Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- lo any anywhere anywhere 1 356 ACCEPT all -- br0 any 192.168.10.0/24 anywhere 0 0 REJECT all -- eth0 any 192.168.10.0/24 anywhere reject-with icmp-port-unreachable 0 0 DROP icmp -- eth0 any anywhere 10.10.10.0/23 168 11904 ACCEPT all -- eth0 any anywhere 10.10.10.0/23 ctstate RELATED,ESTABLISHED 0 0 ACCEPT tcp -- br0 any anywhere anywhere tcp spt:bootpc dpt:bootps 3 1086 ACCEPT udp -- br0 any anywhere anywhere udp spt:bootpc dpt:bootps 0 0 ACCEPT tcp -- eth0 any anywhere 10.10.10.0/23 ctstate NEW,RELATED,ESTABLISHED tcp dpt:ssh 2468 363K REJECT all -- any any anywhere anywhere reject-with icmp-port-unreachable Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- eth0 br0 anywhere anywhere tcp dpt:4567 ctstate NEW,RELATED,ESTABLISHED 0 0 ACCEPT all -- eth0 br0 anywhere anywhere ctstate RELATED,ESTABLISHED 0 0 ACCEPT all -- br0 br0 anywhere anywhere 0 0 ACCEPT all -- br0 eth0 anywhere anywhere 0 0 REJECT all -- any any anywhere anywhere reject-with icmp-port-unreachable Chain OUTPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 DROP icmp -- any any anywhere anywhere ctstate INVALID 0 0 ACCEPT all -- any lo anywhere anywhere 0 0 ACCEPT all -- any br0 10.10.10.0/23 192.168.10.0/24 1 338 ACCEPT all -- any br0 192.168.10.0/24 192.168.10.0/24 0 0 REJECT all -- any eth0 anywhere 192.168.10.0/24 reject-with icmp-port-unreachable 116 23488 ACCEPT all -- any eth0 10.10.10.0/23 anywhere 0 0 ACCEPT tcp -- any br0 192.168.10.0/24 255.255.255.255 tcp spt:bootps dpt:bootpc 0 0 ACCEPT udp -- any br0 192.168.10.0/24 255.255.255.255 udp spt:bootps dpt:bootpc 0 0 REJECT all -- any any anywhere anywhere reject-with icmp-port-unreachable