2015-11-06 13:20:06 +00:00
ebtables \
2020-11-16 19:20:53 -05:00
--concurrent \
2015-11-06 13:20:06 +00:00
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-p 0x806 \
-j ACCEPT
ebtables \
2020-11-16 19:20:53 -05:00
--concurrent \
2015-11-06 13:20:06 +00:00
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-p 0x806 \
-j DROP
ebtables \
2020-11-16 19:20:53 -05:00
--concurrent \
2015-11-06 13:20:06 +00:00
-t nat \
-A libvirt-J-vnet0 \
-s 01:02:03:04:05:06/ff:ff:ff:ff:ff:ff \
-p 0x806 \
-j DROP
ebtables \
2020-11-16 19:20:53 -05:00
--concurrent \
2015-11-06 13:20:06 +00:00
-t nat \
-A libvirt-P-vnet0 \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0x800 \
-j ACCEPT
ebtables \
2020-11-16 19:20:53 -05:00
--concurrent \
2015-11-06 13:20:06 +00:00
-t nat \
-A libvirt-P-vnet0 \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0x800 \
-j DROP
ebtables \
2020-11-16 19:20:53 -05:00
--concurrent \
2015-11-06 13:20:06 +00:00
-t nat \
-A libvirt-P-vnet0 \
-d aa:bb:cc:dd:ee:ff/ff:ff:ff:ff:ff:ff \
-p 0x800 \
-j DROP
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
-A FJ-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
2022-02-25 16:24:21 +00:00
-m conntrack \
--ctstate NEW,ESTABLISHED \
2022-02-25 16:28:32 +00:00
-m conntrack \
--ctdir Original \
2015-11-06 13:20:06 +00:00
-m comment \
2021-04-06 14:19:40 +02:00
--comment 'accept rule -- dir out' \
2015-11-06 13:20:06 +00:00
-j RETURN
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
-A FP-vnet0 \
-p all \
--source 10.1.2.3/32 \
-m dscp \
--dscp 2 \
2022-02-25 16:24:21 +00:00
-m conntrack \
--ctstate ESTABLISHED \
2022-02-25 16:28:32 +00:00
-m conntrack \
--ctdir Reply \
2015-11-06 13:20:06 +00:00
-m comment \
2021-04-06 14:19:40 +02:00
--comment 'accept rule -- dir out' \
2015-11-06 13:20:06 +00:00
-j ACCEPT
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
-A HJ-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
2022-02-25 16:24:21 +00:00
-m conntrack \
--ctstate NEW,ESTABLISHED \
2022-02-25 16:28:32 +00:00
-m conntrack \
--ctdir Original \
2015-11-06 13:20:06 +00:00
-m comment \
2021-04-06 14:19:40 +02:00
--comment 'accept rule -- dir out' \
2015-11-06 13:20:06 +00:00
-j RETURN
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
-A FJ-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m comment \
2021-04-06 14:19:40 +02:00
--comment 'drop rule -- dir out' \
2015-11-06 13:20:06 +00:00
-j DROP
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
-A FP-vnet0 \
-p all \
--source 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m comment \
2021-04-06 14:19:40 +02:00
--comment 'drop rule -- dir out' \
2015-11-06 13:20:06 +00:00
-j DROP
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
-A HJ-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m comment \
2021-04-06 14:19:40 +02:00
--comment 'drop rule -- dir out' \
2014-04-01 07:19:38 +01:00
-j DROP
2015-11-06 13:20:06 +00:00
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
-A FJ-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m comment \
2021-04-06 14:19:40 +02:00
--comment 'reject rule -- dir out' \
2015-11-06 13:20:06 +00:00
-j REJECT
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
-A FP-vnet0 \
-p all \
--source 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m comment \
2021-04-06 14:19:40 +02:00
--comment 'reject rule -- dir out' \
2015-11-06 13:20:06 +00:00
-j REJECT
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
-A HJ-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--destination 10.1.2.3/32 \
-m dscp \
--dscp 2 \
-m comment \
2021-04-06 14:19:40 +02:00
--comment 'reject rule -- dir out' \
2015-11-06 13:20:06 +00:00
-j REJECT
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
-A FJ-vnet0 \
-p all \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
2022-02-25 16:24:21 +00:00
-m conntrack \
--ctstate ESTABLISHED \
2022-02-25 16:28:32 +00:00
-m conntrack \
--ctdir Reply \
2015-11-06 13:20:06 +00:00
-m comment \
2021-04-06 14:19:40 +02:00
--comment 'accept rule -- dir in' \
2015-11-06 13:20:06 +00:00
-j RETURN
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
-A FP-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 \
-m dscp \
--dscp 33 \
2022-02-25 16:24:21 +00:00
-m conntrack \
--ctstate NEW,ESTABLISHED \
2022-02-25 16:28:32 +00:00
-m conntrack \
--ctdir Original \
2015-11-06 13:20:06 +00:00
-m comment \
2021-04-06 14:19:40 +02:00
--comment 'accept rule -- dir in' \
2015-11-06 13:20:06 +00:00
-j ACCEPT
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
-A HJ-vnet0 \
-p all \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
2022-02-25 16:24:21 +00:00
-m conntrack \
--ctstate ESTABLISHED \
2022-02-25 16:28:32 +00:00
-m conntrack \
--ctdir Reply \
2015-11-06 13:20:06 +00:00
-m comment \
2021-04-06 14:19:40 +02:00
--comment 'accept rule -- dir in' \
2015-11-06 13:20:06 +00:00
-j RETURN
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
-A FJ-vnet0 \
-p all \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m comment \
2021-04-06 14:19:40 +02:00
--comment 'drop rule -- dir in' \
2015-11-06 13:20:06 +00:00
-j DROP
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
-A FP-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m comment \
2021-04-06 14:19:40 +02:00
--comment 'drop rule -- dir in' \
2015-11-06 13:20:06 +00:00
-j DROP
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
-A HJ-vnet0 \
-p all \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m comment \
2021-04-06 14:19:40 +02:00
--comment 'drop rule -- dir in' \
2015-11-06 13:20:06 +00:00
-j DROP
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
-A FJ-vnet0 \
-p all \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m comment \
2021-04-06 14:19:40 +02:00
--comment 'reject rule -- dir in' \
2015-11-06 13:20:06 +00:00
-j REJECT
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
-A FP-vnet0 \
-p all \
-m mac \
--mac-source 01:02:03:04:05:06 \
--source 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m comment \
2021-04-06 14:19:40 +02:00
--comment 'reject rule -- dir in' \
2015-11-06 13:20:06 +00:00
-j REJECT
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
-A HJ-vnet0 \
-p all \
--destination 10.1.2.3/22 \
-m dscp \
--dscp 33 \
-m comment \
2021-04-06 14:19:40 +02:00
--comment 'reject rule -- dir in' \
2014-04-01 07:19:38 +01:00
-j REJECT
2015-11-06 13:20:06 +00:00
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
-A FJ-vnet0 \
-p all \
-m comment \
2021-04-06 14:19:40 +02:00
--comment 'accept rule -- dir inout' \
2014-04-01 07:19:38 +01:00
-j RETURN
2015-11-06 13:20:06 +00:00
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
-A FP-vnet0 \
-p all \
-m comment \
2021-04-06 14:19:40 +02:00
--comment 'accept rule -- dir inout' \
2014-04-01 07:19:38 +01:00
-j ACCEPT
2015-11-06 13:20:06 +00:00
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
-A HJ-vnet0 \
-p all \
-m comment \
2021-04-06 14:19:40 +02:00
--comment 'accept rule -- dir inout' \
2014-04-01 07:19:38 +01:00
-j RETURN
2015-11-06 13:20:06 +00:00
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
-A FJ-vnet0 \
-p all \
-m comment \
2021-04-06 14:19:40 +02:00
--comment 'drop rule -- dir inout' \
2014-04-01 07:19:38 +01:00
-j DROP
2015-11-06 13:20:06 +00:00
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
-A FP-vnet0 \
-p all \
-m comment \
2021-04-06 14:19:40 +02:00
--comment 'drop rule -- dir inout' \
2014-04-01 07:19:38 +01:00
-j DROP
2015-11-06 13:20:06 +00:00
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
-A HJ-vnet0 \
-p all \
-m comment \
2021-04-06 14:19:40 +02:00
--comment 'drop rule -- dir inout' \
2014-04-01 07:19:38 +01:00
-j DROP
2015-11-06 13:20:06 +00:00
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
-A FJ-vnet0 \
-p all \
-m comment \
2021-04-06 14:19:40 +02:00
--comment 'reject rule -- dir inout' \
2014-04-01 07:19:38 +01:00
-j REJECT
2015-11-06 13:20:06 +00:00
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
-A FP-vnet0 \
-p all \
-m comment \
2021-04-06 14:19:40 +02:00
--comment 'reject rule -- dir inout' \
2014-04-01 07:19:38 +01:00
-j REJECT
2015-11-06 13:20:06 +00:00
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
-A HJ-vnet0 \
-p all \
-m comment \
2021-04-06 14:19:40 +02:00
--comment 'reject rule -- dir inout' \
2014-04-01 07:19:38 +01:00
-j REJECT
