iptables \
-w \
-A FJ-vnet0 \
-p tcp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
-m conntrack \
--ctdir Original \
-j RETURN
iptables \
-w \
-A FP-vnet0 \
-p tcp \
--source 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m conntrack \
--ctstate ESTABLISHED \
-m conntrack \
--ctdir Reply \
-j ACCEPT
iptables \
-w \
-A HJ-vnet0 \
-p tcp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
-m conntrack \
--ctdir Original \
-j RETURN
iptables \
-w \
-A FJ-vnet0 \
-p tcp \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 33 \
--dport 20:21 \
--sport 100:1111 \
-j RETURN
iptables \
-w \
-A FP-vnet0 \
-p tcp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/32 \
-m dscp \
--dscp 33 \
--sport 20:21 \
--dport 100:1111 \
-j ACCEPT
iptables \
-w \
-A HJ-vnet0 \
-p tcp \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 33 \
--dport 20:21 \
--sport 100:1111 \
-j RETURN
iptables \
-w \
-A FJ-vnet0 \
-p tcp \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 63 \
--dport 255:256 \
--sport 65535:65535 \
-j RETURN
iptables \
-w \
-A FP-vnet0 \
-p tcp \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/32 \
-m dscp \
--dscp 63 \
--sport 255:256 \
--dport 65535:65535 \
-j ACCEPT
iptables \
-w \
-A HJ-vnet0 \
-p tcp \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 63 \
--dport 255:256 \
--sport 65535:65535 \
-j RETURN
iptables \
-w \
-A FP-vnet0 \
-p tcp \
--tcp-flags SYN ALL \
-j ACCEPT
iptables \
-w \
-A FP-vnet0 \
-p tcp \
--tcp-flags SYN SYN,ACK \
-j ACCEPT
iptables \
-w \
-A FP-vnet0 \
-p tcp \
--tcp-flags RST NONE \
-j ACCEPT
iptables \
-w \
-A FP-vnet0 \
-p tcp \
--tcp-flags PSH NONE \
-j ACCEPT