Alapállapotban (zone=FedoraWorkstation):
table ip6 lxc {
chain postrouting {
type nat hook postrouting priority srcnat; policy accept;
ip6 saddr fc11:4514:1919:810::/64 ip6 daddr != fc11:4514:1919:810::/64 counter packets 2 bytes 281 masquerade
}
}
table inet lxc {
chain input {
type filter hook input priority filter; policy accept;
iifname "lxcbr0" udp dport { 53, 67 } accept
iifname "lxcbr0" tcp dport { 53, 67 } accept
}
chain forward {
type filter hook forward priority filter; policy accept;
iifname "lxcbr0" accept
oifname "lxcbr0" accept
}
}
table ip lxc {
chain postrouting {
type nat hook postrouting priority srcnat; policy accept;
ip saddr 10.0.3.0/24 ip daddr != 10.0.3.0/24 counter packets 1 bytes 234 masquerade
}
}
table inet firewalld {
ct helper helper-netbios-ns-udp {
type "netbios-ns" protocol udp
l3proto ip
}
chain mangle_PREROUTING {
type filter hook prerouting priority mangle + 10; policy accept;
jump mangle_PREROUTING_POLICIES
}
chain mangle_PREROUTING_POLICIES {
iifname "eno1" jump mangle_PRE_policy_allow-host-ipv6
iifname "eno1" jump mangle_PRE_FedoraWorkstation
iifname "eno1" return
jump mangle_PRE_policy_allow-host-ipv6
jump mangle_PRE_FedoraWorkstation
return
}
chain nat_PREROUTING {
type nat hook prerouting priority dstnat + 10; policy accept;
jump nat_PREROUTING_POLICIES
}
chain nat_PREROUTING_POLICIES {
iifname "eno1" jump nat_PRE_policy_allow-host-ipv6
iifname "eno1" jump nat_PRE_FedoraWorkstation
iifname "eno1" return
jump nat_PRE_policy_allow-host-ipv6
jump nat_PRE_FedoraWorkstation
return
}
chain nat_POSTROUTING {
type nat hook postrouting priority srcnat + 10; policy accept;
jump nat_POSTROUTING_POLICIES
}
chain nat_POSTROUTING_POLICIES {
iifname "eno1" oifname "eno1" jump nat_POST_FedoraWorkstation
iifname "eno1" oifname "eno1" return
oifname "eno1" jump nat_POST_FedoraWorkstation
oifname "eno1" return
iifname "eno1" jump nat_POST_FedoraWorkstation
iifname "eno1" return
jump nat_POST_FedoraWorkstation
return
}
chain nat_OUTPUT {
type nat hook output priority dstnat + 10; policy accept;
jump nat_OUTPUT_POLICIES
}
chain nat_OUTPUT_POLICIES {
oifname "eno1" jump nat_OUT_FedoraWorkstation
oifname "eno1" return
jump nat_OUT_FedoraWorkstation
return
}
chain filter_PREROUTING {
type filter hook prerouting priority filter + 10; policy accept;
icmpv6 type { nd-router-advert, nd-neighbor-solicit } accept
meta nfproto ipv6 fib saddr . mark . iif oif missing drop
}
chain filter_INPUT {
type filter hook input priority filter + 10; policy accept;
ct state { established, related } accept
ct status dnat accept
iifname "lo" accept
ct state invalid drop
jump filter_INPUT_POLICIES
reject with icmpx admin-prohibited
}
chain filter_FORWARD {
type filter hook forward priority filter + 10; policy accept;
ct state { established, related } accept
ct status dnat accept
iifname "lo" accept
ct state invalid drop
ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } reject with icmpv6 addr-unreachable
jump filter_FORWARD_POLICIES
reject with icmpx admin-prohibited
}
chain filter_OUTPUT {
type filter hook output priority filter + 10; policy accept;
ct state { established, related } accept
oifname "lo" accept
ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } reject with icmpv6 addr-unreachable
jump filter_OUTPUT_POLICIES
}
chain filter_INPUT_POLICIES {
iifname "eno1" jump filter_IN_policy_allow-host-ipv6
iifname "eno1" jump filter_IN_FedoraWorkstation
iifname "eno1" reject with icmpx admin-prohibited
jump filter_IN_policy_allow-host-ipv6
jump filter_IN_FedoraWorkstation
reject with icmpx admin-prohibited
}
chain filter_FORWARD_POLICIES {
iifname "eno1" oifname "eno1" jump filter_FWD_FedoraWorkstation
iifname "eno1" oifname "eno1" reject with icmpx admin-prohibited
iifname "eno1" jump filter_FWD_FedoraWorkstation
iifname "eno1" reject with icmpx admin-prohibited
oifname "eno1" jump filter_FWD_FedoraWorkstation
oifname "eno1" reject with icmpx admin-prohibited
jump filter_FWD_FedoraWorkstation
reject with icmpx admin-prohibited
}
chain filter_OUTPUT_POLICIES {
oifname "eno1" jump filter_OUT_FedoraWorkstation
oifname "eno1" return
jump filter_OUT_FedoraWorkstation
return
}
chain filter_IN_FedoraWorkstation {
jump filter_IN_FedoraWorkstation_pre
jump filter_IN_FedoraWorkstation_log
jump filter_IN_FedoraWorkstation_deny
jump filter_IN_FedoraWorkstation_allow
jump filter_IN_FedoraWorkstation_post
meta l4proto { icmp, ipv6-icmp } accept
}
chain filter_IN_FedoraWorkstation_pre {
}
chain filter_IN_FedoraWorkstation_log {
}
chain filter_IN_FedoraWorkstation_deny {
}
chain filter_IN_FedoraWorkstation_allow {
ip6 daddr fe80::/64 udp dport 546 accept
tcp dport 22 accept
udp dport 137 ct helper set "helper-netbios-ns-udp"
udp dport 137 accept
udp dport 138 accept
ip daddr 224.0.0.251 udp dport 5353 accept
ip6 daddr ff02::fb udp dport 5353 accept
udp dport 1025-65535 accept
tcp dport 1025-65535 accept
}
chain filter_IN_FedoraWorkstation_post {
}
chain filter_OUT_FedoraWorkstation {
jump filter_OUT_FedoraWorkstation_pre
jump filter_OUT_FedoraWorkstation_log
jump filter_OUT_FedoraWorkstation_deny
jump filter_OUT_FedoraWorkstation_allow
jump filter_OUT_FedoraWorkstation_post
}
chain filter_OUT_FedoraWorkstation_pre {
}
chain filter_OUT_FedoraWorkstation_log {
}
chain filter_OUT_FedoraWorkstation_deny {
}
chain filter_OUT_FedoraWorkstation_allow {
}
chain filter_OUT_FedoraWorkstation_post {
}
chain nat_OUT_FedoraWorkstation {
jump nat_OUT_FedoraWorkstation_pre
jump nat_OUT_FedoraWorkstation_log
jump nat_OUT_FedoraWorkstation_deny
jump nat_OUT_FedoraWorkstation_allow
jump nat_OUT_FedoraWorkstation_post
}
chain nat_OUT_FedoraWorkstation_pre {
}
chain nat_OUT_FedoraWorkstation_log {
}
chain nat_OUT_FedoraWorkstation_deny {
}
chain nat_OUT_FedoraWorkstation_allow {
}
chain nat_OUT_FedoraWorkstation_post {
}
chain nat_POST_FedoraWorkstation {
jump nat_POST_FedoraWorkstation_pre
jump nat_POST_FedoraWorkstation_log
jump nat_POST_FedoraWorkstation_deny
jump nat_POST_FedoraWorkstation_allow
jump nat_POST_FedoraWorkstation_post
}
chain nat_POST_FedoraWorkstation_pre {
}
chain nat_POST_FedoraWorkstation_log {
}
chain nat_POST_FedoraWorkstation_deny {
}
chain nat_POST_FedoraWorkstation_allow {
meta nfproto ipv4 oifname != "lo" masquerade
}
chain nat_POST_FedoraWorkstation_post {
}
chain filter_FWD_FedoraWorkstation {
jump filter_FWD_FedoraWorkstation_pre
jump filter_FWD_FedoraWorkstation_log
jump filter_FWD_FedoraWorkstation_deny
jump filter_FWD_FedoraWorkstation_allow
jump filter_FWD_FedoraWorkstation_post
}
chain filter_FWD_FedoraWorkstation_pre {
}
chain filter_FWD_FedoraWorkstation_log {
}
chain filter_FWD_FedoraWorkstation_deny {
}
chain filter_FWD_FedoraWorkstation_allow {
}
chain filter_FWD_FedoraWorkstation_post {
}
chain nat_PRE_FedoraWorkstation {
jump nat_PRE_FedoraWorkstation_pre
jump nat_PRE_FedoraWorkstation_log
jump nat_PRE_FedoraWorkstation_deny
jump nat_PRE_FedoraWorkstation_allow
jump nat_PRE_FedoraWorkstation_post
}
chain nat_PRE_FedoraWorkstation_pre {
}
chain nat_PRE_FedoraWorkstation_log {
}
chain nat_PRE_FedoraWorkstation_deny {
}
chain nat_PRE_FedoraWorkstation_allow {
}
chain nat_PRE_FedoraWorkstation_post {
}
chain mangle_PRE_FedoraWorkstation {
jump mangle_PRE_FedoraWorkstation_pre
jump mangle_PRE_FedoraWorkstation_log
jump mangle_PRE_FedoraWorkstation_deny
jump mangle_PRE_FedoraWorkstation_allow
jump mangle_PRE_FedoraWorkstation_post
}
chain mangle_PRE_FedoraWorkstation_pre {
}
chain mangle_PRE_FedoraWorkstation_log {
}
chain mangle_PRE_FedoraWorkstation_deny {
}
chain mangle_PRE_FedoraWorkstation_allow {
}
chain mangle_PRE_FedoraWorkstation_post {
}
chain filter_IN_policy_allow-host-ipv6 {
jump filter_IN_policy_allow-host-ipv6_pre
jump filter_IN_policy_allow-host-ipv6_log
jump filter_IN_policy_allow-host-ipv6_deny
jump filter_IN_policy_allow-host-ipv6_allow
jump filter_IN_policy_allow-host-ipv6_post
}
chain filter_IN_policy_allow-host-ipv6_pre {
}
chain filter_IN_policy_allow-host-ipv6_log {
}
chain filter_IN_policy_allow-host-ipv6_deny {
}
chain filter_IN_policy_allow-host-ipv6_allow {
icmpv6 type nd-neighbor-advert accept
icmpv6 type nd-neighbor-solicit accept
icmpv6 type nd-router-advert accept
icmpv6 type nd-redirect accept
}
chain filter_IN_policy_allow-host-ipv6_post {
}
chain nat_PRE_policy_allow-host-ipv6 {
jump nat_PRE_policy_allow-host-ipv6_pre
jump nat_PRE_policy_allow-host-ipv6_log
jump nat_PRE_policy_allow-host-ipv6_deny
jump nat_PRE_policy_allow-host-ipv6_allow
jump nat_PRE_policy_allow-host-ipv6_post
}
chain nat_PRE_policy_allow-host-ipv6_pre {
}
chain nat_PRE_policy_allow-host-ipv6_log {
}
chain nat_PRE_policy_allow-host-ipv6_deny {
}
chain nat_PRE_policy_allow-host-ipv6_allow {
}
chain nat_PRE_policy_allow-host-ipv6_post {
}
chain mangle_PRE_policy_allow-host-ipv6 {
jump mangle_PRE_policy_allow-host-ipv6_pre
jump mangle_PRE_policy_allow-host-ipv6_log
jump mangle_PRE_policy_allow-host-ipv6_deny
jump mangle_PRE_policy_allow-host-ipv6_allow
jump mangle_PRE_policy_allow-host-ipv6_post
}
chain mangle_PRE_policy_allow-host-ipv6_pre {
}
chain mangle_PRE_policy_allow-host-ipv6_log {
}
chain mangle_PRE_policy_allow-host-ipv6_deny {
}
chain mangle_PRE_policy_allow-host-ipv6_allow {
}
chain mangle_PRE_policy_allow-host-ipv6_post {
}
}
Ha kiadom a
sudo firewall-cmd --zone=public --add-forward
sudo firewall-cmd --zone=public --add-forward-port=port=8080:proto=tcp:toport=80:toaddr=192.168.122.236
Akkor is ugyanaz marad az nft list ruleset tartalma. :o
Ha kiadom a két firewalld szbályt --permanent opcióval és reload, akkor sem lehet kapcsolódni. Igaz akkor az nft szabályok között már szerepel két szabály.
table ip6 lxc {
chain postrouting {
type nat hook postrouting priority srcnat; policy accept;
ip6 saddr fc11:4514:1919:810::/64 ip6 daddr != fc11:4514:1919:810::/64 counter packets 2 bytes 281 masquerade
}
}
table inet lxc {
chain input {
type filter hook input priority filter; policy accept;
iifname "lxcbr0" udp dport { 53, 67 } accept
iifname "lxcbr0" tcp dport { 53, 67 } accept
}
chain forward {
type filter hook forward priority filter; policy accept;
iifname "lxcbr0" accept
oifname "lxcbr0" accept
}
}
table ip lxc {
chain postrouting {
type nat hook postrouting priority srcnat; policy accept;
ip saddr 10.0.3.0/24 ip daddr != 10.0.3.0/24 counter packets 1 bytes 234 masquerade
}
}
table inet firewalld {
ct helper helper-netbios-ns-udp {
type "netbios-ns" protocol udp
l3proto ip
}
chain mangle_PREROUTING {
type filter hook prerouting priority mangle + 10; policy accept;
jump mangle_PREROUTING_POLICIES
}
chain mangle_PREROUTING_POLICIES {
iifname "eno1" jump mangle_PRE_policy_allow-host-ipv6
iifname "eno1" jump mangle_PRE_FedoraWorkstation
iifname "eno1" return
jump mangle_PRE_policy_allow-host-ipv6
jump mangle_PRE_FedoraWorkstation
return
}
chain nat_PREROUTING {
type nat hook prerouting priority dstnat + 10; policy accept;
jump nat_PREROUTING_POLICIES
}
chain nat_PREROUTING_POLICIES {
iifname "eno1" jump nat_PRE_policy_allow-host-ipv6
iifname "eno1" jump nat_PRE_FedoraWorkstation
iifname "eno1" return
jump nat_PRE_policy_allow-host-ipv6
jump nat_PRE_FedoraWorkstation
return
}
chain nat_POSTROUTING {
type nat hook postrouting priority srcnat + 10; policy accept;
jump nat_POSTROUTING_POLICIES
}
chain nat_POSTROUTING_POLICIES {
iifname "eno1" oifname "eno1" jump nat_POST_FedoraWorkstation
iifname "eno1" oifname "eno1" return
oifname "eno1" jump nat_POST_FedoraWorkstation
oifname "eno1" return
iifname "eno1" jump nat_POST_FedoraWorkstation
iifname "eno1" return
jump nat_POST_FedoraWorkstation
return
}
chain nat_OUTPUT {
type nat hook output priority dstnat + 10; policy accept;
jump nat_OUTPUT_POLICIES
}
chain nat_OUTPUT_POLICIES {
oifname "eno1" jump nat_OUT_FedoraWorkstation
oifname "eno1" return
jump nat_OUT_FedoraWorkstation
return
}
chain filter_PREROUTING {
type filter hook prerouting priority filter + 10; policy accept;
icmpv6 type { nd-router-advert, nd-neighbor-solicit } accept
meta nfproto ipv6 fib saddr . mark . iif oif missing drop
}
chain filter_INPUT {
type filter hook input priority filter + 10; policy accept;
ct state { established, related } accept
ct status dnat accept
iifname "lo" accept
ct state invalid drop
jump filter_INPUT_POLICIES
reject with icmpx admin-prohibited
}
chain filter_FORWARD {
type filter hook forward priority filter + 10; policy accept;
ct state { established, related } accept
ct status dnat accept
iifname "lo" accept
ct state invalid drop
ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } reject with icmpv6 addr-unreachable
jump filter_FORWARD_POLICIES
reject with icmpx admin-prohibited
}
chain filter_OUTPUT {
type filter hook output priority filter + 10; policy accept;
ct state { established, related } accept
oifname "lo" accept
ip6 daddr { ::/96, ::ffff:0.0.0.0/96, 2002::/24, 2002:a00::/24, 2002:7f00::/24, 2002:a9fe::/32, 2002:ac10::/28, 2002:c0a8::/32, 2002:e000::/19 } reject with icmpv6 addr-unreachable
jump filter_OUTPUT_POLICIES
}
chain filter_INPUT_POLICIES {
iifname "eno1" jump filter_IN_policy_allow-host-ipv6
iifname "eno1" jump filter_IN_FedoraWorkstation
iifname "eno1" reject with icmpx admin-prohibited
jump filter_IN_policy_allow-host-ipv6
jump filter_IN_FedoraWorkstation
reject with icmpx admin-prohibited
}
chain filter_FORWARD_POLICIES {
iifname "eno1" oifname "eno1" jump filter_FWD_FedoraWorkstation
iifname "eno1" oifname "eno1" reject with icmpx admin-prohibited
iifname "eno1" jump filter_FWD_FedoraWorkstation
iifname "eno1" reject with icmpx admin-prohibited
oifname "eno1" jump filter_FWD_FedoraWorkstation
oifname "eno1" reject with icmpx admin-prohibited
jump filter_FWD_FedoraWorkstation
reject with icmpx admin-prohibited
}
chain filter_OUTPUT_POLICIES {
oifname "eno1" jump filter_OUT_FedoraWorkstation
oifname "eno1" return
jump filter_OUT_FedoraWorkstation
return
}
chain filter_IN_FedoraWorkstation {
jump filter_IN_FedoraWorkstation_pre
jump filter_IN_FedoraWorkstation_log
jump filter_IN_FedoraWorkstation_deny
jump filter_IN_FedoraWorkstation_allow
jump filter_IN_FedoraWorkstation_post
meta l4proto { icmp, ipv6-icmp } accept
}
chain filter_IN_FedoraWorkstation_pre {
}
chain filter_IN_FedoraWorkstation_log {
}
chain filter_IN_FedoraWorkstation_deny {
}
chain filter_IN_FedoraWorkstation_allow {
ip6 daddr fe80::/64 udp dport 546 accept
tcp dport 22 accept
udp dport 137 ct helper set "helper-netbios-ns-udp"
udp dport 137 accept
udp dport 138 accept
ip daddr 224.0.0.251 udp dport 5353 accept
ip6 daddr ff02::fb udp dport 5353 accept
udp dport 1025-65535 accept
tcp dport 1025-65535 accept
}
chain filter_IN_FedoraWorkstation_post {
}
chain filter_OUT_FedoraWorkstation {
jump filter_OUT_FedoraWorkstation_pre
jump filter_OUT_FedoraWorkstation_log
jump filter_OUT_FedoraWorkstation_deny
jump filter_OUT_FedoraWorkstation_allow
jump filter_OUT_FedoraWorkstation_post
}
chain filter_OUT_FedoraWorkstation_pre {
}
chain filter_OUT_FedoraWorkstation_log {
}
chain filter_OUT_FedoraWorkstation_deny {
}
chain filter_OUT_FedoraWorkstation_allow {
}
chain filter_OUT_FedoraWorkstation_post {
}
chain nat_OUT_FedoraWorkstation {
jump nat_OUT_FedoraWorkstation_pre
jump nat_OUT_FedoraWorkstation_log
jump nat_OUT_FedoraWorkstation_deny
jump nat_OUT_FedoraWorkstation_allow
jump nat_OUT_FedoraWorkstation_post
}
chain nat_OUT_FedoraWorkstation_pre {
}
chain nat_OUT_FedoraWorkstation_log {
}
chain nat_OUT_FedoraWorkstation_deny {
}
chain nat_OUT_FedoraWorkstation_allow {
}
chain nat_OUT_FedoraWorkstation_post {
}
chain nat_POST_FedoraWorkstation {
jump nat_POST_FedoraWorkstation_pre
jump nat_POST_FedoraWorkstation_log
jump nat_POST_FedoraWorkstation_deny
jump nat_POST_FedoraWorkstation_allow
jump nat_POST_FedoraWorkstation_post
}
chain nat_POST_FedoraWorkstation_pre {
}
chain nat_POST_FedoraWorkstation_log {
}
chain nat_POST_FedoraWorkstation_deny {
}
chain nat_POST_FedoraWorkstation_allow {
meta nfproto ipv4 oifname != "lo" masquerade
}
chain nat_POST_FedoraWorkstation_post {
}
chain filter_FWD_FedoraWorkstation {
jump filter_FWD_FedoraWorkstation_pre
jump filter_FWD_FedoraWorkstation_log
jump filter_FWD_FedoraWorkstation_deny
jump filter_FWD_FedoraWorkstation_allow
jump filter_FWD_FedoraWorkstation_post
}
chain filter_FWD_FedoraWorkstation_pre {
}
chain filter_FWD_FedoraWorkstation_log {
}
chain filter_FWD_FedoraWorkstation_deny {
}
chain filter_FWD_FedoraWorkstation_allow {
oifname "eno1" accept
}
chain filter_FWD_FedoraWorkstation_post {
}
chain nat_PRE_FedoraWorkstation {
jump nat_PRE_FedoraWorkstation_pre
jump nat_PRE_FedoraWorkstation_log
jump nat_PRE_FedoraWorkstation_deny
jump nat_PRE_FedoraWorkstation_allow
jump nat_PRE_FedoraWorkstation_post
}
chain nat_PRE_FedoraWorkstation_pre {
}
chain nat_PRE_FedoraWorkstation_log {
}
chain nat_PRE_FedoraWorkstation_deny {
}
chain nat_PRE_FedoraWorkstation_allow {
meta nfproto ipv4 tcp dport 8080 dnat ip to 192.168.122.236:80
}
chain nat_PRE_FedoraWorkstation_post {
}
chain mangle_PRE_FedoraWorkstation {
jump mangle_PRE_FedoraWorkstation_pre
jump mangle_PRE_FedoraWorkstation_log
jump mangle_PRE_FedoraWorkstation_deny
jump mangle_PRE_FedoraWorkstation_allow
jump mangle_PRE_FedoraWorkstation_post
}
chain mangle_PRE_FedoraWorkstation_pre {
}
chain mangle_PRE_FedoraWorkstation_log {
}
chain mangle_PRE_FedoraWorkstation_deny {
}
chain mangle_PRE_FedoraWorkstation_allow {
}
chain mangle_PRE_FedoraWorkstation_post {
}
chain filter_IN_policy_allow-host-ipv6 {
jump filter_IN_policy_allow-host-ipv6_pre
jump filter_IN_policy_allow-host-ipv6_log
jump filter_IN_policy_allow-host-ipv6_deny
jump filter_IN_policy_allow-host-ipv6_allow
jump filter_IN_policy_allow-host-ipv6_post
}
chain filter_IN_policy_allow-host-ipv6_pre {
}
chain filter_IN_policy_allow-host-ipv6_log {
}
chain filter_IN_policy_allow-host-ipv6_deny {
}
chain filter_IN_policy_allow-host-ipv6_allow {
icmpv6 type nd-neighbor-advert accept
icmpv6 type nd-neighbor-solicit accept
icmpv6 type nd-router-advert accept
icmpv6 type nd-redirect accept
}
chain filter_IN_policy_allow-host-ipv6_post {
}
chain nat_PRE_policy_allow-host-ipv6 {
jump nat_PRE_policy_allow-host-ipv6_pre
jump nat_PRE_policy_allow-host-ipv6_log
jump nat_PRE_policy_allow-host-ipv6_deny
jump nat_PRE_policy_allow-host-ipv6_allow
jump nat_PRE_policy_allow-host-ipv6_post
}
chain nat_PRE_policy_allow-host-ipv6_pre {
}
chain nat_PRE_policy_allow-host-ipv6_log {
}
chain nat_PRE_policy_allow-host-ipv6_deny {
}
chain nat_PRE_policy_allow-host-ipv6_allow {
}
chain nat_PRE_policy_allow-host-ipv6_post {
}
chain mangle_PRE_policy_allow-host-ipv6 {
jump mangle_PRE_policy_allow-host-ipv6_pre
jump mangle_PRE_policy_allow-host-ipv6_log
jump mangle_PRE_policy_allow-host-ipv6_deny
jump mangle_PRE_policy_allow-host-ipv6_allow
jump mangle_PRE_policy_allow-host-ipv6_post
}
chain mangle_PRE_policy_allow-host-ipv6_pre {
}
chain mangle_PRE_policy_allow-host-ipv6_log {
}
chain mangle_PRE_policy_allow-host-ipv6_deny {
}
chain mangle_PRE_policy_allow-host-ipv6_allow {
}
chain mangle_PRE_policy_allow-host-ipv6_post {
}
}