External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-10-24 15:03:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
958aa7f274
libvirt/tests/networkxml2firewalldata/nat-many-ips-linux.nftables
Laine Stump 958aa7f274 network: rename chains used by network driver nftables backend 
Because the chains added by the network driver nftables backend will
go into a table used only by libvirt, we don't need to have "libvirt"
in the chain names. Instead, we can make them more descriptive and
less abrasive (by using lower case, and using full words rather than
abbreviations).

Also (again because nobody else is using the private "libvirt_network"
table) we can directly put our rules into the input ("guest_to_host"),
output ("host_to_guest"), and postrouting ("guest_nat") chains rather
than creating a subordinate chain as done in the iptables backend.

Signed-off-by: Laine Stump <laine@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2024-05-22 23:20:49 -04:00

473 lines
4.5 KiB
Plaintext
Raw Blame History

nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_to_host \
iifname \
virbr0 \
tcp \
dport \
67 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_to_host \
iifname \
virbr0 \
udp \
dport \
67 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
host_to_guest \
oifname \
virbr0 \
tcp \
dport \
68 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
host_to_guest \
oifname \
virbr0 \
udp \
dport \
68 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_to_host \
iifname \
virbr0 \
tcp \
dport \
53 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_to_host \
iifname \
virbr0 \
udp \
dport \
53 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
host_to_guest \
oifname \
virbr0 \
tcp \
dport \
53 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
host_to_guest \
oifname \
virbr0 \
udp \
dport \
53 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_output \
iifname \
virbr0 \
counter \
reject
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_input \
oifname \
virbr0 \
counter \
reject
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_cross \
iifname \
virbr0 \
oifname \
virbr0 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_output \
ip \
saddr \
192.168.122.0/24 \
iifname \
virbr0 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_input \
oifname \
virbr0 \
ip \
daddr \
192.168.122.0/24 \
ct \
state \
related,established \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_nat \
ip \
saddr \
192.168.122.0/24 \
ip \
daddr \
'!=' \
192.168.122.0/24 \
counter \
masquerade
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_nat \
meta \
l4proto \
udp \
ip \
saddr \
192.168.122.0/24 \
ip \
daddr \
'!=' \
192.168.122.0/24 \
counter \
masquerade \
to \
:1024-65535
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_nat \
meta \
l4proto \
tcp \
ip \
saddr \
192.168.122.0/24 \
ip \
daddr \
'!=' \
192.168.122.0/24 \
counter \
masquerade \
to \
:1024-65535
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_nat \
ip \
saddr \
192.168.122.0/24 \
ip \
daddr \
255.255.255.255/32 \
counter \
return
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_nat \
ip \
saddr \
192.168.122.0/24 \
ip \
daddr \
224.0.0.0/24 \
counter \
return
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_output \
ip \
saddr \
192.168.128.0/24 \
iifname \
virbr0 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_input \
oifname \
virbr0 \
ip \
daddr \
192.168.128.0/24 \
ct \
state \
related,established \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_nat \
ip \
saddr \
192.168.128.0/24 \
ip \
daddr \
'!=' \
192.168.128.0/24 \
counter \
masquerade
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_nat \
meta \
l4proto \
udp \
ip \
saddr \
192.168.128.0/24 \
ip \
daddr \
'!=' \
192.168.128.0/24 \
counter \
masquerade \
to \
:1024-65535
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_nat \
meta \
l4proto \
tcp \
ip \
saddr \
192.168.128.0/24 \
ip \
daddr \
'!=' \
192.168.128.0/24 \
counter \
masquerade \
to \
:1024-65535
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_nat \
ip \
saddr \
192.168.128.0/24 \
ip \
daddr \
255.255.255.255/32 \
counter \
return
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_nat \
ip \
saddr \
192.168.128.0/24 \
ip \
daddr \
224.0.0.0/24 \
counter \
return
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_output \
ip \
saddr \
192.168.150.0/24 \
iifname \
virbr0 \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_input \
oifname \
virbr0 \
ip \
daddr \
192.168.150.0/24 \
ct \
state \
related,established \
counter \
accept
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_nat \
ip \
saddr \
192.168.150.0/24 \
ip \
daddr \
'!=' \
192.168.150.0/24 \
counter \
masquerade
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_nat \
meta \
l4proto \
udp \
ip \
saddr \
192.168.150.0/24 \
ip \
daddr \
'!=' \
192.168.150.0/24 \
counter \
masquerade \
to \
:1024-65535
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_nat \
meta \
l4proto \
tcp \
ip \
saddr \
192.168.150.0/24 \
ip \
daddr \
'!=' \
192.168.150.0/24 \
counter \
masquerade \
to \
:1024-65535
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_nat \
ip \
saddr \
192.168.150.0/24 \
ip \
daddr \
255.255.255.255/32 \
counter \
return
nft \
-ae insert \
rule \
ip \
libvirt_network \
guest_nat \
ip \
saddr \
192.168.150.0/24 \
ip \
daddr \
224.0.0.0/24 \
counter \
return
Reference in New Issue View Git Blame Copy Permalink