=== filter table ===
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    1   156 ACCEPT     50   --  eth0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     51   --  eth0   *       0.0.0.0/0            0.0.0.0/0           
    3  2181 ACCEPT     17   --  eth0   *       0.0.0.0/0            0.0.0.0/0            udp spt:500 dpt:500
    0     0 ACCEPT     17   --  eth0   *       0.0.0.0/0            0.0.0.0/0            udp spt:4500 dpt:4500
   30  7548 ACCEPT     6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
    4  1108 ACCEPT     6    --  eth0   *       192.168.0.150        0.0.0.0/0            tcp spt:80

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    1    84 ACCEPT     0    --  eth0   *       10.2.0.0/16          10.1.0.0/16          policy match dir in pol ipsec reqid 1 proto 50
    1    84 ACCEPT     0    --  *      eth0    10.1.0.0/16          10.2.0.0/16          policy match dir out pol ipsec reqid 1 proto 50

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    1   156 ACCEPT     50   --  *      eth0    0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     51   --  *      eth0    0.0.0.0/0            0.0.0.0/0           
    3  3000 ACCEPT     17   --  *      eth0    0.0.0.0/0            0.0.0.0/0            udp spt:500 dpt:500
    0     0 ACCEPT     17   --  *      eth0    0.0.0.0/0            0.0.0.0/0            udp spt:4500 dpt:4500
   36  7228 ACCEPT     6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp spt:22
    6   391 ACCEPT     6    --  *      eth0    0.0.0.0/0            192.168.0.150        tcp dpt:80

=== nat table ===
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

=== mangle table ===
Chain PREROUTING (policy ACCEPT 491 packets, 144K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 427 packets, 123K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 64 packets, 20922 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 475 packets, 120K bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 539 packets, 140K bytes)
 pkts bytes target     prot opt in     out     source               destination