libvirt/tests/nwfilterxml2firewalldata/target-linux.args

310 lines
4.5 KiB
Plaintext

ebtables \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-p 0x806 \
-j ACCEPT
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-p 0x806 \
-j DROP
ebtables \
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-p 0x806 \
-j DROP
ebtables \
-t nat \
-A libvirt-P-vnet0 \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0x800 \
-j ACCEPT
ebtables \
-t nat \
-A libvirt-P-vnet0 \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0x800 \
-j DROP
ebtables \
-t nat \
-A libvirt-P-vnet0 \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0x800 \
-j DROP
iptables \
-A FJ-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-m comment \
--comment 'accept rule \
-- dir out' \
-j RETURN
iptables \
-A FP-vnet0 \
-p all \
--source 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m state \
--state ESTABLISHED \
-m comment \
--comment 'accept rule \
-- dir out' \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m state \
--state NEW,ESTABLISHED \
-m comment \
--comment 'accept rule \
-- dir out' \
-j RETURN
iptables \
-A FJ-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m comment \
--comment 'drop rule \
-- dir out' \
-j DROP
iptables \
-A FP-vnet0 \
-p all \
--source 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m comment \
--comment 'drop rule \
-- dir out' \
-j DROP
iptables \
-A HJ-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m comment \
--comment 'drop rule \
-- dir out' \
-j DROP
iptables \
-A FJ-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m comment \
--comment 'reject rule \
-- dir out' \
-j REJECT
iptables \
-A FP-vnet0 \
-p all \
--source 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m comment \
--comment 'reject rule \
-- dir out' \
-j REJECT
iptables \
-A HJ-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m comment \
--comment 'reject rule \
-- dir out' \
-j REJECT
iptables \
-A FJ-vnet0 \
-p all \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-m comment \
--comment 'accept rule \
-- dir in' \
-j RETURN
iptables \
-A FP-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state NEW,ESTABLISHED \
-m comment \
--comment 'accept rule \
-- dir in' \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p all \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m state \
--state ESTABLISHED \
-m comment \
--comment 'accept rule \
-- dir in' \
-j RETURN
iptables \
-A FJ-vnet0 \
-p all \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m comment \
--comment 'drop rule \
-- dir in' \
-j DROP
iptables \
-A FP-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m comment \
--comment 'drop rule \
-- dir in' \
-j DROP
iptables \
-A HJ-vnet0 \
-p all \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m comment \
--comment 'drop rule \
-- dir in' \
-j DROP
iptables \
-A FJ-vnet0 \
-p all \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m comment \
--comment 'reject rule \
-- dir in' \
-j REJECT
iptables \
-A FP-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m comment \
--comment 'reject rule \
-- dir in' \
-j REJECT
iptables \
-A HJ-vnet0 \
-p all \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m comment \
--comment 'reject rule \
-- dir in' \
-j REJECT
iptables \
-A FJ-vnet0 \
-p all \
-m comment \
--comment 'accept rule \
-- dir inout' \
-j RETURN
iptables \
-A FP-vnet0 \
-p all \
-m comment \
--comment 'accept rule \
-- dir inout' \
-j ACCEPT
iptables \
-A HJ-vnet0 \
-p all \
-m comment \
--comment 'accept rule \
-- dir inout' \
-j RETURN
iptables \
-A FJ-vnet0 \
-p all \
-m comment \
--comment 'drop rule \
-- dir inout' \
-j DROP
iptables \
-A FP-vnet0 \
-p all \
-m comment \
--comment 'drop rule \
-- dir inout' \
-j DROP
iptables \
-A HJ-vnet0 \
-p all \
-m comment \
--comment 'drop rule \
-- dir inout' \
-j DROP
iptables \
-A FJ-vnet0 \
-p all \
-m comment \
--comment 'reject rule \
-- dir inout' \
-j REJECT
iptables \
-A FP-vnet0 \
-p all \
-m comment \
--comment 'reject rule \
-- dir inout' \
-j REJECT
iptables \
-A HJ-vnet0 \
-p all \
-m comment \
--comment 'reject rule \
-- dir inout' \
-j REJECT