mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-29 00:55:22 +00:00
59 lines
3.6 KiB
Plaintext
59 lines
3.6 KiB
Plaintext
|
iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
|
||
|
--destination-port 67 --jump ACCEPT
|
||
|
iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
|
||
|
--destination-port 67 --jump ACCEPT
|
||
|
iptables --table filter --insert OUTPUT --out-interface virbr0 --protocol udp \
|
||
|
--destination-port 68 --jump ACCEPT
|
||
|
iptables --table filter --insert INPUT --in-interface virbr0 --protocol tcp \
|
||
|
--destination-port 53 --jump ACCEPT
|
||
|
iptables --table filter --insert INPUT --in-interface virbr0 --protocol udp \
|
||
|
--destination-port 53 --jump ACCEPT
|
||
|
iptables --table filter --insert FORWARD --in-interface virbr0 --jump REJECT
|
||
|
iptables --table filter --insert FORWARD --out-interface virbr0 --jump REJECT
|
||
|
iptables --table filter --insert FORWARD --in-interface virbr0 \
|
||
|
--out-interface virbr0 --jump ACCEPT
|
||
|
iptables --table filter --insert FORWARD --source 192.168.122.0/24 \
|
||
|
--in-interface virbr0 --jump ACCEPT
|
||
|
iptables --table filter --insert FORWARD --destination 192.168.122.0/24 \
|
||
|
--out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT
|
||
|
iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 '!' \
|
||
|
--destination 192.168.122.0/24 --jump MASQUERADE
|
||
|
iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
|
||
|
-p udp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535
|
||
|
iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
|
||
|
-p tcp '!' --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535
|
||
|
iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
|
||
|
--destination 255.255.255.255/32 --jump RETURN
|
||
|
iptables --table nat --insert POSTROUTING --source 192.168.122.0/24 \
|
||
|
--destination 224.0.0.0/24 --jump RETURN
|
||
|
iptables --table filter --insert FORWARD --source 192.168.128.0/24 \
|
||
|
--in-interface virbr0 --jump ACCEPT
|
||
|
iptables --table filter --insert FORWARD --destination 192.168.128.0/24 \
|
||
|
--out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT
|
||
|
iptables --table nat --insert POSTROUTING --source 192.168.128.0/24 '!' \
|
||
|
--destination 192.168.128.0/24 --jump MASQUERADE
|
||
|
iptables --table nat --insert POSTROUTING --source 192.168.128.0/24 \
|
||
|
-p udp '!' --destination 192.168.128.0/24 --jump MASQUERADE --to-ports 1024-65535
|
||
|
iptables --table nat --insert POSTROUTING --source 192.168.128.0/24 \
|
||
|
-p tcp '!' --destination 192.168.128.0/24 --jump MASQUERADE --to-ports 1024-65535
|
||
|
iptables --table nat --insert POSTROUTING --source 192.168.128.0/24 \
|
||
|
--destination 255.255.255.255/32 --jump RETURN
|
||
|
iptables --table nat --insert POSTROUTING --source 192.168.128.0/24 \
|
||
|
--destination 224.0.0.0/24 --jump RETURN
|
||
|
iptables --table filter --insert FORWARD --source 192.168.150.0/24 \
|
||
|
--in-interface virbr0 --jump ACCEPT
|
||
|
iptables --table filter --insert FORWARD --destination 192.168.150.0/24 \
|
||
|
--out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT
|
||
|
iptables --table nat --insert POSTROUTING --source 192.168.150.0/24 '!' \
|
||
|
--destination 192.168.150.0/24 --jump MASQUERADE
|
||
|
iptables --table nat --insert POSTROUTING --source 192.168.150.0/24 \
|
||
|
-p udp '!' --destination 192.168.150.0/24 --jump MASQUERADE --to-ports 1024-65535
|
||
|
iptables --table nat --insert POSTROUTING --source 192.168.150.0/24 \
|
||
|
-p tcp '!' --destination 192.168.150.0/24 --jump MASQUERADE --to-ports 1024-65535
|
||
|
iptables --table nat --insert POSTROUTING --source 192.168.150.0/24 \
|
||
|
--destination 255.255.255.255/32 --jump RETURN
|
||
|
iptables --table nat --insert POSTROUTING --source 192.168.150.0/24 \
|
||
|
--destination 224.0.0.0/24 --jump RETURN
|
||
|
iptables --table mangle --insert POSTROUTING --out-interface virbr0 \
|
||
|
--protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill
|