API tools faq
paste
Advertisement
mokarenko772

Untitled

mokarenko772
Mar 17th, 2022
54
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.99 KB | None | 0 0
raw download clone embed print report
  1. nft list ruleset
  2. table ip filter {
  3. chain LIBVIRT_INP {
  4. iifname "virbr0" meta l4proto udp udp dport 53 counter packets 0 bytes 0 accept
  5. iifname "virbr0" meta l4proto tcp tcp dport 53 counter packets 0 bytes 0 accept
  6. iifname "virbr0" meta l4proto udp udp dport 67 counter packets 0 bytes 0 accept
  7. iifname "virbr0" meta l4proto tcp tcp dport 67 counter packets 0 bytes 0 accept
  8. }
  9.  
  10. chain INPUT {
  11. type filter hook input priority filter; policy accept;
  12. counter packets 72137 bytes 64299978 jump LIBVIRT_INP
  13. }
  14.  
  15. chain LIBVIRT_OUT {
  16. oifname "virbr0" meta l4proto udp udp dport 53 counter packets 0 bytes 0 accept
  17. oifname "virbr0" meta l4proto tcp tcp dport 53 counter packets 0 bytes 0 accept
  18. oifname "virbr0" meta l4proto udp udp dport 68 counter packets 0 bytes 0 accept
  19. oifname "virbr0" meta l4proto tcp tcp dport 68 counter packets 0 bytes 0 accept
  20. }
  21.  
  22. chain OUTPUT {
  23. type filter hook output priority filter; policy accept;
  24. counter packets 45384 bytes 6668210 jump LIBVIRT_OUT
  25. }
  26.  
  27. chain LIBVIRT_FWO {
  28. iifname "virbr0" ip saddr 192.168.100.0/24 counter packets 0 bytes 0 accept
  29. iifname "virbr0" counter packets 0 bytes 0 reject
  30. }
  31.  
  32. chain FORWARD {
  33. type filter hook forward priority filter; policy accept;
  34. counter packets 5 bytes 1172 jump LIBVIRT_FWX
  35. counter packets 5 bytes 1172 jump LIBVIRT_FWI
  36. counter packets 5 bytes 1172 jump LIBVIRT_FWO
  37. iifname "pan1" counter packets 0 bytes 0 accept
  38. oifname "pan1" counter packets 0 bytes 0 accept
  39. iifname "pan1" counter packets 0 bytes 0 accept
  40. }
  41.  
  42. chain LIBVIRT_FWI {
  43. oifname "virbr0" ip daddr 192.168.100.0/24 ct state related,established counter packets 0 bytes 0 accept
  44. oifname "virbr0" counter packets 0 bytes 0 reject
  45. }
  46.  
  47. chain LIBVIRT_FWX {
  48. iifname "virbr0" oifname "virbr0" counter packets 0 bytes 0 accept
  49. }
  50. }
  51. table ip nat {
  52. chain LIBVIRT_PRT {
  53. ip saddr 192.168.100.0/24 ip daddr 224.0.0.0/24 counter packets 60 bytes 9518 return
  54. ip saddr 192.168.100.0/24 ip daddr 255.255.255.255 counter packets 0 bytes 0 return
  55. meta l4proto tcp ip saddr 192.168.100.0/24 ip daddr != 192.168.100.0/24 counter packets 948 bytes 60775 masquerade to :1024-65535
  56. meta l4proto udp ip saddr 192.168.100.0/24 ip daddr != 192.168.100.0/24 counter packets 277 bytes 43460 masquerade to :1024-65535
  57. ip saddr 192.168.100.0/24 ip daddr != 192.168.100.0/24 counter packets 0 bytes 0 masquerade
  58. }
  59.  
  60. chain POSTROUTING {
  61. type nat hook postrouting priority srcnat; policy accept;
  62. counter packets 3803 bytes 399899 jump LIBVIRT_PRT
  63. ip saddr 10.100.187.0/24 counter packets 25 bytes 4125 masquerade
  64. }
  65. }
  66. table ip mangle {
  67. chain LIBVIRT_PRT {
  68. oifname "virbr0" meta l4proto udp udp dport 68 counter packets 0 bytes 0 # CHECKSUM fill
  69. }
  70.  
  71. chain POSTROUTING {
  72. type filter hook postrouting priority mangle; policy accept;
  73. counter packets 46486 bytes 6841404 jump LIBVIRT_PRT
  74. }
  75. }
  76. table ip6 filter {
  77. chain LIBVIRT_INP {
  78. }
  79.  
  80. chain INPUT {
  81. type filter hook input priority filter; policy accept;
  82. counter packets 4088 bytes 3398182 jump LIBVIRT_INP
  83. }
  84.  
  85. chain LIBVIRT_OUT {
  86. }
  87.  
  88. chain OUTPUT {
  89. type filter hook output priority filter; policy accept;
  90. counter packets 3865 bytes 493397 jump LIBVIRT_OUT
  91. }
  92.  
  93. chain LIBVIRT_FWO {
  94. }
  95.  
  96. chain FORWARD {
  97. type filter hook forward priority filter; policy accept;
  98. counter packets 0 bytes 0 jump LIBVIRT_FWX
  99. counter packets 0 bytes 0 jump LIBVIRT_FWI
  100. counter packets 0 bytes 0 jump LIBVIRT_FWO
  101. }
  102.  
  103. chain LIBVIRT_FWI {
  104. }
  105.  
  106. chain LIBVIRT_FWX {
  107. }
  108. }
  109. table ip6 nat {
  110. chain LIBVIRT_PRT {
  111. }
  112.  
  113. chain POSTROUTING {
  114. type nat hook postrouting priority srcnat; policy accept;
  115. counter packets 0 bytes 0 jump LIBVIRT_PRT
  116. }
  117. }
  118. table ip6 mangle {
  119. chain LIBVIRT_PRT {
  120. }
  121.  
  122. chain POSTROUTING {
  123. type filter hook postrouting priority mangle; policy accept;
  124. counter packets 4132 bytes 537333 jump LIBVIRT_PRT
  125. }
  126. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!