sudo iptables-save
# Generated by iptables-save v1.8.3 on Fri Jan 31 15:42:52 2020
*mangle
:PREROUTING ACCEPT [520317:774840240]
:INPUT ACCEPT [225614:487844351]
:FORWARD ACCEPT [294694:286993849]
:OUTPUT ACCEPT [147667:12676279]
:POSTROUTING ACCEPT [442361:299670128]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
:POSTROUTING_direct - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_direct - [0:0]
:PRE_FedoraWorkstation - [0:0]
:PRE_FedoraWorkstation_allow - [0:0]
:PRE_FedoraWorkstation_deny - [0:0]
:PRE_FedoraWorkstation_log - [0:0]
:PRE_FedoraWorkstation_post - [0:0]
:PRE_FedoraWorkstation_pre - [0:0]
:PRE_trusted - [0:0]
:PRE_trusted_allow - [0:0]
:PRE_trusted_deny - [0:0]
:PRE_trusted_log - [0:0]
:PRE_trusted_post - [0:0]
:PRE_trusted_pre - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j POSTROUTING_direct
-A PREROUTING_ZONES -i enp3s0 -g PRE_FedoraWorkstation
-A PREROUTING_ZONES -i docker0 -g PRE_trusted
-A PREROUTING_ZONES -g PRE_FedoraWorkstation
-A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_pre
-A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_log
-A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_deny
-A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_allow
-A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_post
-A PRE_trusted -j PRE_trusted_pre
-A PRE_trusted -j PRE_trusted_log
-A PRE_trusted -j PRE_trusted_deny
-A PRE_trusted -j PRE_trusted_allow
-A PRE_trusted -j PRE_trusted_post
COMMIT
# Completed on Fri Jan 31 15:42:52 2020
# Generated by iptables-save v1.8.3 on Fri Jan 31 15:42:52 2020
*raw
:PREROUTING ACCEPT [520317:774840240]
:OUTPUT ACCEPT [147667:12676279]
:OUTPUT_direct - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_direct - [0:0]
:PRE_FedoraWorkstation - [0:0]
:PRE_FedoraWorkstation_allow - [0:0]
:PRE_FedoraWorkstation_deny - [0:0]
:PRE_FedoraWorkstation_log - [0:0]
:PRE_FedoraWorkstation_post - [0:0]
:PRE_FedoraWorkstation_pre - [0:0]
:PRE_trusted - [0:0]
:PRE_trusted_allow - [0:0]
:PRE_trusted_deny - [0:0]
:PRE_trusted_log - [0:0]
:PRE_trusted_post - [0:0]
:PRE_trusted_pre - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES
-A OUTPUT -j OUTPUT_direct
-A PREROUTING_ZONES -i enp3s0 -g PRE_FedoraWorkstation
-A PREROUTING_ZONES -i docker0 -g PRE_trusted
-A PREROUTING_ZONES -g PRE_FedoraWorkstation
-A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_pre
-A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_log
-A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_deny
-A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_allow
-A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_post
-A PRE_FedoraWorkstation_allow -p udp -m udp --dport 137 -j CT --helper netbios-ns
-A PRE_trusted -j PRE_trusted_pre
-A PRE_trusted -j PRE_trusted_log
-A PRE_trusted -j PRE_trusted_deny
-A PRE_trusted -j PRE_trusted_allow
-A PRE_trusted -j PRE_trusted_post
COMMIT
# Completed on Fri Jan 31 15:42:52 2020
# Generated by iptables-save v1.8.3 on Fri Jan 31 15:42:52 2020
*security
:INPUT ACCEPT [225355:487825780]
:FORWARD ACCEPT [294694:286993849]
:OUTPUT ACCEPT [147667:12676279]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
COMMIT
# Completed on Fri Jan 31 15:42:52 2020
# Generated by iptables-save v1.8.3 on Fri Jan 31 15:42:52 2020
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [144283:12360136]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-USER - [0:0]
:FORWARD_IN_ZONES - [0:0]
:FORWARD_OUT_ZONES - [0:0]
:FORWARD_direct - [0:0]
:FWDI_FedoraWorkstation - [0:0]
:FWDI_FedoraWorkstation_allow - [0:0]
:FWDI_FedoraWorkstation_deny - [0:0]
:FWDI_FedoraWorkstation_log - [0:0]
:FWDI_FedoraWorkstation_post - [0:0]
:FWDI_FedoraWorkstation_pre - [0:0]
:FWDI_trusted - [0:0]
:FWDI_trusted_allow - [0:0]
:FWDI_trusted_deny - [0:0]
:FWDI_trusted_log - [0:0]
:FWDI_trusted_post - [0:0]
:FWDI_trusted_pre - [0:0]
:FWDO_FedoraWorkstation - [0:0]
:FWDO_FedoraWorkstation_allow - [0:0]
:FWDO_FedoraWorkstation_deny - [0:0]
:FWDO_FedoraWorkstation_log - [0:0]
:FWDO_FedoraWorkstation_post - [0:0]
:FWDO_FedoraWorkstation_pre - [0:0]
:FWDO_trusted - [0:0]
:FWDO_trusted_allow - [0:0]
:FWDO_trusted_deny - [0:0]
:FWDO_trusted_log - [0:0]
:FWDO_trusted_post - [0:0]
:FWDO_trusted_pre - [0:0]
:INPUT_ZONES - [0:0]
:INPUT_direct - [0:0]
:IN_FedoraWorkstation - [0:0]
:IN_FedoraWorkstation_allow - [0:0]
:IN_FedoraWorkstation_deny - [0:0]
:IN_FedoraWorkstation_log - [0:0]
:IN_FedoraWorkstation_post - [0:0]
:IN_FedoraWorkstation_pre - [0:0]
:IN_trusted - [0:0]
:IN_trusted_allow - [0:0]
:IN_trusted_deny - [0:0]
:IN_trusted_log - [0:0]
:IN_trusted_post - [0:0]
:IN_trusted_pre - [0:0]
:OUTPUT_direct - [0:0]
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED,DNAT -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j INPUT_direct
-A INPUT -j INPUT_ZONES
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -o docker_gwbridge -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker_gwbridge -j DOCKER
-A FORWARD -i docker_gwbridge ! -o docker_gwbridge -j ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED,DNAT -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -j FORWARD_direct
-A FORWARD -j FORWARD_IN_ZONES
-A FORWARD -j FORWARD_OUT_ZONES
-A FORWARD -m conntrack --ctstate INVALID -j DROP
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -i docker_gwbridge -o docker_gwbridge -j DROP
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -j OUTPUT_direct
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN
-A FORWARD_IN_ZONES -i enp3s0 -g FWDI_FedoraWorkstation
-A FORWARD_IN_ZONES -i docker0 -g FWDI_trusted
-A FORWARD_IN_ZONES -g FWDI_FedoraWorkstation
-A FORWARD_OUT_ZONES -o enp3s0 -g FWDO_FedoraWorkstation
-A FORWARD_OUT_ZONES -o docker0 -g FWDO_trusted
-A FORWARD_OUT_ZONES -g FWDO_FedoraWorkstation
-A FWDI_FedoraWorkstation -j FWDI_FedoraWorkstation_pre
-A FWDI_FedoraWorkstation -j FWDI_FedoraWorkstation_log
-A FWDI_FedoraWorkstation -j FWDI_FedoraWorkstation_deny
-A FWDI_FedoraWorkstation -j FWDI_FedoraWorkstation_allow
-A FWDI_FedoraWorkstation -j FWDI_FedoraWorkstation_post
-A FWDI_FedoraWorkstation -p icmp -j ACCEPT
-A FWDI_trusted -j FWDI_trusted_pre
-A FWDI_trusted -j FWDI_trusted_log
-A FWDI_trusted -j FWDI_trusted_deny
-A FWDI_trusted -j FWDI_trusted_allow
-A FWDI_trusted -j FWDI_trusted_post
-A FWDI_trusted -j ACCEPT
-A FWDO_FedoraWorkstation -j FWDO_FedoraWorkstation_pre
-A FWDO_FedoraWorkstation -j FWDO_FedoraWorkstation_log
-A FWDO_FedoraWorkstation -j FWDO_FedoraWorkstation_deny
-A FWDO_FedoraWorkstation -j FWDO_FedoraWorkstation_allow
-A FWDO_FedoraWorkstation -j FWDO_FedoraWorkstation_post
-A FWDO_trusted -j FWDO_trusted_pre
-A FWDO_trusted -j FWDO_trusted_log
-A FWDO_trusted -j FWDO_trusted_deny
-A FWDO_trusted -j FWDO_trusted_allow
-A FWDO_trusted -j FWDO_trusted_post
-A FWDO_trusted -j ACCEPT
-A INPUT_ZONES -i enp3s0 -g IN_FedoraWorkstation
-A INPUT_ZONES -i docker0 -g IN_trusted
-A INPUT_ZONES -g IN_FedoraWorkstation
-A IN_FedoraWorkstation -j IN_FedoraWorkstation_pre
-A IN_FedoraWorkstation -j IN_FedoraWorkstation_log
-A IN_FedoraWorkstation -j IN_FedoraWorkstation_deny
-A IN_FedoraWorkstation -j IN_FedoraWorkstation_allow
-A IN_FedoraWorkstation -j IN_FedoraWorkstation_post
-A IN_FedoraWorkstation -p icmp -j ACCEPT
-A IN_FedoraWorkstation_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_FedoraWorkstation_allow -p udp -m udp --dport 137 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_FedoraWorkstation_allow -p udp -m udp --dport 138 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_FedoraWorkstation_allow -d 224.0.0.251/32 -p udp -m udp --dport 5353 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_FedoraWorkstation_allow -p tcp -m tcp --dport 53 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_FedoraWorkstation_allow -p udp -m udp --dport 53 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_FedoraWorkstation_allow -p tcp -m tcp --dport 5601 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_trusted -j IN_trusted_pre
-A IN_trusted -j IN_trusted_log
-A IN_trusted -j IN_trusted_deny
-A IN_trusted -j IN_trusted_allow
-A IN_trusted -j IN_trusted_post
-A IN_trusted -j ACCEPT
COMMIT
# Completed on Fri Jan 31 15:42:52 2020
# Generated by iptables-save v1.8.3 on Fri Jan 31 15:42:52 2020
*nat
:PREROUTING ACCEPT [523:35765]
:INPUT ACCEPT [237:12922]
:OUTPUT ACCEPT [1504:101927]
:POSTROUTING ACCEPT [1504:101927]
:DOCKER - [0:0]
:OUTPUT_direct - [0:0]
:POSTROUTING_ZONES - [0:0]
:POSTROUTING_direct - [0:0]
:POST_FedoraWorkstation - [0:0]
:POST_FedoraWorkstation_allow - [0:0]
:POST_FedoraWorkstation_deny - [0:0]
:POST_FedoraWorkstation_log - [0:0]
:POST_FedoraWorkstation_post - [0:0]
:POST_FedoraWorkstation_pre - [0:0]
:POST_trusted - [0:0]
:POST_trusted_allow - [0:0]
:POST_trusted_deny - [0:0]
:POST_trusted_log - [0:0]
:POST_trusted_post - [0:0]
:POST_trusted_pre - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_direct - [0:0]
:PRE_FedoraWorkstation - [0:0]
:PRE_FedoraWorkstation_allow - [0:0]
:PRE_FedoraWorkstation_deny - [0:0]
:PRE_FedoraWorkstation_log - [0:0]
:PRE_FedoraWorkstation_post - [0:0]
:PRE_FedoraWorkstation_pre - [0:0]
:PRE_trusted - [0:0]
:PRE_trusted_allow - [0:0]
:PRE_trusted_deny - [0:0]
:PRE_trusted_log - [0:0]
:PRE_trusted_post - [0:0]
:PRE_trusted_pre - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT -j OUTPUT_direct
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/20 ! -o docker0 -j MASQUERADE
-A POSTROUTING -s 172.18.0.0/16 ! -o docker_gwbridge -j MASQUERADE
-A POSTROUTING -j POSTROUTING_direct
-A POSTROUTING -j POSTROUTING_ZONES
-A DOCKER -i docker0 -j RETURN
-A DOCKER -i docker_gwbridge -j RETURN
-A POSTROUTING_ZONES -o enp3s0 -g POST_FedoraWorkstation
-A POSTROUTING_ZONES -o docker0 -g POST_trusted
-A POSTROUTING_ZONES -g POST_FedoraWorkstation
-A POST_FedoraWorkstation -j POST_FedoraWorkstation_pre
-A POST_FedoraWorkstation -j POST_FedoraWorkstation_log
-A POST_FedoraWorkstation -j POST_FedoraWorkstation_deny
-A POST_FedoraWorkstation -j POST_FedoraWorkstation_allow
-A POST_FedoraWorkstation -j POST_FedoraWorkstation_post
-A POST_trusted -j POST_trusted_pre
-A POST_trusted -j POST_trusted_log
-A POST_trusted -j POST_trusted_deny
-A POST_trusted -j POST_trusted_allow
-A POST_trusted -j POST_trusted_post
-A PREROUTING_ZONES -i enp3s0 -g PRE_FedoraWorkstation
-A PREROUTING_ZONES -i docker0 -g PRE_trusted
-A PREROUTING_ZONES -g PRE_FedoraWorkstation
-A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_pre
-A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_log
-A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_deny
-A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_allow
-A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_post
-A PRE_trusted -j PRE_trusted_pre
-A PRE_trusted -j PRE_trusted_log
-A PRE_trusted -j PRE_trusted_deny
-A PRE_trusted -j PRE_trusted_allow
-A PRE_trusted -j PRE_trusted_post
COMMIT
# Completed on Fri Jan 31 15:42:52 2020


-------------------------------------------------------------------------------
-------------------------------------------------------------------------------


sudo ip6tables-save
# Generated by ip6tables-save v1.8.3 on Fri Jan 31 15:43:29 2020
*nat
:PREROUTING ACCEPT [2473:171495]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [232:21018]
:POSTROUTING ACCEPT [2663:180313]
:OUTPUT_direct - [0:0]
:POSTROUTING_ZONES - [0:0]
:POSTROUTING_direct - [0:0]
:POST_FedoraWorkstation - [0:0]
:POST_FedoraWorkstation_allow - [0:0]
:POST_FedoraWorkstation_deny - [0:0]
:POST_FedoraWorkstation_log - [0:0]
:POST_FedoraWorkstation_post - [0:0]
:POST_FedoraWorkstation_pre - [0:0]
:POST_trusted - [0:0]
:POST_trusted_allow - [0:0]
:POST_trusted_deny - [0:0]
:POST_trusted_log - [0:0]
:POST_trusted_post - [0:0]
:POST_trusted_pre - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_direct - [0:0]
:PRE_FedoraWorkstation - [0:0]
:PRE_FedoraWorkstation_allow - [0:0]
:PRE_FedoraWorkstation_deny - [0:0]
:PRE_FedoraWorkstation_log - [0:0]
:PRE_FedoraWorkstation_post - [0:0]
:PRE_FedoraWorkstation_pre - [0:0]
:PRE_trusted - [0:0]
:PRE_trusted_allow - [0:0]
:PRE_trusted_deny - [0:0]
:PRE_trusted_log - [0:0]
:PRE_trusted_post - [0:0]
:PRE_trusted_pre - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j POSTROUTING_direct
-A POSTROUTING -j POSTROUTING_ZONES
-A POSTROUTING_ZONES -o enp3s0 -g POST_FedoraWorkstation
-A POSTROUTING_ZONES -o docker0 -g POST_trusted
-A POSTROUTING_ZONES -g POST_FedoraWorkstation
-A POST_FedoraWorkstation -j POST_FedoraWorkstation_pre
-A POST_FedoraWorkstation -j POST_FedoraWorkstation_log
-A POST_FedoraWorkstation -j POST_FedoraWorkstation_deny
-A POST_FedoraWorkstation -j POST_FedoraWorkstation_allow
-A POST_FedoraWorkstation -j POST_FedoraWorkstation_post
-A POST_trusted -j POST_trusted_pre
-A POST_trusted -j POST_trusted_log
-A POST_trusted -j POST_trusted_deny
-A POST_trusted -j POST_trusted_allow
-A POST_trusted -j POST_trusted_post
-A PREROUTING_ZONES -i enp3s0 -g PRE_FedoraWorkstation
-A PREROUTING_ZONES -i docker0 -g PRE_trusted
-A PREROUTING_ZONES -g PRE_FedoraWorkstation
-A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_pre
-A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_log
-A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_deny
-A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_allow
-A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_post
-A PRE_trusted -j PRE_trusted_pre
-A PRE_trusted -j PRE_trusted_log
-A PRE_trusted -j PRE_trusted_deny
-A PRE_trusted -j PRE_trusted_allow
-A PRE_trusted -j PRE_trusted_post
COMMIT
# Completed on Fri Jan 31 15:43:29 2020
# Generated by ip6tables-save v1.8.3 on Fri Jan 31 15:43:29 2020
*mangle
:PREROUTING ACCEPT [61550:25775724]
:INPUT ACCEPT [14967:11553397]
:FORWARD ACCEPT [46367:14197899]
:OUTPUT ACCEPT [13085:1941892]
:POSTROUTING ACCEPT [59516:16152676]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
:POSTROUTING_direct - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_direct - [0:0]
:PRE_FedoraWorkstation - [0:0]
:PRE_FedoraWorkstation_allow - [0:0]
:PRE_FedoraWorkstation_deny - [0:0]
:PRE_FedoraWorkstation_log - [0:0]
:PRE_FedoraWorkstation_post - [0:0]
:PRE_FedoraWorkstation_pre - [0:0]
:PRE_trusted - [0:0]
:PRE_trusted_allow - [0:0]
:PRE_trusted_deny - [0:0]
:PRE_trusted_log - [0:0]
:PRE_trusted_post - [0:0]
:PRE_trusted_pre - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j POSTROUTING_direct
-A PREROUTING_ZONES -i enp3s0 -g PRE_FedoraWorkstation
-A PREROUTING_ZONES -i docker0 -g PRE_trusted
-A PREROUTING_ZONES -g PRE_FedoraWorkstation
-A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_pre
-A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_log
-A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_deny
-A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_allow
-A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_post
-A PRE_trusted -j PRE_trusted_pre
-A PRE_trusted -j PRE_trusted_log
-A PRE_trusted -j PRE_trusted_deny
-A PRE_trusted -j PRE_trusted_allow
-A PRE_trusted -j PRE_trusted_post
COMMIT
# Completed on Fri Jan 31 15:43:29 2020
# Generated by ip6tables-save v1.8.3 on Fri Jan 31 15:43:29 2020
*raw
:PREROUTING ACCEPT [60978:25733388]
:OUTPUT ACCEPT [13085:1941892]
:OUTPUT_direct - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_direct - [0:0]
:PRE_FedoraWorkstation - [0:0]
:PRE_FedoraWorkstation_allow - [0:0]
:PRE_FedoraWorkstation_deny - [0:0]
:PRE_FedoraWorkstation_log - [0:0]
:PRE_FedoraWorkstation_post - [0:0]
:PRE_FedoraWorkstation_pre - [0:0]
:PRE_trusted - [0:0]
:PRE_trusted_allow - [0:0]
:PRE_trusted_deny - [0:0]
:PRE_trusted_log - [0:0]
:PRE_trusted_post - [0:0]
:PRE_trusted_pre - [0:0]
-A PREROUTING -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j ACCEPT
-A PREROUTING -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j ACCEPT
-A PREROUTING -m rpfilter --invert -j DROP
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES
-A OUTPUT -j OUTPUT_direct
-A PREROUTING_ZONES -i enp3s0 -g PRE_FedoraWorkstation
-A PREROUTING_ZONES -i docker0 -g PRE_trusted
-A PREROUTING_ZONES -g PRE_FedoraWorkstation
-A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_pre
-A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_log
-A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_deny
-A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_allow
-A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_post
-A PRE_trusted -j PRE_trusted_pre
-A PRE_trusted -j PRE_trusted_log
-A PRE_trusted -j PRE_trusted_deny
-A PRE_trusted -j PRE_trusted_allow
-A PRE_trusted -j PRE_trusted_post
COMMIT
# Completed on Fri Jan 31 15:43:29 2020
# Generated by ip6tables-save v1.8.3 on Fri Jan 31 15:43:29 2020
*security
:INPUT ACCEPT [14959:11552821]
:FORWARD ACCEPT [46367:14197899]
:OUTPUT ACCEPT [13085:1941892]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
COMMIT
# Completed on Fri Jan 31 15:43:29 2020
# Generated by ip6tables-save v1.8.3 on Fri Jan 31 15:43:29 2020
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [5840:587857]
:FORWARD_IN_ZONES - [0:0]
:FORWARD_OUT_ZONES - [0:0]
:FORWARD_direct - [0:0]
:FWDI_FedoraWorkstation - [0:0]
:FWDI_FedoraWorkstation_allow - [0:0]
:FWDI_FedoraWorkstation_deny - [0:0]
:FWDI_FedoraWorkstation_log - [0:0]
:FWDI_FedoraWorkstation_post - [0:0]
:FWDI_FedoraWorkstation_pre - [0:0]
:FWDI_trusted - [0:0]
:FWDI_trusted_allow - [0:0]
:FWDI_trusted_deny - [0:0]
:FWDI_trusted_log - [0:0]
:FWDI_trusted_post - [0:0]
:FWDI_trusted_pre - [0:0]
:FWDO_FedoraWorkstation - [0:0]
:FWDO_FedoraWorkstation_allow - [0:0]
:FWDO_FedoraWorkstation_deny - [0:0]
:FWDO_FedoraWorkstation_log - [0:0]
:FWDO_FedoraWorkstation_post - [0:0]
:FWDO_FedoraWorkstation_pre - [0:0]
:FWDO_trusted - [0:0]
:FWDO_trusted_allow - [0:0]
:FWDO_trusted_deny - [0:0]
:FWDO_trusted_log - [0:0]
:FWDO_trusted_post - [0:0]
:FWDO_trusted_pre - [0:0]
:INPUT_ZONES - [0:0]
:INPUT_direct - [0:0]
:IN_FedoraWorkstation - [0:0]
:IN_FedoraWorkstation_allow - [0:0]
:IN_FedoraWorkstation_deny - [0:0]
:IN_FedoraWorkstation_log - [0:0]
:IN_FedoraWorkstation_post - [0:0]
:IN_FedoraWorkstation_pre - [0:0]
:IN_trusted - [0:0]
:IN_trusted_allow - [0:0]
:IN_trusted_deny - [0:0]
:IN_trusted_log - [0:0]
:IN_trusted_post - [0:0]
:IN_trusted_pre - [0:0]
:OUTPUT_direct - [0:0]
:RFC3964_IPv4 - [0:0]
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED,DNAT -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j INPUT_direct
-A INPUT -j INPUT_ZONES
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -j REJECT --reject-with icmp6-adm-prohibited
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED,DNAT -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -j FORWARD_direct
-A FORWARD -j RFC3964_IPv4
-A FORWARD -j FORWARD_IN_ZONES
-A FORWARD -j FORWARD_OUT_ZONES
-A FORWARD -m conntrack --ctstate INVALID -j DROP
-A FORWARD -j REJECT --reject-with icmp6-adm-prohibited
-A OUTPUT -o lo -j ACCEPT
-A OUTPUT -j OUTPUT_direct
-A OUTPUT -j RFC3964_IPv4
-A FORWARD_IN_ZONES -i enp3s0 -g FWDI_FedoraWorkstation
-A FORWARD_IN_ZONES -i docker0 -g FWDI_trusted
-A FORWARD_IN_ZONES -g FWDI_FedoraWorkstation
-A FORWARD_OUT_ZONES -o enp3s0 -g FWDO_FedoraWorkstation
-A FORWARD_OUT_ZONES -o docker0 -g FWDO_trusted
-A FORWARD_OUT_ZONES -g FWDO_FedoraWorkstation
-A FWDI_FedoraWorkstation -j FWDI_FedoraWorkstation_pre
-A FWDI_FedoraWorkstation -j FWDI_FedoraWorkstation_log
-A FWDI_FedoraWorkstation -j FWDI_FedoraWorkstation_deny
-A FWDI_FedoraWorkstation -j FWDI_FedoraWorkstation_allow
-A FWDI_FedoraWorkstation -j FWDI_FedoraWorkstation_post
-A FWDI_FedoraWorkstation -p ipv6-icmp -j ACCEPT
-A FWDI_trusted -j FWDI_trusted_pre
-A FWDI_trusted -j FWDI_trusted_log
-A FWDI_trusted -j FWDI_trusted_deny
-A FWDI_trusted -j FWDI_trusted_allow
-A FWDI_trusted -j FWDI_trusted_post
-A FWDI_trusted -j ACCEPT
-A FWDO_FedoraWorkstation -j FWDO_FedoraWorkstation_pre
-A FWDO_FedoraWorkstation -j FWDO_FedoraWorkstation_log
-A FWDO_FedoraWorkstation -j FWDO_FedoraWorkstation_deny
-A FWDO_FedoraWorkstation -j FWDO_FedoraWorkstation_allow
-A FWDO_FedoraWorkstation -j FWDO_FedoraWorkstation_post
-A FWDO_trusted -j FWDO_trusted_pre
-A FWDO_trusted -j FWDO_trusted_log
-A FWDO_trusted -j FWDO_trusted_deny
-A FWDO_trusted -j FWDO_trusted_allow
-A FWDO_trusted -j FWDO_trusted_post
-A FWDO_trusted -j ACCEPT
-A INPUT_ZONES -i enp3s0 -g IN_FedoraWorkstation
-A INPUT_ZONES -i docker0 -g IN_trusted
-A INPUT_ZONES -g IN_FedoraWorkstation
-A IN_FedoraWorkstation -j IN_FedoraWorkstation_pre
-A IN_FedoraWorkstation -j IN_FedoraWorkstation_log
-A IN_FedoraWorkstation -j IN_FedoraWorkstation_deny
-A IN_FedoraWorkstation -j IN_FedoraWorkstation_allow
-A IN_FedoraWorkstation -j IN_FedoraWorkstation_post
-A IN_FedoraWorkstation -p ipv6-icmp -j ACCEPT
-A IN_FedoraWorkstation_allow -d fe80::/64 -p udp -m udp --dport 546 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_FedoraWorkstation_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_FedoraWorkstation_allow -p udp -m udp --dport 137 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_FedoraWorkstation_allow -p udp -m udp --dport 138 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_FedoraWorkstation_allow -d ff02::fb/128 -p udp -m udp --dport 5353 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_FedoraWorkstation_allow -p tcp -m tcp --dport 53 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_FedoraWorkstation_allow -p udp -m udp --dport 53 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_FedoraWorkstation_allow -p tcp -m tcp --dport 5601 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
-A IN_trusted -j IN_trusted_pre
-A IN_trusted -j IN_trusted_log
-A IN_trusted -j IN_trusted_deny
-A IN_trusted -j IN_trusted_allow
-A IN_trusted -j IN_trusted_post
-A IN_trusted -j ACCEPT
-A RFC3964_IPv4 -d 2002:e000::/19 -j REJECT --reject-with icmp6-addr-unreachable
-A RFC3964_IPv4 -d 2002:a9fe::/32 -j REJECT --reject-with icmp6-addr-unreachable
-A RFC3964_IPv4 -d 2002:c0a8::/32 -j REJECT --reject-with icmp6-addr-unreachable
-A RFC3964_IPv4 -d 2002:ac10::/28 -j REJECT --reject-with icmp6-addr-unreachable
-A RFC3964_IPv4 -d 2002:7f00::/24 -j REJECT --reject-with icmp6-addr-unreachable
-A RFC3964_IPv4 -d 2002:a00::/24 -j REJECT --reject-with icmp6-addr-unreachable
-A RFC3964_IPv4 -d 2002::/24 -j REJECT --reject-with icmp6-addr-unreachable
-A RFC3964_IPv4 -d ::ffff:0.0.0.0/96 -j REJECT --reject-with icmp6-addr-unreachable
-A RFC3964_IPv4 -d ::/96 -j REJECT --reject-with icmp6-addr-unreachable
COMMIT
# Completed on Fri Jan 31 15:43:29 2020