API tools faq
paste
Advertisement
mokarenko772

nft list ruleset

mokarenko772
Mar 19th, 2022
127
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.97 KB | None | 0 0
raw download clone embed print report
  1. table ip filter {
  2. chain LIBVIRT_INP {
  3. iifname "virbr0" meta l4proto udp udp dport 53 counter packets 0 bytes 0 accept
  4. iifname "virbr0" meta l4proto tcp tcp dport 53 counter packets 0 bytes 0 accept
  5. iifname "virbr0" meta l4proto udp udp dport 67 counter packets 0 bytes 0 accept
  6. iifname "virbr0" meta l4proto tcp tcp dport 67 counter packets 0 bytes 0 accept
  7. }
  8.  
  9. chain INPUT {
  10. type filter hook input priority filter; policy accept;
  11. counter packets 72137 bytes 64299978 jump LIBVIRT_INP
  12. }
  13.  
  14. chain LIBVIRT_OUT {
  15. oifname "virbr0" meta l4proto udp udp dport 53 counter packets 0 bytes 0 accept
  16. oifname "virbr0" meta l4proto tcp tcp dport 53 counter packets 0 bytes 0 accept
  17. oifname "virbr0" meta l4proto udp udp dport 68 counter packets 0 bytes 0 accept
  18. oifname "virbr0" meta l4proto tcp tcp dport 68 counter packets 0 bytes 0 accept
  19. }
  20.  
  21. chain OUTPUT {
  22. type filter hook output priority filter; policy accept;
  23. counter packets 45384 bytes 6668210 jump LIBVIRT_OUT
  24. }
  25.  
  26. chain LIBVIRT_FWO {
  27. iifname "virbr0" ip saddr 192.168.100.0/24 counter packets 0 bytes 0 accept
  28. iifname "virbr0" counter packets 0 bytes 0 reject
  29. }
  30.  
  31. chain FORWARD {
  32. type filter hook forward priority filter; policy accept;
  33. counter packets 5 bytes 1172 jump LIBVIRT_FWX
  34. counter packets 5 bytes 1172 jump LIBVIRT_FWI
  35. counter packets 5 bytes 1172 jump LIBVIRT_FWO
  36. iifname "pan1" counter packets 0 bytes 0 accept
  37. oifname "pan1" counter packets 0 bytes 0 accept
  38. iifname "pan1" counter packets 0 bytes 0 accept
  39. }
  40.  
  41. chain LIBVIRT_FWI {
  42. oifname "virbr0" ip daddr 192.168.100.0/24 ct state related,established counter packets 0 bytes 0 accept
  43. oifname "virbr0" counter packets 0 bytes 0 reject
  44. }
  45.  
  46. chain LIBVIRT_FWX {
  47. iifname "virbr0" oifname "virbr0" counter packets 0 bytes 0 accept
  48. }
  49. }
  50. table ip nat {
  51. chain LIBVIRT_PRT {
  52. ip saddr 192.168.100.0/24 ip daddr 224.0.0.0/24 counter packets 60 bytes 9518 return
  53. ip saddr 192.168.100.0/24 ip daddr 255.255.255.255 counter packets 0 bytes 0 return
  54. meta l4proto tcp ip saddr 192.168.100.0/24 ip daddr != 192.168.100.0/24 counter packets 948 bytes 60775 masquerade to :1024-65535
  55. meta l4proto udp ip saddr 192.168.100.0/24 ip daddr != 192.168.100.0/24 counter packets 277 bytes 43460 masquerade to :1024-65535
  56. ip saddr 192.168.100.0/24 ip daddr != 192.168.100.0/24 counter packets 0 bytes 0 masquerade
  57. }
  58.  
  59. chain POSTROUTING {
  60. type nat hook postrouting priority srcnat; policy accept;
  61. counter packets 3803 bytes 399899 jump LIBVIRT_PRT
  62. ip saddr 10.100.187.0/24 counter packets 25 bytes 4125 masquerade
  63. }
  64. }
  65. table ip mangle {
  66. chain LIBVIRT_PRT {
  67. oifname "virbr0" meta l4proto udp udp dport 68 counter packets 0 bytes 0 # CHECKSUM fill
  68. }
  69.  
  70. chain POSTROUTING {
  71. type filter hook postrouting priority mangle; policy accept;
  72. counter packets 46486 bytes 6841404 jump LIBVIRT_PRT
  73. }
  74. }
  75. table ip6 filter {
  76. chain LIBVIRT_INP {
  77. }
  78.  
  79. chain INPUT {
  80. type filter hook input priority filter; policy accept;
  81. counter packets 4088 bytes 3398182 jump LIBVIRT_INP
  82. }
  83.  
  84. chain LIBVIRT_OUT {
  85. }
  86.  
  87. chain OUTPUT {
  88. type filter hook output priority filter; policy accept;
  89. counter packets 3865 bytes 493397 jump LIBVIRT_OUT
  90. }
  91.  
  92. chain LIBVIRT_FWO {
  93. }
  94.  
  95. chain FORWARD {
  96. type filter hook forward priority filter; policy accept;
  97. counter packets 0 bytes 0 jump LIBVIRT_FWX
  98. counter packets 0 bytes 0 jump LIBVIRT_FWI
  99. counter packets 0 bytes 0 jump LIBVIRT_FWO
  100. }
  101.  
  102. chain LIBVIRT_FWI {
  103. }
  104.  
  105. chain LIBVIRT_FWX {
  106. }
  107. }
  108. table ip6 nat {
  109. chain LIBVIRT_PRT {
  110. }
  111.  
  112. chain POSTROUTING {
  113. type nat hook postrouting priority srcnat; policy accept;
  114. counter packets 0 bytes 0 jump LIBVIRT_PRT
  115. }
  116. }
  117. table ip6 mangle {
  118. chain LIBVIRT_PRT {
  119. }
  120.  
  121. chain POSTROUTING {
  122. type filter hook postrouting priority mangle; policy accept;
  123. counter packets 4132 bytes 537333 jump LIBVIRT_PRT
  124. }
  125. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!