fedora27-iptables 5.96 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
# Completed on Sat Feb 17 10:50:33 2018
# Generated by iptables-save v1.6.1 on Sat Feb 17 10:50:33 2018
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
:POSTROUTING_direct - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_ZONES_SOURCE - [0:0]
:PREROUTING_direct - [0:0]
:PRE_FedoraWorkstation - [0:0]
:PRE_FedoraWorkstation_allow - [0:0]
:PRE_FedoraWorkstation_deny - [0:0]
:PRE_FedoraWorkstation_log - [0:0]
[1:2] -A PREROUTING -j PREROUTING_direct
[3:4] -A PREROUTING -j PREROUTING_ZONES_SOURCE
[0:0] -A PREROUTING -j PREROUTING_ZONES
[0:0] -A INPUT -j INPUT_direct
[0:0] -A FORWARD -j FORWARD_direct
[0:0] -A OUTPUT -j OUTPUT_direct
[0:0] -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
[0:0] -A POSTROUTING -j POSTROUTING_direct
[0:0] -A PREROUTING_ZONES -i wlp58s0 -g PRE_FedoraWorkstation
[0:0] -A PREROUTING_ZONES -g PRE_FedoraWorkstation
[0:0] -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_log
[0:0] -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_deny
[0:0] -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_allow
COMMIT
# Completed on Sat Feb 17 10:50:33 2018
# Generated by iptables-save v1.6.1 on Sat Feb 17 10:50:33 2018
*raw
:PREROUTING ACCEPT [1681:2620433]
:OUTPUT ACCEPT [1619:171281]
:OUTPUT_direct - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_ZONES_SOURCE - [0:0]
:PREROUTING_direct - [0:0]
:PRE_FedoraWorkstation - [0:0]
:PRE_FedoraWorkstation_allow - [0:0]
:PRE_FedoraWorkstation_deny - [0:0]
:PRE_FedoraWorkstation_log - [0:0]
[0:0] -A PREROUTING -j PREROUTING_direct
[0:0] -A PREROUTING -j PREROUTING_ZONES_SOURCE
[0:0] -A PREROUTING -j PREROUTING_ZONES
[0:0] -A OUTPUT -j OUTPUT_direct
[0:0] -A PREROUTING_ZONES -i wlp58s0 -g PRE_FedoraWorkstation
[0:0] -A PREROUTING_ZONES -g PRE_FedoraWorkstation
[0:0] -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_log
[0:0] -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_deny
[0:0] -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_allow
[0:0] -A PRE_FedoraWorkstation_allow -p udp -m udp --dport 137 -j CT --helper netbios-ns
COMMIT
# Completed on Sat Feb 17 10:50:33 2018
# Generated by iptables-save v1.6.1 on Sat Feb 17 10:50:33 2018
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1619:171281]
:FORWARD_IN_ZONES - [0:0]
:FORWARD_IN_ZONES_SOURCE - [0:0]
:FORWARD_OUT_ZONES - [0:0]
:FORWARD_OUT_ZONES_SOURCE - [0:0]
:FORWARD_direct - [0:0]
:FWDI_FedoraWorkstation - [0:0]
:FWDI_FedoraWorkstation_allow - [0:0]
:FWDI_FedoraWorkstation_deny - [0:0]
:FWDI_FedoraWorkstation_log - [0:0]
:FWDO_FedoraWorkstation - [0:0]
:FWDO_FedoraWorkstation_allow - [0:0]
:FWDO_FedoraWorkstation_deny - [0:0]
:FWDO_FedoraWorkstation_log - [0:0]
:INPUT_ZONES - [0:0]
:INPUT_ZONES_SOURCE - [0:0]
:INPUT_direct - [0:0]
:IN_FedoraWorkstation - [0:0]
:IN_FedoraWorkstation_allow - [0:0]
:IN_FedoraWorkstation_deny - [0:0]
:IN_FedoraWorkstation_log - [0:0]
:OUTPUT_direct - [0:0]
[5:6] -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
[0:123456789] -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
[0:0] -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
[0:0] -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
[0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[0:0] -A INPUT -i lo -j ACCEPT
[0:0] -A INPUT -j INPUT_direct
[0:0] -A INPUT -j INPUT_ZONES_SOURCE
[0:0] -A INPUT -j INPUT_ZONES
[0:0] -A INPUT -m conntrack --ctstate INVALID -j DROP
[0:0] -A INPUT -j REJECT --reject-with icmp-host-prohibited
[0:0] -A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[0:0] -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
[0:0] -A FORWARD -i virbr0 -o virbr0 -j ACCEPT
[0:0] -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
[0:0] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[0:0] -A FORWARD -i lo -j ACCEPT
[0:0] -A FORWARD -j FORWARD_direct
[0:0] -A FORWARD -j FORWARD_IN_ZONES_SOURCE
[0:0] -A FORWARD -j FORWARD_IN_ZONES
[0:0] -A FORWARD -j FORWARD_OUT_ZONES_SOURCE
[0:0] -A FORWARD -j FORWARD_OUT_ZONES
[0:0] -A FORWARD -m conntrack --ctstate INVALID -j DROP
[0:0] -A FORWARD -j REJECT --reject-with icmp-host-prohibited
[0:0] -A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
[0:0] -A OUTPUT -j OUTPUT_direct
[0:0] -A FORWARD_IN_ZONES -i wlp58s0 -g FWDI_FedoraWorkstation
[0:0] -A FORWARD_IN_ZONES -g FWDI_FedoraWorkstation
[0:0] -A FORWARD_OUT_ZONES -o wlp58s0 -g FWDO_FedoraWorkstation
[0:0] -A FORWARD_OUT_ZONES -g FWDO_FedoraWorkstation
[0:0] -A FWDI_FedoraWorkstation -j FWDI_FedoraWorkstation_log
[0:0] -A FWDI_FedoraWorkstation -j FWDI_FedoraWorkstation_deny
[0:0] -A FWDI_FedoraWorkstation -j FWDI_FedoraWorkstation_allow
[0:0] -A FWDI_FedoraWorkstation -p icmp -j ACCEPT
[0:0] -A FWDO_FedoraWorkstation -j FWDO_FedoraWorkstation_log
[0:0] -A FWDO_FedoraWorkstation -j FWDO_FedoraWorkstation_deny
[0:0] -A FWDO_FedoraWorkstation -j FWDO_FedoraWorkstation_allow
[0:0] -A INPUT_ZONES -i wlp58s0 -g IN_FedoraWorkstation
[0:0] -A INPUT_ZONES -g IN_FedoraWorkstation
[0:0] -A IN_FedoraWorkstation -j IN_FedoraWorkstation_log
[0:0] -A IN_FedoraWorkstation -j IN_FedoraWorkstation_deny
[0:0] -A IN_FedoraWorkstation -j IN_FedoraWorkstation_allow
[0:0] -A IN_FedoraWorkstation -p icmp -j ACCEPT
[0:0] -A IN_FedoraWorkstation_allow -p udp -m udp --dport 137 -m conntrack --ctstate NEW -j ACCEPT
[0:0] -A IN_FedoraWorkstation_allow -p udp -m udp --dport 138 -m conntrack --ctstate NEW -j ACCEPT
[0:0] -A IN_FedoraWorkstation_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
[0:0] -A IN_FedoraWorkstation_allow -d 224.0.0.251/32 -p udp -m udp --dport 5353 -m conntrack --ctstate NEW -j ACCEPT
[0:0] -A IN_FedoraWorkstation_allow -p udp -m udp --dport 1025:65535 -m conntrack --ctstate NEW -j ACCEPT
[7:8] -A IN_FedoraWorkstation_allow -p tcp -m tcp --dport 1025:65535 -m conntrack --ctstate NEW -j ACCEPT
COMMIT
# Completed on Sat Feb 17 10:50:33 2018