#define BRIDGE_NF_CALL_ALERT_INTERVAL 10 /* seconds */
-/*
- * --ctdir original vs. --ctdir reply's meaning was inverted in netfilter
- * at some point (Linux 2.6.39)
- */
-enum ctdirStatus {
- CTDIR_STATUS_UNKNOWN = 0,
- CTDIR_STATUS_CORRECTED = 1,
- CTDIR_STATUS_OLD = 2,
-};
-static enum ctdirStatus iptables_ctdir_corrected;
-
#define PRINT_ROOT_CHAIN(buf, prefix, ifname) \
g_snprintf(buf, sizeof(buf), "libvirt-%c-%s", prefix, ifname)
#define PRINT_CHAIN(buf, prefix, ifname, suffix) \
bool directionIn,
virNWFilterRuleDef *rule)
{
- switch (iptables_ctdir_corrected) {
- case CTDIR_STATUS_UNKNOWN:
- /* could not be determined or s.th. is seriously wrong */
- return;
- case CTDIR_STATUS_CORRECTED:
- directionIn = !directionIn;
- break;
- case CTDIR_STATUS_OLD:
- break;
- }
-
if (rule->tt != VIR_NWFILTER_RULE_DIRECTION_INOUT)
virFirewallRuleAddArgList(fw, fwrule,
"-m", "conntrack",
"--ctdir",
(directionIn ?
- "Original" :
- "Reply"),
+ "Reply" :
+ "Original"),
NULL);
}
.removeBasicRules = ebtablesRemoveBasicRules,
};
-static void
-ebiptablesDriverProbeCtdir(void)
-{
- struct utsname utsname;
- unsigned long thisversion;
-
- iptables_ctdir_corrected = CTDIR_STATUS_UNKNOWN;
-
- if (uname(&utsname) < 0) {
- VIR_ERROR(_("Call to utsname failed: %d"), errno);
- return;
- }
-
- /* following Linux lxr, the logic was inverted in 2.6.39 */
- if (virStringParseVersion(&thisversion, utsname.release, true) < 0) {
- VIR_ERROR(_("Could not determine kernel version from string %s"),
- utsname.release);
- return;
- }
-
- if (thisversion >= 2 * 1000000 + 6 * 1000 + 39)
- iptables_ctdir_corrected = CTDIR_STATUS_CORRECTED;
- else
- iptables_ctdir_corrected = CTDIR_STATUS_OLD;
-}
-
-
static int
ebiptablesDriverInit(bool privileged)
{
if (!privileged)
return 0;
- ebiptablesDriverProbeCtdir();
-
ebiptables_driver.flags = TECHDRV_FLAG_INITIALIZED;
return 0;
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
ip6tables \
-w \
--dscp 2 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
ip6tables \
-w \
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
ip6tables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
ip6tables \
-w \
--dscp 33 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j ACCEPT
ip6tables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
ip6tables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
ip6tables \
-w \
--dscp 33 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j ACCEPT
ip6tables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 2 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
iptables \
-w \
--dscp 33 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j ACCEPT
iptables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
iptables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
iptables \
-w \
--dscp 33 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j ACCEPT
iptables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
ip6tables \
-w \
--dscp 2 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
ip6tables \
-w \
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
ip6tables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
ip6tables \
-w \
--dscp 33 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j ACCEPT
ip6tables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
ip6tables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
ip6tables \
-w \
--dscp 33 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j ACCEPT
ip6tables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 2 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
iptables \
-w \
--dscp 33 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j ACCEPT
iptables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
iptables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
iptables \
-w \
--dscp 33 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j ACCEPT
iptables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
--dport 564:1092 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-m comment \
--comment 'udp rule' \
-j RETURN
--sport 564:1092 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-m comment \
--comment 'udp rule' \
-j ACCEPT
--dport 564:1092 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-m comment \
--comment 'udp rule' \
-j RETURN
--sport 256:4369 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-m comment \
--comment 'tcp/ipv6 rule' \
-j RETURN
--dport 256:4369 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-m comment \
--comment 'tcp/ipv6 rule' \
-j ACCEPT
--sport 256:4369 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-m comment \
--comment 'tcp/ipv6 rule' \
-j RETURN
-p udp \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-m comment \
--comment '`ls`;${COLUMNS};$(ls);"test";&'\''3 spaces'\''' \
-j RETURN
-p udp \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-m comment \
--comment '`ls`;${COLUMNS};$(ls);"test";&'\''3 spaces'\''' \
-j ACCEPT
-p udp \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-m comment \
--comment '`ls`;${COLUMNS};$(ls);"test";&'\''3 spaces'\''' \
-j RETURN
-p sctp \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-m comment \
--comment 'comment with lone '\'', `, ", `, \, $x, and two spaces' \
-j RETURN
-p sctp \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-m comment \
--comment 'comment with lone '\'', `, ", `, \, $x, and two spaces' \
-j ACCEPT
-p sctp \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-m comment \
--comment 'comment with lone '\'', `, ", `, \, $x, and two spaces' \
-j RETURN
-p ah \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-m comment \
--comment 'tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp}' \
-j RETURN
-p ah \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-m comment \
--comment 'tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp}' \
-j ACCEPT
-p ah \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-m comment \
--comment 'tmp=`mktemp`; echo ${RANDOM} > ${tmp} ; cat < ${tmp}; rm -f ${tmp}' \
-j RETURN
-p all \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
-p all \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
-p all \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
ip6tables \
-w \
--dscp 2 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
ip6tables \
-w \
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
ip6tables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
ip6tables \
-w \
--dscp 33 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j ACCEPT
ip6tables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
ip6tables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
ip6tables \
-w \
--dscp 33 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j ACCEPT
ip6tables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 2 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
iptables \
-w \
--dscp 33 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j ACCEPT
iptables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
iptables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
iptables \
-w \
--dscp 33 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j ACCEPT
iptables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
--sport 22 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
iptables \
-w \
--dport 22 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j ACCEPT
iptables \
-w \
--sport 22 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
iptables \
-w \
-p icmp \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
iptables \
-w \
-p icmp \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j ACCEPT
iptables \
-w \
-p icmp \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
iptables \
-w \
-p all \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
iptables \
-w \
-p all \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j ACCEPT
iptables \
-w \
-p all \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
iptables \
-w \
--dport 564:1092 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 564:1092 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 564:1092 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
ip6tables \
-w \
--sport 256:4369 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
ip6tables \
-w \
--dport 256:4369 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j ACCEPT
ip6tables \
-w \
--sport 256:4369 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
-p icmp \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
-p icmp \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
-p icmp \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 2 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
iptables \
-w \
--dscp 33 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j ACCEPT
iptables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
iptables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
iptables \
-w \
--dscp 33 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j ACCEPT
iptables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
-p all \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-m set \
--match-set tck_test src,dst \
-j RETURN
-p all \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-m set \
--match-set tck_test dst,src \
-j ACCEPT
-p all \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-m set \
--match-set tck_test src,dst \
-j RETURN
-p all \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-m set \
--match-set tck_test dst,src,dst \
-j RETURN
-p all \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-m set \
--match-set tck_test src,dst,src \
-j ACCEPT
-p all \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-m set \
--match-set tck_test dst,src,dst \
-j RETURN
-p all \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-m set \
--match-set tck_test dst,src,dst \
-j RETURN
-p all \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-m set \
--match-set tck_test src,dst,src \
-j ACCEPT
-p all \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-m set \
--match-set tck_test dst,src,dst \
-j RETURN
-p all \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-m set \
--match-set tck_test dst,src \
-j RETURN
-p all \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-m set \
--match-set tck_test src,dst \
-j ACCEPT
-p all \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-m set \
--match-set tck_test dst,src \
-j RETURN
--sport 80 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 80 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--sport 80 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 90 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 90 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--sport 90 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 80 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 80 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--sport 80 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
--sport 80 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 80 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--sport 80 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 90 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 90 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--sport 90 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 80 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 80 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--sport 80 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 80 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 80 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--sport 80 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 80 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 80 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--sport 80 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 80 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 80 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--sport 80 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 90 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 90 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--sport 90 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 90 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 90 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--sport 90 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 90 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 90 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--sport 90 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1080 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1080 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1080 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1080 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1080 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1080 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1080 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1080 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1080 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1090 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1090 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1090 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1090 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1090 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1090 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1090 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1090 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1090 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1100 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1100 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1100 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1100 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1100 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1100 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1100 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1100 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1100 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1110 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1110 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1110 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1110 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1110 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1110 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1110 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1110 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1110 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1080 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1080 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1080 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1080 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1080 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1080 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1080 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1080 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1080 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1080 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1080 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1080 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1080 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1080 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1080 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1080 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1080 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1080 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1090 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1090 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1090 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1090 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1090 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1090 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1090 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1090 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1090 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1090 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1090 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1090 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1090 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1090 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1090 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1090 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1090 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1090 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1100 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1100 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1100 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1100 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1100 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1100 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1100 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1100 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1100 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1100 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1100 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1100 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1100 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1100 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1100 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1100 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1100 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1100 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1110 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1110 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1110 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1110 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1110 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1110 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1110 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1110 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1110 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1110 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1110 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1110 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1110 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1110 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1110 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1110 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1110 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1110 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 5 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 5 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dscp 5 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 5 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 5 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dscp 5 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 5 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 5 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dscp 5 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 5 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 5 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dscp 5 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 5 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 5 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dscp 5 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 5 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 5 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dscp 5 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 5 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 5 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dscp 5 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 5 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 5 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dscp 5 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 5 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 5 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dscp 5 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 6 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 6 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dscp 6 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 6 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 6 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dscp 6 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 6 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 6 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dscp 6 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
--sport 80 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 80 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--sport 80 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 90 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 90 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--sport 90 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 80 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 80 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--sport 80 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 90 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 90 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--sport 90 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dport 1100 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 1100 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dport 1100 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
ip6tables \
-w \
--dscp 2 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
ip6tables \
-w \
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
ip6tables \
-w \
--sport 100:1111 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
ip6tables \
-w \
--dport 100:1111 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j ACCEPT
ip6tables \
-w \
--sport 100:1111 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
ip6tables \
-w \
--sport 65535:65535 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
ip6tables \
-w \
--dport 65535:65535 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j ACCEPT
ip6tables \
-w \
--sport 65535:65535 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 2 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 100:1111 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
iptables \
-w \
--dport 100:1111 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j ACCEPT
iptables \
-w \
--sport 100:1111 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
iptables \
-w \
--sport 65535:65535 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
iptables \
-w \
--dport 65535:65535 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j ACCEPT
iptables \
-w \
--sport 65535:65535 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-m comment \
--comment 'accept rule -- dir out' \
-j RETURN
--dscp 2 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-m comment \
--comment 'accept rule -- dir out' \
-j ACCEPT
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-m comment \
--comment 'accept rule -- dir out' \
-j RETURN
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-m comment \
--comment 'accept rule -- dir in' \
-j RETURN
--dscp 33 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-m comment \
--comment 'accept rule -- dir in' \
-j ACCEPT
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-m comment \
--comment 'accept rule -- dir in' \
-j RETURN
--sport 80 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
iptables \
-w \
--dport 80 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j ACCEPT
iptables \
-w \
--sport 80 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
iptables \
-w \
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
ip6tables \
-w \
--dscp 2 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
ip6tables \
-w \
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
ip6tables \
-w \
--sport 100:1111 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
ip6tables \
-w \
--dport 100:1111 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j ACCEPT
ip6tables \
-w \
--sport 100:1111 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
ip6tables \
-w \
--sport 65535:65535 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
ip6tables \
-w \
--dport 65535:65535 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j ACCEPT
ip6tables \
-w \
--sport 65535:65535 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 2 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
ip6tables \
-w \
--dscp 2 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
ip6tables \
-w \
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
ip6tables \
-w \
--sport 100:1111 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
ip6tables \
-w \
--dport 100:1111 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j ACCEPT
ip6tables \
-w \
--sport 100:1111 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
ip6tables \
-w \
--sport 65535:65535 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
ip6tables \
-w \
--dport 65535:65535 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j ACCEPT
ip6tables \
-w \
--sport 65535:65535 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 2 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--sport 100:1111 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
iptables \
-w \
--dport 100:1111 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j ACCEPT
iptables \
-w \
--sport 100:1111 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
iptables \
-w \
--sport 65535:65535 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
iptables \
-w \
--dport 65535:65535 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j ACCEPT
iptables \
-w \
--sport 65535:65535 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
ip6tables \
-w \
--dscp 2 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
ip6tables \
-w \
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
ip6tables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
ip6tables \
-w \
--dscp 33 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j ACCEPT
ip6tables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
ip6tables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
ip6tables \
-w \
--dscp 33 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j ACCEPT
ip6tables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 2 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j ACCEPT
iptables \
-w \
--dscp 2 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j RETURN
iptables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
iptables \
-w \
--dscp 33 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j ACCEPT
iptables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
iptables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
iptables \
-w \
--dscp 33 \
-m conntrack \
--ctstate NEW,ESTABLISHED \
+-m conntrack \
+--ctdir Original \
-j ACCEPT
iptables \
-w \
--dscp 33 \
-m conntrack \
--ctstate ESTABLISHED \
+-m conntrack \
+--ctdir Reply \
-j RETURN
projects / thirdparty / libvirt.git / commitdiff
