maoy/rules.v4

## rules.v4
# Generated by iptables-save v1.4.12 on Wed Jun 12 16:26:14 2013
*filter
:INPUT ACCEPT [282786:311755668]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [189653:22627850]
-A FORWARD -p tcp -d 172.31.254.101 --match multiport --dports 443,8774,8773,6080,5000,8776 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -p tcp -d 172.31.254.100 --dport 4040 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

-A INPUT -i br100 -p udp -m udp --dport 53 -j ACCEPT-A INPUT -i br100 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i br100 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i br100 -p tcp -m tcp --dport 67 -j ACCEPT
-A FORWARD -d 172.31.254.0/24 -o br100 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 172.31.254.0/24 -i br100 -j ACCEPT
-A FORWARD -i br100 -o br100 -j ACCEPT
-A FORWARD -o br100 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i br100 -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Wed Jun 12 16:26:14 2013
# Generated by iptables-save v1.4.12 on Wed Jun 12 16:26:14 2013
*mangle
:PREROUTING ACCEPT [978810:1084949380]:INPUT ACCEPT [284356:312025305]
:FORWARD ACCEPT [681489:772524269]
:OUTPUT ACCEPT [189653:22627850]
:POSTROUTING ACCEPT [871076:795147895]
-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A POSTROUTING -o br100 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
COMMIT
# Completed on Wed Jun 12 16:26:14 2013
# Generated by iptables-save v1.4.12 on Wed Jun 12 16:26:14 2013
*nat
:PREROUTING ACCEPT [12:596]
:INPUT ACCEPT [1:48]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -i eth0 -p tcp -m tcp --match multiport --dports 443,8774,8773,6080,5000,8776 -j DNAT --to-destination 172.31.254.101
-A PREROUTING -i eth0 -p tcp -m tcp --dport 4040 -j DNAT --to-destination 172.31.254.100
-A POSTROUTING -s 172.31.254.0/24 ! -d 172.31.254.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 172.31.254.0/24 ! -d 172.31.254.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A POSTROUTING -s 172.31.254.0/24 ! -d 172.31.254.0/24 -j MASQUERADE
COMMIT
# Completed on Wed Jun 12 16:26:14 2013
	# Generated by iptables-save v1.4.12 on Wed Jun 12 16:26:14 2013
	*filter
	:INPUT ACCEPT [282786:311755668]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [189653:22627850]
	-A FORWARD -p tcp -d 172.31.254.101 --match multiport --dports 443,8774,8773,6080,5000,8776 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
	-A FORWARD -p tcp -d 172.31.254.100 --dport 4040 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

	-A INPUT -i br100 -p udp -m udp --dport 53 -j ACCEPT-A INPUT -i br100 -p tcp -m tcp --dport 53 -j ACCEPT
	-A INPUT -i br100 -p udp -m udp --dport 67 -j ACCEPT
	-A INPUT -i br100 -p tcp -m tcp --dport 67 -j ACCEPT
	-A FORWARD -d 172.31.254.0/24 -o br100 -m state --state RELATED,ESTABLISHED -j ACCEPT
	-A FORWARD -s 172.31.254.0/24 -i br100 -j ACCEPT
	-A FORWARD -i br100 -o br100 -j ACCEPT
	-A FORWARD -o br100 -j REJECT --reject-with icmp-port-unreachable
	-A FORWARD -i br100 -j REJECT --reject-with icmp-port-unreachable
	COMMIT
	# Completed on Wed Jun 12 16:26:14 2013
	# Generated by iptables-save v1.4.12 on Wed Jun 12 16:26:14 2013
	*mangle
	:PREROUTING ACCEPT [978810:1084949380]:INPUT ACCEPT [284356:312025305]
	:FORWARD ACCEPT [681489:772524269]
	:OUTPUT ACCEPT [189653:22627850]
	:POSTROUTING ACCEPT [871076:795147895]
	-A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
	-A POSTROUTING -o br100 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
	COMMIT
	# Completed on Wed Jun 12 16:26:14 2013
	# Generated by iptables-save v1.4.12 on Wed Jun 12 16:26:14 2013
	*nat
	:PREROUTING ACCEPT [12:596]
	:INPUT ACCEPT [1:48]
	:OUTPUT ACCEPT [0:0]
	:POSTROUTING ACCEPT [0:0]
	-A PREROUTING -i eth0 -p tcp -m tcp --match multiport --dports 443,8774,8773,6080,5000,8776 -j DNAT --to-destination 172.31.254.101
	-A PREROUTING -i eth0 -p tcp -m tcp --dport 4040 -j DNAT --to-destination 172.31.254.100
	-A POSTROUTING -s 172.31.254.0/24 ! -d 172.31.254.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
	-A POSTROUTING -s 172.31.254.0/24 ! -d 172.31.254.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
	-A POSTROUTING -s 172.31.254.0/24 ! -d 172.31.254.0/24 -j MASQUERADE
	COMMIT
	# Completed on Wed Jun 12 16:26:14 2013