blob: 400be032fbd200b1057fde7fa0b770686038ee86 [file] [log] [blame] [edit]
<iptables-rules version="1.0">
<!-- # Completed on Sat Feb 17 10:50:33 2018 -->
<!-- # Generated by iptables*-save v1.6.1 on Sat Feb 17 10:50:33 2018 -->
<table name="mangle" >
<chain name="PREROUTING" policy="ACCEPT" packet-count="0" byte-count="0" >
<rule packet-count="1" byte-count="2" >
<actions>
<call >
<PREROUTING_direct />
</call>
</actions>
</rule>
<rule packet-count="3" byte-count="4" >
<actions>
<call >
<PREROUTING_ZONES_SOURCE />
</call>
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<actions>
<call >
<PREROUTING_ZONES />
</call>
</actions>
</rule>
</chain>
<chain name="INPUT" policy="ACCEPT" packet-count="0" byte-count="0" >
<rule packet-count="0" byte-count="0" >
<actions>
<call >
<INPUT_direct />
</call>
</actions>
</rule>
</chain>
<chain name="FORWARD" policy="ACCEPT" packet-count="0" byte-count="0" >
<rule packet-count="0" byte-count="0" >
<actions>
<call >
<FORWARD_direct />
</call>
</actions>
</rule>
</chain>
<chain name="OUTPUT" policy="ACCEPT" packet-count="0" byte-count="0" >
<rule packet-count="0" byte-count="0" >
<actions>
<call >
<OUTPUT_direct />
</call>
</actions>
</rule>
</chain>
<chain name="POSTROUTING" policy="ACCEPT" packet-count="0" byte-count="0" >
<rule packet-count="0" byte-count="0" >
<conditions>
<match >
<o >virbr0</o>
<p >udp</p>
</match>
<udp >
<dport >68</dport>
</udp>
</conditions>
<actions>
<CHECKSUM >
<checksum-fill />
</CHECKSUM>
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<actions>
<call >
<POSTROUTING_direct />
</call>
</actions>
</rule>
</chain>
<chain name="PREROUTING_ZONES" packet-count="0" byte-count="0" >
<rule packet-count="0" byte-count="0" >
<conditions>
<match >
<i >wlp58s0</i>
</match>
</conditions>
<actions>
<goto >
<PRE_FedoraWorkstation />
</goto>
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<actions>
<goto >
<PRE_FedoraWorkstation />
</goto>
</actions>
</rule>
</chain>
<chain name="PRE_FedoraWorkstation" packet-count="0" byte-count="0" >
<rule packet-count="0" byte-count="0" >
<actions>
<call >
<PRE_FedoraWorkstation_log />
</call>
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<actions>
<call >
<PRE_FedoraWorkstation_deny />
</call>
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<actions>
<call >
<PRE_FedoraWorkstation_allow />
</call>
</actions>
</rule>
</chain>
<chain name="FORWARD_direct" packet-count="0" byte-count="0" />
<chain name="INPUT_direct" packet-count="0" byte-count="0" />
<chain name="OUTPUT_direct" packet-count="0" byte-count="0" />
<chain name="POSTROUTING_direct" packet-count="0" byte-count="0" />
<chain name="PREROUTING_ZONES_SOURCE" packet-count="0" byte-count="0" />
<chain name="PREROUTING_direct" packet-count="0" byte-count="0" />
<chain name="PRE_FedoraWorkstation_allow" packet-count="0" byte-count="0" />
<chain name="PRE_FedoraWorkstation_deny" packet-count="0" byte-count="0" />
<chain name="PRE_FedoraWorkstation_log" packet-count="0" byte-count="0" />
</table>
<!-- # Completed on Sat Feb 17 10:50:33 2018 -->
<!-- # Generated by iptables*-save v1.6.1 on Sat Feb 17 10:50:33 2018 -->
<table name="raw" >
<chain name="PREROUTING" policy="ACCEPT" packet-count="1681" byte-count="2620433" >
<rule packet-count="0" byte-count="0" >
<actions>
<call >
<PREROUTING_direct />
</call>
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<actions>
<call >
<PREROUTING_ZONES_SOURCE />
</call>
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<actions>
<call >
<PREROUTING_ZONES />
</call>
</actions>
</rule>
</chain>
<chain name="OUTPUT" policy="ACCEPT" packet-count="1619" byte-count="171281" >
<rule packet-count="0" byte-count="0" >
<actions>
<call >
<OUTPUT_direct />
</call>
</actions>
</rule>
</chain>
<chain name="PREROUTING_ZONES" packet-count="0" byte-count="0" >
<rule packet-count="0" byte-count="0" >
<conditions>
<match >
<i >wlp58s0</i>
</match>
</conditions>
<actions>
<goto >
<PRE_FedoraWorkstation />
</goto>
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<actions>
<goto >
<PRE_FedoraWorkstation />
</goto>
</actions>
</rule>
</chain>
<chain name="PRE_FedoraWorkstation" packet-count="0" byte-count="0" >
<rule packet-count="0" byte-count="0" >
<actions>
<call >
<PRE_FedoraWorkstation_log />
</call>
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<actions>
<call >
<PRE_FedoraWorkstation_deny />
</call>
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<actions>
<call >
<PRE_FedoraWorkstation_allow />
</call>
</actions>
</rule>
</chain>
<chain name="PRE_FedoraWorkstation_allow" packet-count="0" byte-count="0" >
<rule packet-count="0" byte-count="0" >
<conditions>
<match >
<p >udp</p>
</match>
<udp >
<dport >137</dport>
</udp>
</conditions>
<actions>
<CT >
<helper >netbios-ns</helper>
</CT>
</actions>
</rule>
</chain>
<chain name="OUTPUT_direct" packet-count="0" byte-count="0" />
<chain name="PREROUTING_ZONES_SOURCE" packet-count="0" byte-count="0" />
<chain name="PREROUTING_direct" packet-count="0" byte-count="0" />
<chain name="PRE_FedoraWorkstation_deny" packet-count="0" byte-count="0" />
<chain name="PRE_FedoraWorkstation_log" packet-count="0" byte-count="0" />
</table>
<!-- # Completed on Sat Feb 17 10:50:33 2018 -->
<!-- # Generated by iptables*-save v1.6.1 on Sat Feb 17 10:50:33 2018 -->
<table name="filter" >
<chain name="INPUT" policy="ACCEPT" packet-count="0" byte-count="0" >
<rule packet-count="5" byte-count="6" >
<conditions>
<match >
<i >virbr0</i>
<p >udp</p>
</match>
<udp >
<dport >53</dport>
</udp>
</conditions>
<actions>
<ACCEPT />
</actions>
</rule>
<rule packet-count="0" byte-count="123456789" >
<conditions>
<match >
<i >virbr0</i>
<p >tcp</p>
</match>
<tcp >
<dport >53</dport>
</tcp>
</conditions>
<actions>
<ACCEPT />
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<conditions>
<match >
<i >virbr0</i>
<p >udp</p>
</match>
<udp >
<dport >67</dport>
</udp>
</conditions>
<actions>
<ACCEPT />
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<conditions>
<match >
<i >virbr0</i>
<p >tcp</p>
</match>
<tcp >
<dport >67</dport>
</tcp>
</conditions>
<actions>
<ACCEPT />
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<conditions>
<conntrack >
<ctstate >RELATED,ESTABLISHED</ctstate>
</conntrack>
</conditions>
<actions>
<ACCEPT />
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<conditions>
<match >
<i >lo</i>
</match>
</conditions>
<actions>
<ACCEPT />
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<actions>
<call >
<INPUT_direct />
</call>
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<actions>
<call >
<INPUT_ZONES_SOURCE />
</call>
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<actions>
<call >
<INPUT_ZONES />
</call>
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<conditions>
<conntrack >
<ctstate >INVALID</ctstate>
</conntrack>
</conditions>
<actions>
<DROP />
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<actions>
<REJECT >
<reject-with >icmp-host-prohibited</reject-with>
</REJECT>
</actions>
</rule>
</chain>
<chain name="FORWARD" policy="ACCEPT" packet-count="0" byte-count="0" >
<rule packet-count="0" byte-count="0" >
<conditions>
<match >
<d >192.168.122.0/24</d>
<o >virbr0</o>
</match>
<conntrack >
<ctstate >RELATED,ESTABLISHED</ctstate>
</conntrack>
</conditions>
<actions>
<ACCEPT />
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<conditions>
<match >
<s >192.168.122.0/24</s>
<i >virbr0</i>
</match>
</conditions>
<actions>
<ACCEPT />
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<conditions>
<match >
<i >virbr0</i>
<o >virbr0</o>
</match>
</conditions>
<actions>
<ACCEPT />
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<conditions>
<match >
<o >virbr0</o>
</match>
</conditions>
<actions>
<REJECT >
<reject-with >icmp-port-unreachable</reject-with>
</REJECT>
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<conditions>
<match >
<i >virbr0</i>
</match>
</conditions>
<actions>
<REJECT >
<reject-with >icmp-port-unreachable</reject-with>
</REJECT>
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<conditions>
<conntrack >
<ctstate >RELATED,ESTABLISHED</ctstate>
</conntrack>
</conditions>
<actions>
<ACCEPT />
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<conditions>
<match >
<i >lo</i>
</match>
</conditions>
<actions>
<ACCEPT />
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<actions>
<call >
<FORWARD_direct />
</call>
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<actions>
<call >
<FORWARD_IN_ZONES_SOURCE />
</call>
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<actions>
<call >
<FORWARD_IN_ZONES />
</call>
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<actions>
<call >
<FORWARD_OUT_ZONES_SOURCE />
</call>
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<actions>
<call >
<FORWARD_OUT_ZONES />
</call>
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<conditions>
<conntrack >
<ctstate >INVALID</ctstate>
</conntrack>
</conditions>
<actions>
<DROP />
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<actions>
<REJECT >
<reject-with >icmp-host-prohibited</reject-with>
</REJECT>
</actions>
</rule>
</chain>
<chain name="OUTPUT" policy="ACCEPT" packet-count="1619" byte-count="171281" >
<rule packet-count="0" byte-count="0" >
<conditions>
<match >
<o >virbr0</o>
<p >udp</p>
</match>
<udp >
<dport >68</dport>
</udp>
</conditions>
<actions>
<ACCEPT />
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<actions>
<call >
<OUTPUT_direct />
</call>
</actions>
</rule>
</chain>
<chain name="FORWARD_IN_ZONES" packet-count="0" byte-count="0" >
<rule packet-count="0" byte-count="0" >
<conditions>
<match >
<i >wlp58s0</i>
</match>
</conditions>
<actions>
<goto >
<FWDI_FedoraWorkstation />
</goto>
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<actions>
<goto >
<FWDI_FedoraWorkstation />
</goto>
</actions>
</rule>
</chain>
<chain name="FORWARD_OUT_ZONES" packet-count="0" byte-count="0" >
<rule packet-count="0" byte-count="0" >
<conditions>
<match >
<o >wlp58s0</o>
</match>
</conditions>
<actions>
<goto >
<FWDO_FedoraWorkstation />
</goto>
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<actions>
<goto >
<FWDO_FedoraWorkstation />
</goto>
</actions>
</rule>
</chain>
<chain name="FWDI_FedoraWorkstation" packet-count="0" byte-count="0" >
<rule packet-count="0" byte-count="0" >
<actions>
<call >
<FWDI_FedoraWorkstation_log />
</call>
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<actions>
<call >
<FWDI_FedoraWorkstation_deny />
</call>
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<actions>
<call >
<FWDI_FedoraWorkstation_allow />
</call>
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<conditions>
<match >
<p >icmp</p>
</match>
</conditions>
<actions>
<ACCEPT />
</actions>
</rule>
</chain>
<chain name="FWDO_FedoraWorkstation" packet-count="0" byte-count="0" >
<rule packet-count="0" byte-count="0" >
<actions>
<call >
<FWDO_FedoraWorkstation_log />
</call>
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<actions>
<call >
<FWDO_FedoraWorkstation_deny />
</call>
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<actions>
<call >
<FWDO_FedoraWorkstation_allow />
</call>
</actions>
</rule>
</chain>
<chain name="INPUT_ZONES" packet-count="0" byte-count="0" >
<rule packet-count="0" byte-count="0" >
<conditions>
<match >
<i >wlp58s0</i>
</match>
</conditions>
<actions>
<goto >
<IN_FedoraWorkstation />
</goto>
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<actions>
<goto >
<IN_FedoraWorkstation />
</goto>
</actions>
</rule>
</chain>
<chain name="IN_FedoraWorkstation" packet-count="0" byte-count="0" >
<rule packet-count="0" byte-count="0" >
<actions>
<call >
<IN_FedoraWorkstation_log />
</call>
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<actions>
<call >
<IN_FedoraWorkstation_deny />
</call>
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<actions>
<call >
<IN_FedoraWorkstation_allow />
</call>
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<conditions>
<match >
<p >icmp</p>
</match>
</conditions>
<actions>
<ACCEPT />
</actions>
</rule>
</chain>
<chain name="IN_FedoraWorkstation_allow" packet-count="0" byte-count="0" >
<rule packet-count="0" byte-count="0" >
<conditions>
<match >
<p >udp</p>
</match>
<udp >
<dport >137</dport>
</udp>
<conntrack >
<ctstate >NEW</ctstate>
</conntrack>
</conditions>
<actions>
<ACCEPT />
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<conditions>
<match >
<p >udp</p>
</match>
<udp >
<dport >138</dport>
</udp>
<conntrack >
<ctstate >NEW</ctstate>
</conntrack>
</conditions>
<actions>
<ACCEPT />
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<conditions>
<match >
<p >tcp</p>
</match>
<tcp >
<dport >22</dport>
</tcp>
<conntrack >
<ctstate >NEW</ctstate>
</conntrack>
</conditions>
<actions>
<ACCEPT />
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<conditions>
<match >
<d >224.0.0.251/32</d>
<p >udp</p>
</match>
<udp >
<dport >5353</dport>
</udp>
<conntrack >
<ctstate >NEW</ctstate>
</conntrack>
</conditions>
<actions>
<ACCEPT />
</actions>
</rule>
<rule packet-count="0" byte-count="0" >
<conditions>
<match >
<p >udp</p>
</match>
<udp >
<dport >1025:65535</dport>
</udp>
<conntrack >
<ctstate >NEW</ctstate>
</conntrack>
</conditions>
<actions>
<ACCEPT />
</actions>
</rule>
<rule packet-count="7" byte-count="8" >
<conditions>
<match >
<p >tcp</p>
</match>
<tcp >
<dport >1025:65535</dport>
</tcp>
<conntrack >
<ctstate >NEW</ctstate>
</conntrack>
</conditions>
<actions>
<ACCEPT />
</actions>
</rule>
</chain>
<chain name="FORWARD_IN_ZONES_SOURCE" packet-count="0" byte-count="0" />
<chain name="FORWARD_OUT_ZONES_SOURCE" packet-count="0" byte-count="0" />
<chain name="FORWARD_direct" packet-count="0" byte-count="0" />
<chain name="FWDI_FedoraWorkstation_allow" packet-count="0" byte-count="0" />
<chain name="FWDI_FedoraWorkstation_deny" packet-count="0" byte-count="0" />
<chain name="FWDI_FedoraWorkstation_log" packet-count="0" byte-count="0" />
<chain name="FWDO_FedoraWorkstation_allow" packet-count="0" byte-count="0" />
<chain name="FWDO_FedoraWorkstation_deny" packet-count="0" byte-count="0" />
<chain name="FWDO_FedoraWorkstation_log" packet-count="0" byte-count="0" />
<chain name="INPUT_ZONES_SOURCE" packet-count="0" byte-count="0" />
<chain name="INPUT_direct" packet-count="0" byte-count="0" />
<chain name="IN_FedoraWorkstation_deny" packet-count="0" byte-count="0" />
<chain name="IN_FedoraWorkstation_log" packet-count="0" byte-count="0" />
<chain name="OUTPUT_direct" packet-count="0" byte-count="0" />
</table>
<!-- # Completed on Sat Feb 17 10:50:33 2018 -->
</iptables-rules>