=== filter table ===
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    1    84 ACCEPT     0    --  eth0   *       10.4.0.0/16          10.3.0.1             policy match dir in pol ipsec reqid 1 proto 50
    1    84 ACCEPT     0    --  eth0   *       10.3.0.0/16          10.3.0.1             policy match dir in pol ipsec reqid 1 proto 50
    2   280 ACCEPT     50   --  eth0   *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     51   --  eth0   *       0.0.0.0/0            0.0.0.0/0           
    1   301 ACCEPT     17   --  eth0   *       0.0.0.0/0            0.0.0.0/0            udp spt:500 dpt:500
    2  2008 ACCEPT     17   --  eth0   *       0.0.0.0/0            0.0.0.0/0            udp spt:4500 dpt:4500
   53 13920 ACCEPT     6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
    4  1108 ACCEPT     6    --  eth0   *       192.168.0.150        0.0.0.0/0            tcp spt:80

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     0    --  eth0   *       10.4.0.0/16          10.3.0.1             policy match dir in pol ipsec reqid 1 proto 50
    0     0 ACCEPT     0    --  *      eth0    10.3.0.1             10.4.0.0/16          policy match dir out pol ipsec reqid 1 proto 50
    0     0 ACCEPT     0    --  eth0   *       10.3.0.0/16          10.3.0.1             policy match dir in pol ipsec reqid 1 proto 50
    0     0 ACCEPT     0    --  *      eth0    10.3.0.1             10.3.0.0/16          policy match dir out pol ipsec reqid 1 proto 50

Chain OUTPUT (policy DROP 2 packets, 134 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    1    84 ACCEPT     0    --  *      eth0    10.3.0.1             10.4.0.0/16          policy match dir out pol ipsec reqid 1 proto 50
    1    84 ACCEPT     0    --  *      eth0    10.3.0.1             10.3.0.0/16          policy match dir out pol ipsec reqid 1 proto 50
    2   280 ACCEPT     50   --  *      eth0    0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     51   --  *      eth0    0.0.0.0/0            0.0.0.0/0           
    1   268 ACCEPT     17   --  *      eth0    0.0.0.0/0            0.0.0.0/0            udp spt:500 dpt:500
    2  2072 ACCEPT     17   --  *      eth0    0.0.0.0/0            0.0.0.0/0            udp spt:4500 dpt:4500
   59 32312 ACCEPT     6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp spt:22
    6   391 ACCEPT     6    --  *      eth0    0.0.0.0/0            192.168.0.150        tcp dpt:80

=== nat table ===
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

=== mangle table ===
Chain PREROUTING (policy ACCEPT 317 packets, 91865 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 317 packets, 91865 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 352 packets, 79625 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 350 packets, 79491 bytes)
 pkts bytes target     prot opt in     out     source               destination