-user-input -p udp --dport 22 --sport 53 -j ACCEPT
++### tuple ### allow udp 13 ::/0 53 ::/0 in
++-A ufw6-user-input -p udp --dport 13 --sport 53 -j ACCEPT
+
+-219: delete allow to any port ssh from any port domain proto udp
++219: delete allow to any port daytime from any port domain proto udp
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+@@ -1575,63 +1575,63 @@ WARN: Checks disabled
+ Rules updated (v6)
+
+
+-236: allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 80:83,22 proto tcp
++236: allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 80:83,13 proto tcp
+ WARN: Checks disabled
+ Rules updated (v6)
+
+
+-### tuple ### allow tcp 22,80:83 2001:db8:85a3:8d3:1319:8a2e:370:7341 any ::/0 in
+--A ufw6-user-input -p tcp -m multiport --dports 22,80:83 -d 2001:db8:85a3:8d3:1319:8a2e:370:7341 -j ACCEPT
++### tuple ### allow tcp 13,80:83 2001:db8:85a3:8d3:1319:8a2e:370:7341 any ::/0 in
++-A ufw6-user-input -p tcp -m multiport --dports 13,80:83 -d 2001:db8:85a3:8d3:1319:8a2e:370:7341 -j ACCEPT
+
+-237: delete allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 80:83,22 proto tcp
++237: delete allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 80:83,13 proto tcp
+ WARN: Checks disabled
+ Rules updated (v6)
+
+
+-238: allow from 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 to 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 22 proto tcp
++238: allow from 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 to 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 13 proto tcp
+ WARN: Checks disabled
+ Rules updated (v6)
+
+
+-### tuple ### allow tcp 22 2001:db8:85a3:8d3:1319:8a2e:370:7342 35:39 2001:db8:85a3:8d3:1319:8a2e:370:7341 in
+--A ufw6-user-input -p tcp -m multiport --dports 22 -m multiport --sports 35:39 -d 2001:db8:85a3:8d3:1319:8a2e:370:7342 -s 2001:db8:85a3:8d3:1319:8a2e:370:7341 -j ACCEPT
++### tuple ### allow tcp 13 2001:db8:85a3:8d3:1319:8a2e:370:7342 35:39 2001:db8:85a3:8d3:1319:8a2e:370:7341 in
++-A ufw6-user-input -p tcp -m multiport --dports 13 -m multiport --sports 35:39 -d 2001:db8:85a3:8d3:1319:8a2e:370:7342 -s 2001:db8:85a3:8d3:1319:8a2e:370:7341 -j ACCEPT
+
+-239: delete allow from 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 to 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 22 proto tcp
++239: delete allow from 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 to 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 13 proto tcp
+ WARN: Checks disabled
+ Rules updated (v6)
+
+
+-240: allow to any port 23,21,15:19,22 from any port 24:26 proto udp
++240: allow to any port 23,21,15:19,13 from any port 24:26 proto udp
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+
+
+-### tuple ### allow udp 15:19,21,22,23 0.0.0.0/0 24:26 0.0.0.0/0 in
+--A ufw-user-input -p udp -m multiport --dports 15:19,21,22,23 -m multiport --sports 24:26 -j ACCEPT
++### tuple ### allow udp 13,15:19,21,23 0.0.0.0/0 24:26 0.0.0.0/0 in
++-A ufw-user-input -p udp -m multiport --dports 13,15:19,21,23 -m multiport --sports 24:26 -j ACCEPT
+
+-### tuple ### allow udp 15:19,21,22,23 ::/0 24:26 ::/0 in
+--A ufw6-user-input -p udp -m multiport --dports 15:19,21,22,23 -m multiport --sports 24:26 -j ACCEPT
++### tuple ### allow udp 13,15:19,21,23 ::/0 24:26 ::/0 in
++-A ufw6-user-input -p udp -m multiport --dports 13,15:19,21,23 -m multiport --sports 24:26 -j ACCEPT
+
+-241: delete allow to any port 23,21,15:19,22 from any port 24:26 proto udp
++241: delete allow to any port 23,21,15:19,13 from any port 24:26 proto udp
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+
+
+-242: allow 23,21,15:19,22/udp
++242: allow 23,21,15:19,13/udp
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+
+
+-### tuple ### allow udp 15:19,21,22,23 0.0.0.0/0 any 0.0.0.0/0 in
+--A ufw-user-input -p udp -m multiport --dports 15:19,21,22,23 -j ACCEPT
++### tuple ### allow udp 13,15:19,21,23 0.0.0.0/0 any 0.0.0.0/0 in
++-A ufw-user-input -p udp -m multiport --dports 13,15:19,21,23 -j ACCEPT
+
+-### tuple ### allow udp 15:19,21,22,23 ::/0 any ::/0 in
+--A ufw6-user-input -p udp -m multiport --dports 15:19,21,22,23 -j ACCEPT
++### tuple ### allow udp 13,15:19,21,23 ::/0 any ::/0 in
++-A ufw6-user-input -p udp -m multiport --dports 13,15:19,21,23 -j ACCEPT
+
+-243: delete allow 23,21,15:19,22/udp
++243: delete allow 23,21,15:19,13/udp
+ WARN: Checks disabled
+ Rules updated
+ Rules updated (v6)
+diff --git a/tests/root/valid6/runtest.sh b/tests/root/valid6/runtest.sh
+index 1695dd1..d08e6f3 100755
+--- a/tests/root/valid6/runtest.sh
++++ b/tests/root/valid6/runtest.sh
+@@ -154,13 +154,13 @@ do_cmd "0" allow to any port smtp from any port smtp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+ do_cmd "0" delete allow to any port smtp from any port smtp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port smtp from any port ssh
++do_cmd "0" allow to any port smtp from any port daytime
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port smtp from any port ssh
++do_cmd "0" delete allow to any port smtp from any port daytime
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port ssh from any port smtp
++do_cmd "0" allow to any port daytime from any port smtp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port ssh from any port smtp
++do_cmd "0" delete allow to any port daytime from any port smtp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+ do_cmd "0" allow to any port smtp from any port 23
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+@@ -174,13 +174,13 @@ do_cmd "0" allow to any port tftp from any port tftp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+ do_cmd "0" delete allow to any port tftp from any port tftp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port tftp from any port ssh
++do_cmd "0" allow to any port tftp from any port daytime
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port tftp from any port ssh
++do_cmd "0" delete allow to any port tftp from any port daytime
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port ssh from any port tftp
++do_cmd "0" allow to any port daytime from any port tftp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port ssh from any port tftp
++do_cmd "0" delete allow to any port daytime from any port tftp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+ do_cmd "0" allow to any port tftp from any port 23
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+@@ -190,30 +190,30 @@ do_cmd "0" allow to any port 23 from any port tftp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+ do_cmd "0" delete allow to any port 23 from any port tftp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port ssh from any port 23
++do_cmd "0" allow to any port daytime from any port 23
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port ssh from any port 23
++do_cmd "0" delete allow to any port daytime from any port 23
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port 23 from any port ssh
++do_cmd "0" allow to any port 23 from any port daytime
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port 23 from any port ssh
++do_cmd "0" delete allow to any port 23 from any port daytime
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port ssh from any port domain
++do_cmd "0" allow to any port daytime from any port domain
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port ssh from any port domain
++do_cmd "0" delete allow to any port daytime from any port domain
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+
+ do_cmd "0" allow to any port smtp from any port smtp proto tcp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+ do_cmd "0" delete allow to any port smtp from any port smtp proto tcp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port smtp from any port ssh proto tcp
++do_cmd "0" allow to any port smtp from any port daytime proto tcp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port smtp from any port ssh proto tcp
++do_cmd "0" delete allow to any port smtp from any port daytime proto tcp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port ssh from any port smtp proto tcp
++do_cmd "0" allow to any port daytime from any port smtp proto tcp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port ssh from any port smtp proto tcp
++do_cmd "0" delete allow to any port daytime from any port smtp proto tcp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+ do_cmd "0" allow to any port smtp from any port 23 proto tcp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+@@ -227,13 +227,13 @@ do_cmd "0" allow to any port tftp from any port tftp proto udp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+ do_cmd "0" delete allow to any port tftp from any port tftp proto udp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port tftp from any port ssh proto udp
++do_cmd "0" allow to any port tftp from any port daytime proto udp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port tftp from any port ssh proto udp
++do_cmd "0" delete allow to any port tftp from any port daytime proto udp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port ssh from any port tftp proto udp
++do_cmd "0" allow to any port daytime from any port tftp proto udp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port ssh from any port tftp proto udp
++do_cmd "0" delete allow to any port daytime from any port tftp proto udp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+ do_cmd "0" allow to any port tftp from any port 23 proto udp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+@@ -243,29 +243,29 @@ do_cmd "0" allow to any port 23 from any port tftp proto udp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+ do_cmd "0" delete allow to any port 23 from any port tftp proto udp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port ssh from any port 23 proto tcp
++do_cmd "0" allow to any port daytime from any port 23 proto tcp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port ssh from any port 23 proto tcp
++do_cmd "0" delete allow to any port daytime from any port 23 proto tcp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port 23 from any port ssh proto tcp
++do_cmd "0" allow to any port 23 from any port daytime proto tcp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port 23 from any port ssh proto tcp
++do_cmd "0" delete allow to any port 23 from any port daytime proto tcp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port ssh from any port domain proto tcp
++do_cmd "0" allow to any port daytime from any port domain proto tcp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port ssh from any port domain proto tcp
++do_cmd "0" delete allow to any port daytime from any port domain proto tcp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port ssh from any port 23 proto udp
++do_cmd "0" allow to any port daytime from any port 23 proto udp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port ssh from any port 23 proto udp
++do_cmd "0" delete allow to any port daytime from any port 23 proto udp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port 23 from any port ssh proto udp
++do_cmd "0" allow to any port 23 from any port daytime proto udp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port 23 from any port ssh proto udp
++do_cmd "0" delete allow to any port 23 from any port daytime proto udp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port ssh from any port domain proto udp
++do_cmd "0" allow to any port daytime from any port domain proto udp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port ssh from any port domain proto udp
++do_cmd "0" delete allow to any port daytime from any port domain proto udp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+
+ echo "TESTING NETMASK" >> $TESTTMP/result
+@@ -303,24 +303,24 @@ do_cmd "0" allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 80:83 proto tcp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+ do_cmd "0" delete allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 80:83 proto tcp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 80:83,22 proto tcp
++do_cmd "0" allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 80:83,13 proto tcp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 80:83,22 proto tcp
++do_cmd "0" delete allow to 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 80:83,13 proto tcp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" allow from 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 to 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 22 proto tcp
++do_cmd "0" allow from 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 to 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 13 proto tcp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" delete allow from 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 to 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 22 proto tcp
++do_cmd "0" delete allow from 2001:db8:85a3:8d3:1319:8a2e:370:7341 port 35:39 to 2001:db8:85a3:8d3:1319:8a2e:370:7342 port 13 proto tcp
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" allow to any port 23,21,15:19,22 from any port 24:26 proto udp
++do_cmd "0" allow to any port 23,21,15:19,13 from any port 24:26 proto udp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" delete allow to any port 23,21,15:19,22 from any port 24:26 proto udp
++do_cmd "0" delete allow to any port 23,21,15:19,13 from any port 24:26 proto udp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" allow 23,21,15:19,22/udp
++do_cmd "0" allow 23,21,15:19,13/udp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+-do_cmd "0" delete allow 23,21,15:19,22/udp
++do_cmd "0" delete allow 23,21,15:19,13/udp
+ grep -A2 "tuple" $TESTSTATE/user.rules >> $TESTTMP/result
+ grep -A2 "tuple" $TESTSTATE/user6.rules >> $TESTTMP/result
+
diff --git a/meta-networking/recipes-connectivity/ufw/ufw/0010-empty-out-IPT_MODULES-and-update-documentation.patch b/meta-networking/recipes-connectivity/ufw/ufw/0010-empty-out-IPT_MODULES-and-update-documentation.patch
new file mode 100644
index 0000000000..f9c387a451
--- /dev/null
+++ b/meta-networking/recipes-connectivity/ufw/ufw/0010-empty-out-IPT_MODULES-and-update-documentation.patch
@@ -0,0 +1,106 @@
+empty our IPT_MODULES and update documentation
+
+empty out IPT_MODULES and update documentation regarding modern use of
+connection tracking modules.
+
+Patch from git://git.launchpad.net/ufw
+Commit aefb842b73726c245157096fb8992c3e82833147
+
+Written by Jamie Strandboge <jamie@ubuntu.com>
+
+Merged patch so they applied to 0.33 with missing code. Unit tests are not
+in this version.
+
+Upstream-Status: Backport
+Signed-off-by: Jate Sujjavanich <jatedev@gmail.com>
+
+
+diff --git a/conf/ufw.defaults b/conf/ufw.defaults
+index 330ad88..b3eba8f 100644
+--- a/conf/ufw.defaults
++++ b/conf/ufw.defaults
+@@ -34,12 +34,13 @@ MANAGE_BUILTINS=no
+ # only enable if using iptables backend
+ IPT_SYSCTL=#CONFIG_PREFIX#/ufw/sysctl.conf
+
+-# Extra connection tracking modules to load. Complete list can be found in
+-# net/netfilter/Kconfig of your kernel source. Some common modules:
++# Extra connection tracking modules to load. IPT_MODULES should typically be
++# empty for new installations and modules added only as needed. See
++# 'CONNECTION HELPERS' from 'man ufw-framework' for details. Complete list can
++# be found in net/netfilter/Kconfig of your kernel source. Some common modules:
+ # nf_conntrack_irc, nf_nat_irc: DCC (Direct Client to Client) support
+ # nf_conntrack_netbios_ns: NetBIOS (samba) client support
+ # nf_conntrack_pptp, nf_nat_pptp: PPTP over stateful firewall/NAT
+ # nf_conntrack_ftp, nf_nat_ftp: active FTP support
+ # nf_conntrack_tftp, nf_nat_tftp: TFTP support (server side)
+-IPT_MODULES="nf_conntrack_ftp nf_nat_ftp nf_conntrack_netbios_ns"
+-
++IPT_MODULES=""
+
+diff --git a/doc/ufw-framework.8 b/doc/ufw-framework.8
+index eef28e1..97dc8c5 100644
+--- a/doc/ufw-framework.8
++++ b/doc/ufw-framework.8
+@@ -115,5 +115,10 @@ IPT_MODULES in #CONFIG_PREFIX#/default/ufw. Some popular modules to load are:
+ nf_conntrack_tftp
+ nf_nat_tftp
++.PP
++Unconditional loading of connection tracking modules (nf_conntrack_*) in this
++manner is deprecated. \fBufw\fR continues to support the functionality but new
++configuration should only contain the specific modules required for the site.
++For more information, see CONNECTION HELPERS.
+
+ .SH "KERNEL PARAMETERS"
+ .PP
+@@ 240,5 +245,50 @@ Add the necessary \fBufw\fR rules:
+ # ufw allow in on eth1 from 10.0.0.100 to any port 22 proto tcp
+
++.SH "CONNECTION HELPERS"
++.PP
++Various protocols require the use of netfilter connection tracking helpers to
++group related packets into RELATED flows to make rulesets clearer and more
++precise. For example, with a couple of kernel modules and a couple of rules, a
++ruleset could simply allow a connection to FTP port 21, then the kernel would
++examine the traffic and mark the other FTP data packets as RELATED to the
++initial connection.
++.PP
++When the helpers were first introduced, one could only configure the modules as
++part of module load (eg, if your FTP server listened on a different port than
++21, you'd have to load the nf_conntrack_ftp module specifying the correct
++port). Over time it was understood that unconditionally using connection
++helpers could lead to abuse, in part because some protocols allow user
++specified data that would allow traversing the firewall in undesired ways. As
++of kernel 4.7, automatic conntrack helper assignment (ie, handling packets for
++a given port and all IP addresses) is disabled (the old behavior can be
++restored by setting net/netfilter/nf_conntrack_helper=1 in
++#CONFIG_PREFIX#/ufw/sysctl.conf). Firewalls should now instead use the CT
++target to associate traffic with a particular helper and then set RELATED rules
++to use the helper. This allows sites to tailor the use of helpers and help
++avoid abuse.
++.PP
++In general, to use helpers securely, the following needs to happen:
++.IP 1.
++net/netfilter/nf_conntrack_helper should be set to 0 (default)
++.IP 2.
++create a rule for the start of a connection (eg for FTP, port 21)
++.IP 3.
++create a helper rule to associate the helper with this connection
++.IP 4.
++create a helper rule to associate a RELATED flow with this connection
++.IP 5.
++if needed, add the corresponding nf_conntrack_* module to IPT_MODULES
++.IP 6.
++optionally add the corresponding nf_nat_* module to IPT_MODULES
++.PP
++In general it is desirable to make connection helper rules as specific as
++possible and ensure anti\-spoofing is correctly setup for your site to avoid
++security issues in your ruleset. For more information, see ANTI\-SPOOFING,
++above, and <https://home.regit.org/netfilter-en/secure-use-of-helpers/>.
++.PP
++Currently helper rules must be managed in via the RULES FILES. A future version
++of \fBufw\fR will introduce syntax for working with helper rules.
++
+ .SH SEE ALSO
+ .PP
+ \fBufw\fR(8), \fBiptables\fR(8), \fBip6tables\fR(8), \fBiptables\-restore\fR(8), \fBip6tables\-restore\fR(8), \fBsysctl\fR(8), \fBsysctl.conf\fR(5)
diff --git a/meta-networking/recipes-connectivity/ufw/ufw/0011-tests-check-requirements--simplify-and-support-python-3.8.patch b/meta-networking/recipes-connectivity/ufw/ufw/0011-tests-check-requirements--simplify-and-support-python-3.8.patch
new file mode 100644
index 0000000000..ea48c83b84
--- /dev/null
+++ b/meta-networking/recipes-connectivity/ufw/ufw/0011-tests-check-requirements--simplify-and-support-python-3.8.patch
@@ -0,0 +1,33 @@
+tests/check-requirements: simplify and support python 3.8
+
+Written by: Jamie Strandboge <jamie@ubuntu.com>
+
+The patch was imported from git://git.launchpad.net/ufw
+commit id e30f8bc2aeb317d152e74a270a8e1336de06cee6
+
+Upstream-Status: Backport
+
+Signed-off-by: Jate Sujjavanich <jatedev@gmail.com>
+
+diff --git a/tests/check-requirements b/tests/check-requirements
+index e873703..82fab08 100755
+--- a/tests/check-requirements
++++ b/tests/check-requirements
+@@ -45,7 +45,7 @@ runcmd() {
+ # check python
+ found_python="no"
+ echo -n "Has python: "
+-for exe in python2.7 python2.6 python2.5 python3.2 python; do
++for exe in python3 python2 python; do
+ if ! which $exe >/dev/null 2>&1; then
+ continue
+ fi
+@@ -54,7 +54,7 @@ for exe in python2.7 python2.6 python2.5 python3.2 python; do
+ echo "pass (binary: $exe, version: $v, py2)"
+ found_python="yes"
+ break
+- elif echo "$v" | grep -q "^3.[2]"; then
++ elif echo "$v" | grep -q "^3.[2-8]"; then
+ echo "pass (binary: $exe, version: $v, py3)"
+ found_python="yes"
+ break
diff --git a/meta-networking/recipes-connectivity/ufw/ufw/Add-code-to-detect-openembedded-python-interpreter.patch b/meta-networking/recipes-connectivity/ufw/ufw/Add-code-to-detect-openembedded-python-interpreter.patch
new file mode 100644
index 0000000000..85d51ca21f
--- /dev/null
+++ b/meta-networking/recipes-connectivity/ufw/ufw/Add-code-to-detect-openembedded-python-interpreter.patch
@@ -0,0 +1,33 @@
+Add code to detect openembedded python interpreter
+
+OE does not use /usr/bin/env as part of the interpreter, so it does not
+update ufw with the interpreter name.
+
+Upstream-Status: Inappropriate (Embedded)
+Signed-off-by: Jate Sujjavanich <jatedev@gmail.com>
+---
+ setup.py | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/setup.py b/setup.py
+index 75c1105..3f9a5e0 100644
+--- a/setup.py
++++ b/setup.py
+@@ -128,6 +128,14 @@ class Install(_install, object):
+ "-i.jjm",
+ "1s%^#.*python.*%#! " + sys.executable + "%g",
+ 'staging/ufw'])
++ elif '-native/python' in sys.executable and \
++ os.path.basename(sys.executable) in ['python', 'python3']:
++ print("Detected oe native python " + os.path.basename(sys.executable))
++ subprocess.call(["sed",
++ "-i.jjm",
++ "1s%python$%"
++ + os.path.basename(sys.executable) + "%g",
++ 'staging/ufw'])
+
+ self.copy_file('staging/ufw', script)
+ self.copy_file('doc/ufw.8', manpage)
+--
+2.7.4
+
diff --git a/meta-networking/recipes-connectivity/ufw/ufw/setup-only-make-one-reference-to-env.patch b/meta-networking/recipes-connectivity/ufw/ufw/setup-only-make-one-reference-to-env.patch
index ff704b5a46..f487a6fd6c 100644
--- a/meta-networking/recipes-connectivity/ufw/ufw/setup-only-make-one-reference-to-env.patch
+++ b/meta-networking/recipes-connectivity/ufw/ufw/setup-only-make-one-reference-to-env.patch
@@ -14,6 +14,10 @@ detected or specified on the build line.
Upstream-Status: Inappropriate [ embedded specific ]
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
+
+Added conditional to handle sys.executable without env on python3
+
+Signed-off-by Jate Sujjavanich <jatedev@gmail.com>
---
setup.py | 34 ++++++++++++++++++++++++++++------
1 file changed, 28 insertions(+), 6 deletions(-)
@@ -43,7 +47,7 @@ index b13d11c..73acdef 100644
# Now byte-compile everything
super(Install, self).run()
-@@ -107,12 +112,23 @@ class Install(_install, object):
+@@ -107,12 +112,29 @@ class Install(_install, object):
for f in [ script, manpage, manpage_f ]:
self.mkpath(os.path.dirname(f))
@@ -62,7 +66,13 @@ index b13d11c..73acdef 100644
- 'staging/ufw'])
+ print("Updating staging/ufw to use (%s)" % (sys.executable))
+
-+ if re.search("(/usr/bin/env)", sys.executable):
++ if not re.search("(/usr/bin/env)", sys.executable):
++ print("Did not find 'env' in sys.executable (%s)" % (sys.executable))
++ subprocess.call(["sed",
++ "-i",
++ "1s%^#.*python.*%#! /usr/bin/env " + sys.executable + "%g",
++ 'staging/ufw'])
++ elif re.search("(/usr/bin/env)", sys.executable):
+ print("found 'env' in sys.executable (%s)" % (sys.executable))
+ subprocess.call(["sed",
+ "-i.jjm",
diff --git a/meta-networking/recipes-connectivity/ufw/ufw_0.33.bb b/meta-networking/recipes-connectivity/ufw/ufw_0.33.bb
index 42fc262589..856270cd5c 100644
--- a/meta-networking/recipes-connectivity/ufw/ufw_0.33.bb
+++ b/meta-networking/recipes-connectivity/ufw/ufw_0.33.bb
@@ -16,6 +16,13 @@ SRC_URI = " \
file://0003-fix-typeerror-on-error.patch \
file://0004-lp1039729.patch \
file://0005-lp1191197.patch \
+ file://0006-check-requirements-get-error.patch \
+ file://0007-use-conntrack-instead-of-state-module.patch \
+ file://0008-support-.-setup.py-build-LP-819600.patch \
+ file://0009-adjust-runtime-tests-to-use-daytime-port.patch \
+ file://0010-empty-out-IPT_MODULES-and-update-documentation.patch \
+ file://0011-tests-check-requirements--simplify-and-support-python-3.8.patch \
+ file://Add-code-to-detect-openembedded-python-interpreter.patch \
"
UPSTREAM_CHECK_URI = "https://launchpad.net/ufw"
@@ -25,6 +32,17 @@ SRC_URI[sha256sum] = "5f85a8084ad3539b547bec097286948233188c971f498890316dec170b
inherit setuptools3 features_check
+do_install_append() {
+ install -d ${D}${datadir}/${PN}/test
+ cp -R --no-dereference --preserve=mode,links -v ${S}/* ${D}${datadir}/${PN}/test
+}
+PACKAGES =+ "${PN}-test"
+RDEPENDS_${PN}-test += "bash"
+FILES_${PN}-test += "${datadir}/${PN}/test"
+
+# To test, install ufw-test package. You can enter /usr/share/ufw/test and run as root:
+# PYTHONPATH=tests/testarea/lib/python ./run_tests.sh -s -i python3 root
+
RDEPENDS_${PN} = " \
iptables \
python3 \
@@ -33,14 +51,35 @@ RDEPENDS_${PN} = " \
RRECOMMENDS_${PN} = " \
kernel-module-ipv6 \
- kernel-module-nf-conntrack-ipv6 \
+ kernel-module-ipt-reject \
+ kernel-module-iptable-mangle \
+ kernel-module-iptable-raw \
+ kernel-module-ip6table-raw \
+ kernel-module-ip6t-reject \
+ kernel-module-ip6t-rt \
+ kernel-module-ip6table-mangle \
+ kernel-module-nf-conntrack \
kernel-module-nf-log-common \
+ kernel-module-nf-conntrack-broadcast \
+ kernel-module-nf-conntrack-ftp \
+ kernel-module-nf-conntrack-netbios-ns \
+ kernel-module-nf-log-ipv4 \
+ kernel-module-nf-log-ipv6 \
kernel-module-nf-log-ipv4 \
kernel-module-nf-log-ipv6 \
- kernel-module-nf-addrtype \
- kernel-module-nf-limit \
- kernel-module-nf-log \
- kernel-module-nf-recent \
+ kernel-module-nf-nat-ftp \
+ kernel-module-xt-addrtype \
+ kernel-module-xt-comment \
+ kernel-module-xt-conntrack \
+ kernel-module-xt-hashlimit \
+ kernel-module-xt-hl \
+ kernel-module-xt-multiport \
+ kernel-module-xt-ratetest \
+ kernel-module-xt-socket \
+ kernel-module-xt-tcpudp \
+ kernel-module-xt-limit \
+ kernel-module-xt-log \
+ kernel-module-xt-recent \
"
# Certain items are explicitly put under /lib, not base_libdir when installed.
--
2.25.1
^ permalink raw reply related [flat|nested] 16+ messages in thread
end of thread, other threads:[~2021-07-25 4:52 UTC | newest]
Thread overview: 16+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-07-25 4:52 [dunfell 00/15] Patch review July 24th Armin Kuster
2021-07-25 4:52 ` [dunfell 01/15] vboxguestdrivers: upgrade 6.1.6 -> 6.1.12 Armin Kuster
2021-07-25 4:52 ` [dunfell 02/15] vboxguestdrivers: fix failed to compile with kernel 5.8.0 Armin Kuster
2021-07-25 4:52 ` [dunfell 03/15] vboxguestdrivers: Fix build with kernel 5.8 Armin Kuster
2021-07-25 4:52 ` [dunfell 04/15] vboxguestdrivers: upgrade 6.1.12 -> 6.1.14 Drop kernel 5.8 compatibility patch, now part of upstream codebase Armin Kuster
2021-07-25 4:52 ` [dunfell 05/15] vboxguestdrivers: upgrade 6.1.14 -> 6.1.16 Armin Kuster
2021-07-25 4:52 ` [dunfell 06/15] vboxguestdrivers: fix build against kernel v5.10+ Armin Kuster
2021-07-25 4:52 ` [dunfell 07/15] vboxguestdrivers: upgrade 6.1.16 -> 6.1.18 Armin Kuster
2021-07-25 4:52 ` [dunfell 08/15] vboxguestdrivers: Add patch proposed upstream to fix a build failure on i386 Armin Kuster
2021-07-25 4:52 ` [dunfell 09/15] vboxguestdrivers: Add __divmoddi4 builtin support Armin Kuster
2021-07-25 4:52 ` [dunfell 10/15] vboxguestdrivers: upgrade 6.1.18 -> 6.1.20 Armin Kuster
2021-07-25 4:52 ` [dunfell 11/15] vboxguestdrivers: upgrade 6.1.20 -> 6.1.22 Armin Kuster
2021-07-25 4:52 ` [dunfell 12/15] vboxguestdrivers: add a fix for build failure with kernel 5.13 Armin Kuster
2021-07-25 4:52 ` [dunfell 13/15] mariadb: update to 10.4.20 Armin Kuster
2021-07-25 4:52 ` [dunfell 14/15] hiawatha: fix url Armin Kuster
2021-07-25 4:52 ` [dunfell 15/15] ufw: backport patches, update RRECOMMENDS, python3 support, tests Armin Kuster
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.