-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathiptables.txt
50 lines (50 loc) · 2.4 KB
/
iptables.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# Generated by iptables-save v1.4.12 on Sat Feb 23 09:02:56 2013
*nat
:PREROUTING ACCEPT [70:9420]
:INPUT ACCEPT [69:8844]
:OUTPUT ACCEPT [536:34167]
:POSTROUTING ACCEPT [534:33839]
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
-A POSTROUTING -s 192.168.29.0/24 ! -d 192.168.29.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.29.0/24 ! -d 192.168.29.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.29.0/24 ! -d 192.168.29.0/24 -j MASQUERADE
COMMIT
# Completed on Sat Feb 23 09:02:56 2013
# Generated by iptables-save v1.4.12 on Sat Feb 23 09:02:56 2013
*mangle
:PREROUTING ACCEPT [18426:21803617]
:INPUT ACCEPT [18425:21803041]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [12296:1209945]
:POSTROUTING ACCEPT [12375:1220334]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A POSTROUTING -o virbr1 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Sat Feb 23 09:02:56 2013
# Generated by iptables-save v1.4.12 on Sat Feb 23 09:02:56 2013
*filter
:INPUT ACCEPT [18424:21802754]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [12295:1209658]
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A INPUT -i virbr1 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr1 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr1 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr1 -p tcp -m tcp --dport 67 -j ACCEPT
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -d 192.168.29.0/24 -o virbr1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.29.0/24 -i virbr1 -j ACCEPT
-A FORWARD -i virbr1 -o virbr1 -j ACCEPT
-A FORWARD -o virbr1 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr1 -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Sat Feb 23 09:02:56 2013