2015-11-06 13:20:06 +00:00
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
--table filter \
2018-12-05 15:53:55 +00:00
--insert LIBVIRT_INP \
2015-11-06 13:20:06 +00:00
--in-interface virbr0 \
--protocol tcp \
--destination-port 67 \
--jump ACCEPT
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
--table filter \
2018-12-05 15:53:55 +00:00
--insert LIBVIRT_INP \
2015-11-06 13:20:06 +00:00
--in-interface virbr0 \
--protocol udp \
--destination-port 67 \
--jump ACCEPT
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
--table filter \
2018-12-05 15:53:55 +00:00
--insert LIBVIRT_OUT \
2015-11-06 13:20:06 +00:00
--out-interface virbr0 \
2019-09-27 17:10:34 +01:00
--protocol tcp \
--destination-port 68 \
--jump ACCEPT
iptables \
2020-11-16 19:20:53 -05:00
-w \
2019-09-27 17:10:34 +01:00
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
2015-11-06 13:20:06 +00:00
--protocol udp \
--destination-port 68 \
--jump ACCEPT
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
--table filter \
2018-12-05 15:53:55 +00:00
--insert LIBVIRT_INP \
2015-11-06 13:20:06 +00:00
--in-interface virbr0 \
--protocol tcp \
--destination-port 53 \
--jump ACCEPT
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
--table filter \
2018-12-05 15:53:55 +00:00
--insert LIBVIRT_INP \
2015-11-06 13:20:06 +00:00
--in-interface virbr0 \
--protocol udp \
--destination-port 53 \
--jump ACCEPT
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
--table filter \
2019-09-27 17:10:34 +01:00
--insert LIBVIRT_OUT \
--out-interface virbr0 \
--protocol tcp \
--destination-port 53 \
--jump ACCEPT
iptables \
2020-11-16 19:20:53 -05:00
-w \
2019-09-27 17:10:34 +01:00
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
--protocol udp \
--destination-port 53 \
--jump ACCEPT
iptables \
2020-11-16 19:20:53 -05:00
-w \
2019-09-27 17:10:34 +01:00
--table filter \
2018-12-05 15:53:55 +00:00
--insert LIBVIRT_FWO \
2015-11-06 13:20:06 +00:00
--in-interface virbr0 \
--jump REJECT
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
--table filter \
2018-12-05 15:53:55 +00:00
--insert LIBVIRT_FWI \
2015-11-06 13:20:06 +00:00
--out-interface virbr0 \
--jump REJECT
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
--table filter \
2018-12-05 15:53:55 +00:00
--insert LIBVIRT_FWX \
2015-11-06 13:20:06 +00:00
--in-interface virbr0 \
--out-interface virbr0 \
--jump ACCEPT
ip6tables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
--table filter \
2018-12-05 15:53:55 +00:00
--insert LIBVIRT_FWO \
2015-11-06 13:20:06 +00:00
--in-interface virbr0 \
--jump REJECT
ip6tables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
--table filter \
2018-12-05 15:53:55 +00:00
--insert LIBVIRT_FWI \
2015-11-06 13:20:06 +00:00
--out-interface virbr0 \
--jump REJECT
ip6tables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
--table filter \
2018-12-05 15:53:55 +00:00
--insert LIBVIRT_FWX \
2015-11-06 13:20:06 +00:00
--in-interface virbr0 \
--out-interface virbr0 \
--jump ACCEPT
ip6tables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
--table filter \
2018-12-05 15:53:55 +00:00
--insert LIBVIRT_INP \
2015-11-06 13:20:06 +00:00
--in-interface virbr0 \
--protocol tcp \
--destination-port 53 \
--jump ACCEPT
ip6tables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
--table filter \
2018-12-05 15:53:55 +00:00
--insert LIBVIRT_INP \
2015-11-06 13:20:06 +00:00
--in-interface virbr0 \
--protocol udp \
--destination-port 53 \
--jump ACCEPT
ip6tables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
--table filter \
2019-09-27 17:10:34 +01:00
--insert LIBVIRT_OUT \
--out-interface virbr0 \
--protocol tcp \
--destination-port 53 \
--jump ACCEPT
ip6tables \
2020-11-16 19:20:53 -05:00
-w \
2019-09-27 17:10:34 +01:00
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
--protocol udp \
--destination-port 53 \
--jump ACCEPT
ip6tables \
2020-11-16 19:20:53 -05:00
-w \
2019-09-27 17:10:34 +01:00
--table filter \
2018-12-05 15:53:55 +00:00
--insert LIBVIRT_INP \
2015-11-06 13:20:06 +00:00
--in-interface virbr0 \
--protocol udp \
--destination-port 547 \
--jump ACCEPT
2019-09-27 17:10:34 +01:00
ip6tables \
2020-11-16 19:20:53 -05:00
-w \
2019-09-27 17:10:34 +01:00
--table filter \
--insert LIBVIRT_OUT \
--out-interface virbr0 \
--protocol udp \
--destination-port 546 \
--jump ACCEPT
2015-11-06 13:20:06 +00:00
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
--table filter \
2018-12-05 15:53:55 +00:00
--insert LIBVIRT_FWO \
2015-11-06 13:20:06 +00:00
--source 192.168.122.0/24 \
--in-interface virbr0 \
--jump ACCEPT
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
--table filter \
2018-12-05 15:53:55 +00:00
--insert LIBVIRT_FWI \
2015-11-06 13:20:06 +00:00
--destination 192.168.122.0/24 \
--out-interface virbr0 \
--match conntrack \
--ctstate ESTABLISHED,RELATED \
--jump ACCEPT
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
--table nat \
2018-12-05 15:53:55 +00:00
--insert LIBVIRT_PRT \
2015-11-06 13:20:06 +00:00
--source 192.168.122.0/24 '!' \
--destination 192.168.122.0/24 \
--jump MASQUERADE
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
--table nat \
2018-12-05 15:53:55 +00:00
--insert LIBVIRT_PRT \
2015-11-06 13:20:06 +00:00
--source 192.168.122.0/24 \
-p udp '!' \
--destination 192.168.122.0/24 \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
--table nat \
2018-12-05 15:53:55 +00:00
--insert LIBVIRT_PRT \
2015-11-06 13:20:06 +00:00
--source 192.168.122.0/24 \
-p tcp '!' \
--destination 192.168.122.0/24 \
--jump MASQUERADE \
--to-ports 1024-65535
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
--table nat \
2018-12-05 15:53:55 +00:00
--insert LIBVIRT_PRT \
2015-11-06 13:20:06 +00:00
--source 192.168.122.0/24 \
--destination 255.255.255.255/32 \
--jump RETURN
iptables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
--table nat \
2018-12-05 15:53:55 +00:00
--insert LIBVIRT_PRT \
2015-11-06 13:20:06 +00:00
--source 192.168.122.0/24 \
--destination 224.0.0.0/24 \
--jump RETURN
ip6tables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
--table filter \
2018-12-05 15:53:55 +00:00
--insert LIBVIRT_FWO \
2015-11-06 13:20:06 +00:00
--source 2001:db8:ca2:2::/64 \
--in-interface virbr0 \
--jump ACCEPT
ip6tables \
2020-11-16 19:20:53 -05:00
-w \
2015-11-06 13:20:06 +00:00
--table filter \
2018-12-05 15:53:55 +00:00
--insert LIBVIRT_FWI \
2015-11-06 13:20:06 +00:00
--destination 2001:db8:ca2:2::/64 \
--out-interface virbr0 \
--jump ACCEPT