iptables filter

1. Chain INPUT (policy ACCEPT)
2. target prot opt source destination
3. ACCEPT udp -- anywhere anywhere udp dpt:domain
4. ACCEPT tcp -- anywhere anywhere tcp dpt:domain
5. ACCEPT udp -- anywhere anywhere udp dpt:bootps
6. ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
7. ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
8. ACCEPT all -- anywhere anywhere
9. INPUT_direct all -- anywhere anywhere
10. INPUT_ZONES_SOURCE all -- anywhere anywhere
11. INPUT_ZONES all -- anywhere anywhere
12. DROP all -- anywhere anywhere ctstate INVALID
13. REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
14.  
15. Chain FORWARD (policy ACCEPT)
16. target prot opt source destination
17. ACCEPT all -- anywhere 192.168.122.0/24 ctstate RELATED,ESTABLISHED
18. ACCEPT all -- 192.168.122.0/24 anywhere
19. ACCEPT all -- anywhere anywhere
20. REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
21. REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
22. DOCKER-ISOLATION all -- anywhere anywhere
23. DOCKER all -- anywhere anywhere
24. ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
25. ACCEPT all -- anywhere anywhere
26. ACCEPT all -- anywhere anywhere
27. ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
28. ACCEPT all -- anywhere anywhere
29. FORWARD_direct all -- anywhere anywhere
30. FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
31. FORWARD_IN_ZONES all -- anywhere anywhere
32. FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
33. FORWARD_OUT_ZONES all -- anywhere anywhere
34. DROP all -- anywhere anywhere ctstate INVALID
35. REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
36.  
37. Chain OUTPUT (policy ACCEPT)
38. target prot opt source destination
39. ACCEPT udp -- anywhere anywhere udp dpt:bootpc
40. OUTPUT_direct all -- anywhere anywhere
41.  
42. Chain DOCKER (1 references)
43. target prot opt source destination
44.  
45. Chain DOCKER-ISOLATION (1 references)
46. target prot opt source destination
47. RETURN all -- anywhere anywhere
48.  
49. Chain FORWARD_IN_ZONES (1 references)
50. target prot opt source destination
51. FWDI_internal all -- anywhere anywhere [goto]
52. FWDI_cameras all -- anywhere anywhere [goto]
53. FWDI_internal all -- anywhere anywhere [goto]
54.  
55. Chain FORWARD_IN_ZONES_SOURCE (1 references)
56. target prot opt source destination
57. FWDI_cameras all -- 192.168.1.4 anywhere [goto]
58.  
59. Chain FORWARD_OUT_ZONES (1 references)
60. target prot opt source destination
61. FWDO_internal all -- anywhere anywhere [goto]
62. FWDO_cameras all -- anywhere anywhere [goto]
63. FWDO_internal all -- anywhere anywhere [goto]
64.  
65. Chain FORWARD_OUT_ZONES_SOURCE (1 references)
66. target prot opt source destination
67. FWDO_cameras all -- anywhere 192.168.1.4 [goto]
68.  
69. Chain FORWARD_direct (1 references)
70. target prot opt source destination
71.  
72. Chain FWDI_cameras (2 references)
73. target prot opt source destination
74. FWDI_cameras_log all -- anywhere anywhere
75. FWDI_cameras_deny all -- anywhere anywhere
76. FWDI_cameras_allow all -- anywhere anywhere
77. ACCEPT icmp -- anywhere anywhere
78.  
79. Chain FWDI_cameras_allow (1 references)
80. target prot opt source destination
81.  
82. Chain FWDI_cameras_deny (1 references)
83. target prot opt source destination
84.  
85. Chain FWDI_cameras_log (1 references)
86. target prot opt source destination
87.  
88. Chain FWDI_internal (2 references)
89. target prot opt source destination
90. FWDI_internal_log all -- anywhere anywhere
91. FWDI_internal_deny all -- anywhere anywhere
92. FWDI_internal_allow all -- anywhere anywhere
93. ACCEPT icmp -- anywhere anywhere
94.  
95. Chain FWDI_internal_allow (1 references)
96. target prot opt source destination
97.  
98. Chain FWDI_internal_deny (1 references)
99. target prot opt source destination
100.  
101. Chain FWDI_internal_log (1 references)
102. target prot opt source destination
103.  
104. Chain FWDO_cameras (2 references)
105. target prot opt source destination
106. FWDO_cameras_log all -- anywhere anywhere
107. FWDO_cameras_deny all -- anywhere anywhere
108. FWDO_cameras_allow all -- anywhere anywhere
109.  
110. Chain FWDO_cameras_allow (1 references)
111. target prot opt source destination
112.  
113. Chain FWDO_cameras_deny (1 references)
114. target prot opt source destination
115.  
116. Chain FWDO_cameras_log (1 references)
117. target prot opt source destination
118.  
119. Chain FWDO_internal (2 references)
120. target prot opt source destination
121. FWDO_internal_log all -- anywhere anywhere
122. FWDO_internal_deny all -- anywhere anywhere
123. FWDO_internal_allow all -- anywhere anywhere
124.  
125. Chain FWDO_internal_allow (1 references)
126. target prot opt source destination
127.  
128. Chain FWDO_internal_deny (1 references)
129. target prot opt source destination
130.  
131. Chain FWDO_internal_log (1 references)
132. target prot opt source destination
133.  
134. Chain INPUT_ZONES (1 references)
135. target prot opt source destination
136. IN_internal all -- anywhere anywhere [goto]
137. IN_cameras all -- anywhere anywhere [goto]
138. IN_internal all -- anywhere anywhere [goto]
139.  
140. Chain INPUT_ZONES_SOURCE (1 references)
141. target prot opt source destination
142. IN_cameras all -- 192.168.1.4 anywhere [goto]
143.  
144. Chain INPUT_direct (1 references)
145. target prot opt source destination
146.  
147. Chain IN_cameras (2 references)
148. target prot opt source destination
149. IN_cameras_log all -- anywhere anywhere
150. IN_cameras_deny all -- anywhere anywhere
151. IN_cameras_allow all -- anywhere anywhere
152. ACCEPT icmp -- anywhere anywhere
153.  
154. Chain IN_cameras_allow (1 references)
155. target prot opt source destination
156. ACCEPT udp -- anywhere anywhere udp dpt:ntp ctstate NEW
157.  
158. Chain IN_cameras_deny (1 references)
159. target prot opt source destination
160.  
161. Chain IN_cameras_log (1 references)
162. target prot opt source destination
163.  
164. Chain IN_internal (2 references)
165. target prot opt source destination
166. IN_internal_log all -- anywhere anywhere
167. IN_internal_deny all -- anywhere anywhere
168. IN_internal_allow all -- anywhere anywhere
169. ACCEPT icmp -- anywhere anywhere
170.  
171. Chain IN_internal_allow (1 references)
172. target prot opt source destination
173. ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW
174. ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ctstate NEW
175. ACCEPT udp -- anywhere anywhere udp dpt:netbios-ns ctstate NEW
176. ACCEPT udp -- anywhere anywhere udp dpt:netbios-dgm ctstate NEW
177. ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn ctstate NEW
178. ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds ctstate NEW
179. ACCEPT tcp -- anywhere anywhere tcp dpt:mountd ctstate NEW
180. ACCEPT udp -- anywhere anywhere udp dpt:mountd ctstate NEW
181. ACCEPT tcp -- anywhere anywhere tcp dpt:sunrpc ctstate NEW
182. ACCEPT udp -- anywhere anywhere udp dpt:sunrpc ctstate NEW
183. ACCEPT tcp -- anywhere anywhere tcp dpt:nfs ctstate NEW
184. ACCEPT udp -- anywhere anywhere udp dpt:ntp ctstate NEW
185. ACCEPT tcp -- anywhere anywhere tcp dpt:domain ctstate NEW
186. ACCEPT udp -- anywhere anywhere udp dpt:domain ctstate NEW
187.  
188. Chain IN_internal_deny (1 references)
189. target prot opt source destination
190.  
191. Chain IN_internal_log (1 references)
192. target prot opt source destination
193.  
194. Chain OUTPUT_direct (1 references)
195. target prot opt source destination