0  D comment=special dummy rule to show fasttrack counters chain=forward action=passthrough 
 1    comment=defconf: accept established,related,untracked chain=input action=accept connection-state=established,related,untracked 
 2    comment=defconf: drop invalid chain=input action=drop connection-state=invalid 
 3    comment=defconf: accept ICMP chain=input action=accept protocol=icmp 
 4    comment=defconf: accept to local loopback (for CAPsMAN) chain=input action=accept dst-address=127.0.0.1 
 5    comment=defconf: drop all not coming from LAN chain=input action=drop in-interface-list=!LAN 
 6    comment=defconf: accept in ipsec policy chain=forward action=accept ipsec-policy=in,ipsec 
 7    comment=defconf: accept out ipsec policy chain=forward action=accept ipsec-policy=out,ipsec 
 8    comment=defconf: fasttrack chain=forward action=fasttrack-connection connection-state=established,related 
 9    comment=defconf: accept established,related, untracked chain=forward action=accept connection-state=established,related,untracked 
10    comment=defconf: drop invalid chain=forward action=drop connection-state=invalid 
11    comment=defconf: drop all from WAN not DSTNATed chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface-list=WAN