Ask Your Question

Revision history [back]

iptables-save

Generated by iptables-save v1.4.10 on Mon May 16 14:15:37 2011

*nat :PREROUTING ACCEPT [204:30221] :INPUT ACCEPT [7:629] :OUTPUT ACCEPT [42:2568] :POSTROUTING ACCEPT [212:28741] :nova-compute-OUTPUT - [0:0] :nova-compute-POSTROUTING - [0:0] :nova-compute-PREROUTING - [0:0] :nova-compute-floating-snat - [0:0] :nova-compute-snat - [0:0] :nova-network-OUTPUT - [0:0] :nova-network-POSTROUTING - [0:0] :nova-network-PREROUTING - [0:0] :nova-network-floating-snat - [0:0] :nova-network-snat - [0:0] :nova-postrouting-bottom - [0:0] -A PREROUTING -j nova-compute-PREROUTING -A PREROUTING -j nova-network-PREROUTING -A OUTPUT -j nova-compute-OUTPUT -A OUTPUT -j nova-network-OUTPUT -A POSTROUTING -j nova-compute-POSTROUTING -A POSTROUTING -j nova-network-POSTROUTING -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE -A POSTROUTING -j nova-postrouting-bottom -A nova-compute-snat -j nova-compute-floating-snat -A nova-network-POSTROUTING -s 172.16.0.0/12 -d 10.128.0.0/24 -j ACCEPT -A nova-network-POSTROUTING -s 172.16.0.0/12 -d 172.16.0.0/12 -j ACCEPT -A nova-network-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.160.28:8773 -A nova-network-snat -j nova-network-floating-snat -A nova-network-snat -s 172.16.0.0/12 -j SNAT --to-source 192.168.160.28 -A nova-postrouting-bottom -j nova-compute-snat -A nova-postrouting-bottom -j nova-network-snat COMMIT

Completed on Mon May 16 14:15:37 2011

Generated by iptables-save v1.4.10 on Mon May 16 14:15:37 2011

*mangle :PREROUTING ACCEPT [978747:84150720] :INPUT ACCEPT [977235:83915622] :FORWARD ACCEPT [10843:1610293] :OUTPUT ACCEPT [973316:84473312] :POSTROUTING ACCEPT [984159:86083605] -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill COMMIT

Completed on Mon May 16 14:15:37 2011

Generated by iptables-save v1.4.10 on Mon May 16 14:15:37 2011

*filter :INPUT ACCEPT [51922:4567636] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [51702:4640910] :nova-compute-FORWARD - [0:0] :nova-compute-INPUT - [0:0] :nova-compute-OUTPUT - [0:0] :nova-compute-inst-13 - [0:0] :nova-compute-local - [0:0] :nova-compute-sg-fallback - [0:0] :nova-filter-top - [0:0] :nova-network-FORWARD - [0:0] :nova-network-INPUT - [0:0] :nova-network-OUTPUT - [0:0] :nova-network-local - [0:0] -A INPUT -j nova-compute-INPUT -A INPUT -j nova-network-INPUT -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT -A FORWARD -j nova-filter-top -A FORWARD -j nova-compute-FORWARD -A FORWARD -j nova-network-FORWARD -A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT -A FORWARD -i virbr0 -o virbr0 -j ACCEPT -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable -A OUTPUT -j nova-filter-top -A OUTPUT -j nova-compute-OUTPUT -A OUTPUT -j nova-network-OUTPUT -A nova-compute-FORWARD -i br100 -j ACCEPT -A nova-compute-FORWARD -o br100 -j ACCEPT -A nova-compute-inst-13 -m state --state INVALID -j DROP -A nova-compute-inst-13 -m state --state RELATED,ESTABLISHED -j ACCEPT -A nova-compute-inst-13 -s 172.16.132.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-13 -s 172.16.132.0/24 -j ACCEPT -A nova-compute-inst-13 -j nova-compute-sg-fallback -A nova-compute-local -d 172.16.132.2/32 -j nova-compute-inst-13 -A nova-compute-sg-fallback -j DROP -A nova-filter-top -j nova-compute-local -A nova-filter-top -j nova-network-local -A nova-network-FORWARD -i br100 -j ACCEPT -A nova-network-FORWARD -o br100 -j ACCEPT COMMIT

Completed on Mon May 16 14:15:37 2011