Project

General

Profile

action #73633 » ip6tables-save.firewalld.txt

Dump without default route over v6 - nicksinger, 2020-11-04 15:00

 
# Generated by ip6tables-save v1.6.2 on Wed Nov 4 15:40:03 2020
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT_direct - [0:0]
:POSTROUTING_ZONES - [0:0]
:POSTROUTING_ZONES_SOURCE - [0:0]
:POSTROUTING_direct - [0:0]
:POST_trusted - [0:0]
:POST_trusted_allow - [0:0]
:POST_trusted_deny - [0:0]
:POST_trusted_log - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_ZONES_SOURCE - [0:0]
:PREROUTING_direct - [0:0]
:PRE_trusted - [0:0]
:PRE_trusted_allow - [0:0]
:PRE_trusted_deny - [0:0]
:PRE_trusted_log - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES_SOURCE
-A PREROUTING -j PREROUTING_ZONES
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j POSTROUTING_direct
-A POSTROUTING -j POSTROUTING_ZONES_SOURCE
-A POSTROUTING -j POSTROUTING_ZONES
-A POSTROUTING_ZONES -o eth4 -j POST_trusted
-A POSTROUTING_ZONES -o ovs-system -j POST_trusted
-A POSTROUTING_ZONES -o br1 -j POST_trusted
-A POSTROUTING_ZONES -j POST_trusted
-A POST_trusted -j POST_trusted_log
-A POST_trusted -j POST_trusted_deny
-A POST_trusted -j POST_trusted_allow
-A POST_trusted_allow ! -o lo -j MASQUERADE
-A PREROUTING_ZONES -i eth4 -j PRE_trusted
-A PREROUTING_ZONES -i ovs-system -j PRE_trusted
-A PREROUTING_ZONES -i br1 -j PRE_trusted
-A PREROUTING_ZONES -j PRE_trusted
-A PRE_trusted -j PRE_trusted_log
-A PRE_trusted -j PRE_trusted_deny
-A PRE_trusted -j PRE_trusted_allow
COMMIT
# Completed on Wed Nov 4 15:40:03 2020
# Generated by ip6tables-save v1.6.2 on Wed Nov 4 15:40:03 2020
*raw
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [54:5264]
:OUTPUT_direct - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_ZONES_SOURCE - [0:0]
:PREROUTING_direct - [0:0]
:PRE_trusted - [0:0]
:PRE_trusted_allow - [0:0]
:PRE_trusted_deny - [0:0]
:PRE_trusted_log - [0:0]
-A PREROUTING -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j ACCEPT
-A PREROUTING -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j ACCEPT
-A PREROUTING -m rpfilter --invert -j DROP
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES_SOURCE
-A PREROUTING -j PREROUTING_ZONES
-A OUTPUT -j OUTPUT_direct
-A PREROUTING_ZONES -i eth4 -j PRE_trusted
-A PREROUTING_ZONES -i ovs-system -j PRE_trusted
-A PREROUTING_ZONES -i br1 -j PRE_trusted
-A PREROUTING_ZONES -j PRE_trusted
-A PRE_trusted -j PRE_trusted_log
-A PRE_trusted -j PRE_trusted_deny
-A PRE_trusted -j PRE_trusted_allow
COMMIT
# Completed on Wed Nov 4 15:40:03 2020
# Generated by ip6tables-save v1.6.2 on Wed Nov 4 15:40:03 2020
*security
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [54:5264]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
COMMIT
# Completed on Wed Nov 4 15:40:03 2020
# Generated by ip6tables-save v1.6.2 on Wed Nov 4 15:40:03 2020
*mangle
:PREROUTING ACCEPT [1:72]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [54:5264]
:POSTROUTING ACCEPT [4:464]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
:POSTROUTING_direct - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_ZONES_SOURCE - [0:0]
:PREROUTING_direct - [0:0]
:PRE_trusted - [0:0]
:PRE_trusted_allow - [0:0]
:PRE_trusted_deny - [0:0]
:PRE_trusted_log - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES_SOURCE
-A PREROUTING -j PREROUTING_ZONES
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j POSTROUTING_direct
-A PREROUTING_ZONES -i eth4 -j PRE_trusted
-A PREROUTING_ZONES -i ovs-system -j PRE_trusted
-A PREROUTING_ZONES -i br1 -j PRE_trusted
-A PREROUTING_ZONES -j PRE_trusted
-A PRE_trusted -j PRE_trusted_log
-A PRE_trusted -j PRE_trusted_deny
-A PRE_trusted -j PRE_trusted_allow
COMMIT
# Completed on Wed Nov 4 15:40:03 2020
# Generated by ip6tables-save v1.6.2 on Wed Nov 4 15:40:03 2020
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [54:5264]
:FORWARD_IN_ZONES - [0:0]
:FORWARD_IN_ZONES_SOURCE - [0:0]
:FORWARD_OUT_ZONES - [0:0]
:FORWARD_OUT_ZONES_SOURCE - [0:0]
:FORWARD_direct - [0:0]
:FWDI_trusted - [0:0]
:FWDI_trusted_allow - [0:0]
:FWDI_trusted_deny - [0:0]
:FWDI_trusted_log - [0:0]
:FWDO_trusted - [0:0]
:FWDO_trusted_allow - [0:0]
:FWDO_trusted_deny - [0:0]
:FWDO_trusted_log - [0:0]
:INPUT_ZONES - [0:0]
:INPUT_ZONES_SOURCE - [0:0]
:INPUT_direct - [0:0]
:IN_trusted - [0:0]
:IN_trusted_allow - [0:0]
:IN_trusted_deny - [0:0]
:IN_trusted_log - [0:0]
:OUTPUT_direct - [0:0]
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j INPUT_direct
-A INPUT -j INPUT_ZONES_SOURCE
-A INPUT -j INPUT_ZONES
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -j REJECT --reject-with icmp6-adm-prohibited
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -j FORWARD_direct
-A FORWARD -j FORWARD_IN_ZONES_SOURCE
-A FORWARD -j FORWARD_IN_ZONES
-A FORWARD -j FORWARD_OUT_ZONES_SOURCE
-A FORWARD -j FORWARD_OUT_ZONES
-A FORWARD -m conntrack --ctstate INVALID -j DROP
-A FORWARD -j REJECT --reject-with icmp6-adm-prohibited
-A OUTPUT -j OUTPUT_direct
-A FORWARD_IN_ZONES -i eth4 -j FWDI_trusted
-A FORWARD_IN_ZONES -i ovs-system -j FWDI_trusted
-A FORWARD_IN_ZONES -i br1 -j FWDI_trusted
-A FORWARD_IN_ZONES -j FWDI_trusted
-A FORWARD_OUT_ZONES -o eth4 -j FWDO_trusted
-A FORWARD_OUT_ZONES -o ovs-system -j FWDO_trusted
-A FORWARD_OUT_ZONES -o br1 -j FWDO_trusted
-A FORWARD_OUT_ZONES -j FWDO_trusted
-A FWDI_trusted -j FWDI_trusted_log
-A FWDI_trusted -j FWDI_trusted_deny
-A FWDI_trusted -j FWDI_trusted_allow
-A FWDI_trusted -j ACCEPT
-A FWDO_trusted -j FWDO_trusted_log
-A FWDO_trusted -j FWDO_trusted_deny
-A FWDO_trusted -j FWDO_trusted_allow
-A FWDO_trusted -j ACCEPT
-A FWDO_trusted_allow -m conntrack --ctstate NEW -j ACCEPT
-A INPUT_ZONES -i eth4 -j IN_trusted
-A INPUT_ZONES -i ovs-system -j IN_trusted
-A INPUT_ZONES -i br1 -j IN_trusted
-A INPUT_ZONES -j IN_trusted
-A IN_trusted -j IN_trusted_log
-A IN_trusted -j IN_trusted_deny
-A IN_trusted -j IN_trusted_allow
-A IN_trusted -j ACCEPT
COMMIT
# Completed on Wed Nov 4 15:40:03 2020
(1-1/2)