pspravin/gist:5ec2b03134ce13983876c0e553e1dae4

## gistfile1.txt
[opc@db01 ~]$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
INPUT_direct  all  --  anywhere             anywhere
INPUT_ZONES_SOURCE  all  --  anywhere             anywhere
INPUT_ZONES  all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere             ctstate INVALID
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
FORWARD_direct  all  --  anywhere             anywhere
FORWARD_IN_ZONES_SOURCE  all  --  anywhere             anywhere
FORWARD_IN_ZONES  all  --  anywhere             anywhere
FORWARD_OUT_ZONES_SOURCE  all  --  anywhere             anywhere
FORWARD_OUT_ZONES  all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere             ctstate INVALID
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
OUTPUT_direct  all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */
ACCEPT     tcp  --  anywhere             169.254.0.2          owner UID match root tcp dpt:iscsi-target /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */
ACCEPT     tcp  --  anywhere             169.254.2.0/24       owner UID match root tcp dpt:iscsi-target /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */
ACCEPT     tcp  --  anywhere             169.254.0.2          tcp dpt:http /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */
ACCEPT     udp  --  anywhere             169.254.169.254      udp dpt:domain /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */
ACCEPT     tcp  --  anywhere             169.254.169.254      tcp dpt:domain /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */
ACCEPT     tcp  --  anywhere             169.254.0.3          owner UID match root tcp dpt:http /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */
ACCEPT     tcp  --  anywhere             169.254.0.4          tcp dpt:http /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */
ACCEPT     tcp  --  anywhere             169.254.169.254      tcp dpt:http /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */
ACCEPT     udp  --  anywhere             169.254.169.254      udp dpt:bootps /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */
ACCEPT     udp  --  anywhere             169.254.169.254      udp dpt:tftp /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */
REJECT     tcp  --  anywhere             link-local/16        tcp /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */ reject-with tcp-reset
REJECT     udp  --  anywhere             link-local/16        udp /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */ reject-with icmp-port-unreachable

Chain FORWARD_IN_ZONES (1 references)
target     prot opt source               destination
FWDI_public  all  --  anywhere             anywhere            [goto]
FWDI_public  all  --  anywhere             anywhere            [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target     prot opt source               destination

Chain FORWARD_OUT_ZONES (1 references)
target     prot opt source               destination
FWDO_public  all  --  anywhere             anywhere            [goto]
FWDO_public  all  --  anywhere             anywhere            [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target     prot opt source               destination

Chain FORWARD_direct (1 references)
target     prot opt source               destination

Chain FWDI_public (2 references)
target     prot opt source               destination
FWDI_public_log  all  --  anywhere             anywhere
FWDI_public_deny  all  --  anywhere             anywhere
FWDI_public_allow  all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere

Chain FWDI_public_allow (1 references)
target     prot opt source               destination

Chain FWDI_public_deny (1 references)
target     prot opt source               destination

Chain FWDI_public_log (1 references)
target     prot opt source               destination

Chain FWDO_public (2 references)
target     prot opt source               destination
FWDO_public_log  all  --  anywhere             anywhere
FWDO_public_deny  all  --  anywhere             anywhere
FWDO_public_allow  all  --  anywhere             anywhere

Chain FWDO_public_allow (1 references)
target     prot opt source               destination

Chain FWDO_public_deny (1 references)
target     prot opt source               destination

Chain FWDO_public_log (1 references)
target     prot opt source               destination

Chain INPUT_ZONES (1 references)
target     prot opt source               destination
IN_public  all  --  anywhere             anywhere            [goto]
IN_public  all  --  anywhere             anywhere            [goto]

Chain INPUT_ZONES_SOURCE (1 references)
target     prot opt source               destination

Chain INPUT_direct (1 references)
target     prot opt source               destination

Chain IN_public (2 references)
target     prot opt source               destination
IN_public_log  all  --  anywhere             anywhere
IN_public_deny  all  --  anywhere             anywhere
IN_public_allow  all  --  anywhere             anywhere
ACCEPT     icmp --  anywhere             anywhere

Chain IN_public_allow (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh ctstate NEW

Chain IN_public_deny (1 references)
target     prot opt source               destination

Chain IN_public_log (1 references)
target     prot opt source               destination

Chain OUTPUT_direct (1 references)
target     prot opt source               destination
	[opc@db01 ~]$ sudo iptables -L
	Chain INPUT (policy ACCEPT)
	target prot opt source destination
	ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
	ACCEPT all -- anywhere anywhere
	INPUT_direct all -- anywhere anywhere
	INPUT_ZONES_SOURCE all -- anywhere anywhere
	INPUT_ZONES all -- anywhere anywhere
	DROP all -- anywhere anywhere ctstate INVALID
	REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

	Chain FORWARD (policy ACCEPT)
	target prot opt source destination
	ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
	ACCEPT all -- anywhere anywhere
	FORWARD_direct all -- anywhere anywhere
	FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
	FORWARD_IN_ZONES all -- anywhere anywhere
	FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
	FORWARD_OUT_ZONES all -- anywhere anywhere
	DROP all -- anywhere anywhere ctstate INVALID
	REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

	Chain OUTPUT (policy ACCEPT)
	target prot opt source destination
	OUTPUT_direct all -- anywhere anywhere
	ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */
	ACCEPT tcp -- anywhere 169.254.0.2 owner UID match root tcp dpt:iscsi-target /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */
	ACCEPT tcp -- anywhere 169.254.2.0/24 owner UID match root tcp dpt:iscsi-target /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */
	ACCEPT tcp -- anywhere 169.254.0.2 tcp dpt:http /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */
	ACCEPT udp -- anywhere 169.254.169.254 udp dpt:domain /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */
	ACCEPT tcp -- anywhere 169.254.169.254 tcp dpt:domain /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */
	ACCEPT tcp -- anywhere 169.254.0.3 owner UID match root tcp dpt:http /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */
	ACCEPT tcp -- anywhere 169.254.0.4 tcp dpt:http /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */
	ACCEPT tcp -- anywhere 169.254.169.254 tcp dpt:http /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */
	ACCEPT udp -- anywhere 169.254.169.254 udp dpt:bootps /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */
	ACCEPT udp -- anywhere 169.254.169.254 udp dpt:tftp /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */
	REJECT tcp -- anywhere link-local/16 tcp /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */ reject-with tcp-reset
	REJECT udp -- anywhere link-local/16 udp /* See the Oracle-Provided Images section in the Oracle Bare Metal documentation for security impact of modifying or removing this rule */ reject-with icmp-port-unreachable

	Chain FORWARD_IN_ZONES (1 references)
	target prot opt source destination
	FWDI_public all -- anywhere anywhere [goto]
	FWDI_public all -- anywhere anywhere [goto]

	Chain FORWARD_IN_ZONES_SOURCE (1 references)
	target prot opt source destination

	Chain FORWARD_OUT_ZONES (1 references)
	target prot opt source destination
	FWDO_public all -- anywhere anywhere [goto]
	FWDO_public all -- anywhere anywhere [goto]

	Chain FORWARD_OUT_ZONES_SOURCE (1 references)
	target prot opt source destination

	Chain FORWARD_direct (1 references)
	target prot opt source destination

	Chain FWDI_public (2 references)
	target prot opt source destination
	FWDI_public_log all -- anywhere anywhere
	FWDI_public_deny all -- anywhere anywhere
	FWDI_public_allow all -- anywhere anywhere
	ACCEPT icmp -- anywhere anywhere

	Chain FWDI_public_allow (1 references)
	target prot opt source destination

	Chain FWDI_public_deny (1 references)
	target prot opt source destination

	Chain FWDI_public_log (1 references)
	target prot opt source destination

	Chain FWDO_public (2 references)
	target prot opt source destination
	FWDO_public_log all -- anywhere anywhere
	FWDO_public_deny all -- anywhere anywhere
	FWDO_public_allow all -- anywhere anywhere

	Chain FWDO_public_allow (1 references)
	target prot opt source destination

	Chain FWDO_public_deny (1 references)
	target prot opt source destination

	Chain FWDO_public_log (1 references)
	target prot opt source destination

	Chain INPUT_ZONES (1 references)
	target prot opt source destination
	IN_public all -- anywhere anywhere [goto]
	IN_public all -- anywhere anywhere [goto]

	Chain INPUT_ZONES_SOURCE (1 references)
	target prot opt source destination

	Chain INPUT_direct (1 references)
	target prot opt source destination

	Chain IN_public (2 references)
	target prot opt source destination
	IN_public_log all -- anywhere anywhere
	IN_public_deny all -- anywhere anywhere
	IN_public_allow all -- anywhere anywhere
	ACCEPT icmp -- anywhere anywhere

	Chain IN_public_allow (1 references)
	target prot opt source destination
	ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW

	Chain IN_public_deny (1 references)
	target prot opt source destination

	Chain IN_public_log (1 references)
	target prot opt source destination

	Chain OUTPUT_direct (1 references)
	target prot opt source destination