1# Completed on Sat Feb 17 10:50:33 2018 2# Generated by iptables-save v1.6.1 on Sat Feb 17 10:50:33 2018 3*mangle 4:PREROUTING ACCEPT [0:0] 5:INPUT ACCEPT [0:0] 6:FORWARD ACCEPT [0:0] 7:OUTPUT ACCEPT [0:0] 8:POSTROUTING ACCEPT [0:0] 9:FORWARD_direct - [0:0] 10:INPUT_direct - [0:0] 11:OUTPUT_direct - [0:0] 12:POSTROUTING_direct - [0:0] 13:PREROUTING_ZONES - [0:0] 14:PREROUTING_ZONES_SOURCE - [0:0] 15:PREROUTING_direct - [0:0] 16:PRE_FedoraWorkstation - [0:0] 17:PRE_FedoraWorkstation_allow - [0:0] 18:PRE_FedoraWorkstation_deny - [0:0] 19:PRE_FedoraWorkstation_log - [0:0] 20[1:2] -A PREROUTING -j PREROUTING_direct 21[3:4] -A PREROUTING -j PREROUTING_ZONES_SOURCE 22[0:0] -A PREROUTING -j PREROUTING_ZONES 23[0:0] -A INPUT -j INPUT_direct 24[0:0] -A FORWARD -j FORWARD_direct 25[0:0] -A OUTPUT -j OUTPUT_direct 26[0:0] -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill 27[0:0] -A POSTROUTING -j POSTROUTING_direct 28[0:0] -A PREROUTING_ZONES -i wlp58s0 -g PRE_FedoraWorkstation 29[0:0] -A PREROUTING_ZONES -g PRE_FedoraWorkstation 30[0:0] -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_log 31[0:0] -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_deny 32[0:0] -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_allow 33COMMIT 34# Completed on Sat Feb 17 10:50:33 2018 35# Generated by iptables-save v1.6.1 on Sat Feb 17 10:50:33 2018 36*raw 37:PREROUTING ACCEPT [1681:2620433] 38:OUTPUT ACCEPT [1619:171281] 39:OUTPUT_direct - [0:0] 40:PREROUTING_ZONES - [0:0] 41:PREROUTING_ZONES_SOURCE - [0:0] 42:PREROUTING_direct - [0:0] 43:PRE_FedoraWorkstation - [0:0] 44:PRE_FedoraWorkstation_allow - [0:0] 45:PRE_FedoraWorkstation_deny - [0:0] 46:PRE_FedoraWorkstation_log - [0:0] 47[0:0] -A PREROUTING -j PREROUTING_direct 48[0:0] -A PREROUTING -j PREROUTING_ZONES_SOURCE 49[0:0] -A PREROUTING -j PREROUTING_ZONES 50[0:0] -A OUTPUT -j OUTPUT_direct 51[0:0] -A PREROUTING_ZONES -i wlp58s0 -g PRE_FedoraWorkstation 52[0:0] -A PREROUTING_ZONES -g PRE_FedoraWorkstation 53[0:0] -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_log 54[0:0] -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_deny 55[0:0] -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_allow 56[0:0] -A PRE_FedoraWorkstation_allow -p udp -m udp --dport 137 -j CT --helper netbios-ns 57COMMIT 58# Completed on Sat Feb 17 10:50:33 2018 59# Generated by iptables-save v1.6.1 on Sat Feb 17 10:50:33 2018 60*filter 61:INPUT ACCEPT [0:0] 62:FORWARD ACCEPT [0:0] 63:OUTPUT ACCEPT [1619:171281] 64:FORWARD_IN_ZONES - [0:0] 65:FORWARD_IN_ZONES_SOURCE - [0:0] 66:FORWARD_OUT_ZONES - [0:0] 67:FORWARD_OUT_ZONES_SOURCE - [0:0] 68:FORWARD_direct - [0:0] 69:FWDI_FedoraWorkstation - [0:0] 70:FWDI_FedoraWorkstation_allow - [0:0] 71:FWDI_FedoraWorkstation_deny - [0:0] 72:FWDI_FedoraWorkstation_log - [0:0] 73:FWDO_FedoraWorkstation - [0:0] 74:FWDO_FedoraWorkstation_allow - [0:0] 75:FWDO_FedoraWorkstation_deny - [0:0] 76:FWDO_FedoraWorkstation_log - [0:0] 77:INPUT_ZONES - [0:0] 78:INPUT_ZONES_SOURCE - [0:0] 79:INPUT_direct - [0:0] 80:IN_FedoraWorkstation - [0:0] 81:IN_FedoraWorkstation_allow - [0:0] 82:IN_FedoraWorkstation_deny - [0:0] 83:IN_FedoraWorkstation_log - [0:0] 84:OUTPUT_direct - [0:0] 85[5:6] -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT 86[0:123456789] -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT 87[0:0] -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT 88[0:0] -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT 89[0:0] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 90[0:0] -A INPUT -i lo -j ACCEPT 91[0:0] -A INPUT -j INPUT_direct 92[0:0] -A INPUT -j INPUT_ZONES_SOURCE 93[0:0] -A INPUT -j INPUT_ZONES 94[0:0] -A INPUT -m conntrack --ctstate INVALID -j DROP 95[0:0] -A INPUT -j REJECT --reject-with icmp-host-prohibited 96[0:0] -A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 97[0:0] -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT 98[0:0] -A FORWARD -i virbr0 -o virbr0 -j ACCEPT 99[0:0] -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable 100[0:0] -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable 101[0:0] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT 102[0:0] -A FORWARD -i lo -j ACCEPT 103[0:0] -A FORWARD -j FORWARD_direct 104[0:0] -A FORWARD -j FORWARD_IN_ZONES_SOURCE 105[0:0] -A FORWARD -j FORWARD_IN_ZONES 106[0:0] -A FORWARD -j FORWARD_OUT_ZONES_SOURCE 107[0:0] -A FORWARD -j FORWARD_OUT_ZONES 108[0:0] -A FORWARD -m conntrack --ctstate INVALID -j DROP 109[0:0] -A FORWARD -j REJECT --reject-with icmp-host-prohibited 110[0:0] -A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT 111[0:0] -A OUTPUT -j OUTPUT_direct 112[0:0] -A FORWARD_IN_ZONES -i wlp58s0 -g FWDI_FedoraWorkstation 113[0:0] -A FORWARD_IN_ZONES -g FWDI_FedoraWorkstation 114[0:0] -A FORWARD_OUT_ZONES -o wlp58s0 -g FWDO_FedoraWorkstation 115[0:0] -A FORWARD_OUT_ZONES -g FWDO_FedoraWorkstation 116[0:0] -A FWDI_FedoraWorkstation -j FWDI_FedoraWorkstation_log 117[0:0] -A FWDI_FedoraWorkstation -j FWDI_FedoraWorkstation_deny 118[0:0] -A FWDI_FedoraWorkstation -j FWDI_FedoraWorkstation_allow 119[0:0] -A FWDI_FedoraWorkstation -p icmp -j ACCEPT 120[0:0] -A FWDO_FedoraWorkstation -j FWDO_FedoraWorkstation_log 121[0:0] -A FWDO_FedoraWorkstation -j FWDO_FedoraWorkstation_deny 122[0:0] -A FWDO_FedoraWorkstation -j FWDO_FedoraWorkstation_allow 123[0:0] -A INPUT_ZONES -i wlp58s0 -g IN_FedoraWorkstation 124[0:0] -A INPUT_ZONES -g IN_FedoraWorkstation 125[0:0] -A IN_FedoraWorkstation -j IN_FedoraWorkstation_log 126[0:0] -A IN_FedoraWorkstation -j IN_FedoraWorkstation_deny 127[0:0] -A IN_FedoraWorkstation -j IN_FedoraWorkstation_allow 128[0:0] -A IN_FedoraWorkstation -p icmp -j ACCEPT 129[0:0] -A IN_FedoraWorkstation_allow -p udp -m udp --dport 137 -m conntrack --ctstate NEW -j ACCEPT 130[0:0] -A IN_FedoraWorkstation_allow -p udp -m udp --dport 138 -m conntrack --ctstate NEW -j ACCEPT 131[0:0] -A IN_FedoraWorkstation_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT 132[0:0] -A IN_FedoraWorkstation_allow -d 224.0.0.251/32 -p udp -m udp --dport 5353 -m conntrack --ctstate NEW -j ACCEPT 133[0:0] -A IN_FedoraWorkstation_allow -p udp -m udp --dport 1025:65535 -m conntrack --ctstate NEW -j ACCEPT 134[7:8] -A IN_FedoraWorkstation_allow -p tcp -m tcp --dport 1025:65535 -m conntrack --ctstate NEW -j ACCEPT 135COMMIT 136# Completed on Sat Feb 17 10:50:33 2018 137