iptables-save-libvirt

# Generated by iptables-save v1.4.21 on Fri Aug  9 11:37:31 2019
*filter
:INPUT ACCEPT [92033804:78962211183]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [100931247:79608484195]
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -d 192.168.122.0/24 -m state --state NEW,RELATED,ESTABLISHED -m comment --comment "OCP - Allow all DNAT FORWARD to guest network" -j ACCEPT
-A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
COMMIT
# Completed on Fri Aug  9 11:37:31 2019
# Generated by iptables-save v1.4.21 on Fri Aug  9 11:37:31 2019
*nat
:PREROUTING ACCEPT [4246072:311210758]
:INPUT ACCEPT [4103088:302197566]
:OUTPUT ACCEPT [5620109:339434758]
:POSTROUTING ACCEPT [5620109:339434758]
-A POSTROUTING -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
-A POSTROUTING -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
COMMIT
# Completed on Fri Aug  9 11:37:31 2019
# Generated by iptables-save v1.4.21 on Fri Aug  9 11:37:31 2019
*mangle
:PREROUTING ACCEPT [98844212:83312616639]
:INPUT ACCEPT [95714017:79251651921]
:FORWARD ACCEPT [3130195:4060964718]
:OUTPUT ACCEPT [100931252:79608485387]
:POSTROUTING ACCEPT [104061447:83669450105]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Fri Aug  9 11:37:31 2019