| # Completed on Sat Feb 17 10:50:33 2018 |
| # Generated by iptables-save v1.6.1 on Sat Feb 17 10:50:33 2018 |
| *mangle |
| :PREROUTING ACCEPT [0:0] |
| :INPUT ACCEPT [0:0] |
| :FORWARD ACCEPT [0:0] |
| :OUTPUT ACCEPT [0:0] |
| :POSTROUTING ACCEPT [0:0] |
| :FORWARD_direct - [0:0] |
| :INPUT_direct - [0:0] |
| :OUTPUT_direct - [0:0] |
| :POSTROUTING_direct - [0:0] |
| :PREROUTING_ZONES - [0:0] |
| :PREROUTING_ZONES_SOURCE - [0:0] |
| :PREROUTING_direct - [0:0] |
| :PRE_FedoraWorkstation - [0:0] |
| :PRE_FedoraWorkstation_allow - [0:0] |
| :PRE_FedoraWorkstation_deny - [0:0] |
| :PRE_FedoraWorkstation_log - [0:0] |
| [1:2] -A PREROUTING -j PREROUTING_direct |
| [3:4] -A PREROUTING -j PREROUTING_ZONES_SOURCE |
| [0:0] -A PREROUTING -j PREROUTING_ZONES |
| [0:0] -A INPUT -j INPUT_direct |
| [0:0] -A FORWARD -j FORWARD_direct |
| [0:0] -A OUTPUT -j OUTPUT_direct |
| [0:0] -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill |
| [0:0] -A POSTROUTING -j POSTROUTING_direct |
| [0:0] -A PREROUTING_ZONES -i wlp58s0 -g PRE_FedoraWorkstation |
| [0:0] -A PREROUTING_ZONES -g PRE_FedoraWorkstation |
| [0:0] -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_log |
| [0:0] -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_deny |
| [0:0] -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_allow |
| COMMIT |
| # Completed on Sat Feb 17 10:50:33 2018 |
| # Generated by iptables-save v1.6.1 on Sat Feb 17 10:50:33 2018 |
| *raw |
| :PREROUTING ACCEPT [1681:2620433] |
| :OUTPUT ACCEPT [1619:171281] |
| :OUTPUT_direct - [0:0] |
| :PREROUTING_ZONES - [0:0] |
| :PREROUTING_ZONES_SOURCE - [0:0] |
| :PREROUTING_direct - [0:0] |
| :PRE_FedoraWorkstation - [0:0] |
| :PRE_FedoraWorkstation_allow - [0:0] |
| :PRE_FedoraWorkstation_deny - [0:0] |
| :PRE_FedoraWorkstation_log - [0:0] |
| [0:0] -A PREROUTING -j PREROUTING_direct |
| [0:0] -A PREROUTING -j PREROUTING_ZONES_SOURCE |
| [0:0] -A PREROUTING -j PREROUTING_ZONES |
| [0:0] -A OUTPUT -j OUTPUT_direct |
| [0:0] -A PREROUTING_ZONES -i wlp58s0 -g PRE_FedoraWorkstation |
| [0:0] -A PREROUTING_ZONES -g PRE_FedoraWorkstation |
| [0:0] -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_log |
| [0:0] -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_deny |
| [0:0] -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_allow |
| [0:0] -A PRE_FedoraWorkstation_allow -p udp -m udp --dport 137 -j CT --helper netbios-ns |
| COMMIT |
| # Completed on Sat Feb 17 10:50:33 2018 |
| # Generated by iptables-save v1.6.1 on Sat Feb 17 10:50:33 2018 |
| *filter |
| :INPUT ACCEPT [0:0] |
| :FORWARD ACCEPT [0:0] |
| :OUTPUT ACCEPT [1619:171281] |
| :FORWARD_IN_ZONES - [0:0] |
| :FORWARD_IN_ZONES_SOURCE - [0:0] |
| :FORWARD_OUT_ZONES - [0:0] |
| :FORWARD_OUT_ZONES_SOURCE - [0:0] |
| :FORWARD_direct - [0:0] |
| :FWDI_FedoraWorkstation - [0:0] |
| :FWDI_FedoraWorkstation_allow - [0:0] |
| :FWDI_FedoraWorkstation_deny - [0:0] |
| :FWDI_FedoraWorkstation_log - [0:0] |
| :FWDO_FedoraWorkstation - [0:0] |
| :FWDO_FedoraWorkstation_allow - [0:0] |
| :FWDO_FedoraWorkstation_deny - [0:0] |
| :FWDO_FedoraWorkstation_log - [0:0] |
| :INPUT_ZONES - [0:0] |
| :INPUT_ZONES_SOURCE - [0:0] |
| :INPUT_direct - [0:0] |
| :IN_FedoraWorkstation - [0:0] |
| :IN_FedoraWorkstation_allow - [0:0] |
| :IN_FedoraWorkstation_deny - [0:0] |
| :IN_FedoraWorkstation_log - [0:0] |
| :OUTPUT_direct - [0:0] |
| [5:6] -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT |
| [0:123456789] -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT |
| [0:0] -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT |
| [0:0] -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT |
| [0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT |
| [0:0] -A INPUT -i lo -j ACCEPT |
| [0:0] -A INPUT -j INPUT_direct |
| [0:0] -A INPUT -j INPUT_ZONES_SOURCE |
| [0:0] -A INPUT -j INPUT_ZONES |
| [0:0] -A INPUT -m conntrack --ctstate INVALID -j DROP |
| [0:0] -A INPUT -j REJECT --reject-with icmp-host-prohibited |
| [0:0] -A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT |
| [0:0] -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT |
| [0:0] -A FORWARD -i virbr0 -o virbr0 -j ACCEPT |
| [0:0] -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable |
| [0:0] -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable |
| [0:0] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT |
| [0:0] -A FORWARD -i lo -j ACCEPT |
| [0:0] -A FORWARD -j FORWARD_direct |
| [0:0] -A FORWARD -j FORWARD_IN_ZONES_SOURCE |
| [0:0] -A FORWARD -j FORWARD_IN_ZONES |
| [0:0] -A FORWARD -j FORWARD_OUT_ZONES_SOURCE |
| [0:0] -A FORWARD -j FORWARD_OUT_ZONES |
| [0:0] -A FORWARD -m conntrack --ctstate INVALID -j DROP |
| [0:0] -A FORWARD -j REJECT --reject-with icmp-host-prohibited |
| [0:0] -A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT |
| [0:0] -A OUTPUT -j OUTPUT_direct |
| [0:0] -A FORWARD_IN_ZONES -i wlp58s0 -g FWDI_FedoraWorkstation |
| [0:0] -A FORWARD_IN_ZONES -g FWDI_FedoraWorkstation |
| [0:0] -A FORWARD_OUT_ZONES -o wlp58s0 -g FWDO_FedoraWorkstation |
| [0:0] -A FORWARD_OUT_ZONES -g FWDO_FedoraWorkstation |
| [0:0] -A FWDI_FedoraWorkstation -j FWDI_FedoraWorkstation_log |
| [0:0] -A FWDI_FedoraWorkstation -j FWDI_FedoraWorkstation_deny |
| [0:0] -A FWDI_FedoraWorkstation -j FWDI_FedoraWorkstation_allow |
| [0:0] -A FWDI_FedoraWorkstation -p icmp -j ACCEPT |
| [0:0] -A FWDO_FedoraWorkstation -j FWDO_FedoraWorkstation_log |
| [0:0] -A FWDO_FedoraWorkstation -j FWDO_FedoraWorkstation_deny |
| [0:0] -A FWDO_FedoraWorkstation -j FWDO_FedoraWorkstation_allow |
| [0:0] -A INPUT_ZONES -i wlp58s0 -g IN_FedoraWorkstation |
| [0:0] -A INPUT_ZONES -g IN_FedoraWorkstation |
| [0:0] -A IN_FedoraWorkstation -j IN_FedoraWorkstation_log |
| [0:0] -A IN_FedoraWorkstation -j IN_FedoraWorkstation_deny |
| [0:0] -A IN_FedoraWorkstation -j IN_FedoraWorkstation_allow |
| [0:0] -A IN_FedoraWorkstation -p icmp -j ACCEPT |
| [0:0] -A IN_FedoraWorkstation_allow -p udp -m udp --dport 137 -m conntrack --ctstate NEW -j ACCEPT |
| [0:0] -A IN_FedoraWorkstation_allow -p udp -m udp --dport 138 -m conntrack --ctstate NEW -j ACCEPT |
| [0:0] -A IN_FedoraWorkstation_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT |
| [0:0] -A IN_FedoraWorkstation_allow -d 224.0.0.251/32 -p udp -m udp --dport 5353 -m conntrack --ctstate NEW -j ACCEPT |
| [0:0] -A IN_FedoraWorkstation_allow -p udp -m udp --dport 1025:65535 -m conntrack --ctstate NEW -j ACCEPT |
| [7:8] -A IN_FedoraWorkstation_allow -p tcp -m tcp --dport 1025:65535 -m conntrack --ctstate NEW -j ACCEPT |
| COMMIT |
| # Completed on Sat Feb 17 10:50:33 2018 |