External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-23 04:55:18 +00:00
Code Issues Packages Projects Releases Wiki Activity
libvirt/tests/networkxml2firewalldata/nat-many-ips-linux.nftables
Laine Stump 0bd7a47356 network: name the nftables table "libvirt_network" rather than "libvirt" 
This way when we implement nftables for the nwfilter driver, we can
create a separate table called "libvirt_nwfilter" and everything will
look all symmetrical and stuff.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2024-05-22 23:20:49 -04:00

473 lines
4.5 KiB
Plaintext
Raw Blame History

nft \
-ae insert \
rule \
ip \
libvirt_network \
LIBVIRT_INP \
iifname \
virbr0 \
tcp \
dport \
67 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
LIBVIRT_INP \
iifname \
virbr0 \
udp \
dport \
67 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
LIBVIRT_OUT \
oifname \
virbr0 \
tcp \
dport \
68 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
LIBVIRT_OUT \
oifname \
virbr0 \
udp \
dport \
68 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
LIBVIRT_INP \
iifname \
virbr0 \
tcp \
dport \
53 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
LIBVIRT_INP \
iifname \
virbr0 \
udp \
dport \
53 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
LIBVIRT_OUT \
oifname \
virbr0 \
tcp \
dport \
53 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
LIBVIRT_OUT \
oifname \
virbr0 \
udp \
dport \
53 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
LIBVIRT_FWO \
iifname \
virbr0 \
counter \
reject
nft \
-ae insert \
rule \
ip \
libvirt_network \
LIBVIRT_FWI \
oifname \
virbr0 \
counter \
reject
nft \
-ae insert \
rule \
ip \
libvirt_network \
LIBVIRT_FWX \
iifname \
virbr0 \
oifname \
virbr0 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
LIBVIRT_FWO \
ip \
saddr \
192.168.122.0/24 \
iifname \
virbr0 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
LIBVIRT_FWI \
oifname \
virbr0 \
ip \
daddr \
192.168.122.0/24 \
ct \
state \
related,established \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
ip \
saddr \
192.168.122.0/24 \
ip \
daddr \
'!=' \
192.168.122.0/24 \
counter \
masquerade
nft \
-ae insert \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
meta \
l4proto \
udp \
ip \
saddr \
192.168.122.0/24 \
ip \
daddr \
'!=' \
192.168.122.0/24 \
counter \
masquerade \
to \
:1024-65535
nft \
-ae insert \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
meta \
l4proto \
tcp \
ip \
saddr \
192.168.122.0/24 \
ip \
daddr \
'!=' \
192.168.122.0/24 \
counter \
masquerade \
to \
:1024-65535
nft \
-ae insert \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
ip \
saddr \
192.168.122.0/24 \
ip \
daddr \
255.255.255.255/32 \
counter \
return
nft \
-ae insert \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
ip \
saddr \
192.168.122.0/24 \
ip \
daddr \
224.0.0.0/24 \
counter \
return
nft \
-ae insert \
rule \
ip \
libvirt_network \
LIBVIRT_FWO \
ip \
saddr \
192.168.128.0/24 \
iifname \
virbr0 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
LIBVIRT_FWI \
oifname \
virbr0 \
ip \
daddr \
192.168.128.0/24 \
ct \
state \
related,established \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
ip \
saddr \
192.168.128.0/24 \
ip \
daddr \
'!=' \
192.168.128.0/24 \
counter \
masquerade
nft \
-ae insert \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
meta \
l4proto \
udp \
ip \
saddr \
192.168.128.0/24 \
ip \
daddr \
'!=' \
192.168.128.0/24 \
counter \
masquerade \
to \
:1024-65535
nft \
-ae insert \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
meta \
l4proto \
tcp \
ip \
saddr \
192.168.128.0/24 \
ip \
daddr \
'!=' \
192.168.128.0/24 \
counter \
masquerade \
to \
:1024-65535
nft \
-ae insert \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
ip \
saddr \
192.168.128.0/24 \
ip \
daddr \
255.255.255.255/32 \
counter \
return
nft \
-ae insert \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
ip \
saddr \
192.168.128.0/24 \
ip \
daddr \
224.0.0.0/24 \
counter \
return
nft \
-ae insert \
rule \
ip \
libvirt_network \
LIBVIRT_FWO \
ip \
saddr \
192.168.150.0/24 \
iifname \
virbr0 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
LIBVIRT_FWI \
oifname \
virbr0 \
ip \
daddr \
192.168.150.0/24 \
ct \
state \
related,established \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
ip \
saddr \
192.168.150.0/24 \
ip \
daddr \
'!=' \
192.168.150.0/24 \
counter \
masquerade
nft \
-ae insert \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
meta \
l4proto \
udp \
ip \
saddr \
192.168.150.0/24 \
ip \
daddr \
'!=' \
192.168.150.0/24 \
counter \
masquerade \
to \
:1024-65535
nft \
-ae insert \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
meta \
l4proto \
tcp \
ip \
saddr \
192.168.150.0/24 \
ip \
daddr \
'!=' \
192.168.150.0/24 \
counter \
masquerade \
to \
:1024-65535
nft \
-ae insert \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
ip \
saddr \
192.168.150.0/24 \
ip \
daddr \
255.255.255.255/32 \
counter \
return
nft \
-ae insert \
rule \
ip \
libvirt_network \
LIBVIRT_PRT \
ip \
saddr \
192.168.150.0/24 \
ip \
daddr \
224.0.0.0/24 \
counter \
return
Reference in New Issue View Git Blame Copy Permalink