Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

I have similar problem with another problem: I also have this problem. I founded that my iptables has a new rule after I created a network 192.168.208.0/24 and a VM 8.8.8.6/192.168.208.2, and I can ping 8.8.8.6 but cannot 192.168.208.2 :

-A nova-manage-snat -s 192.168.208.0/24 -j SNAT --to-source 10.131.0.244

when I delete this rule, I can ping 192.168.208.2, and when I create a new network and new VM, this rule was replaced by the new network.

As below, are my iptables rules BEFORE CREATING NETWORK, AFTER CREATING NETWORK and AFTER CREATING VM:

BEFORE CREATING NETWORK:

Generated by iptables-save v1.4.12 on Wed May 16 14:51:31 2012

*mangle :PREROUTING ACCEPT [245736:216294003] :INPUT ACCEPT [57864:32422084] :FORWARD ACCEPT [184175:182659303] :OUTPUT ACCEPT [53384:31506313] :POSTROUTING ACCEPT [237564:214167256] -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill COMMIT

Completed on Wed May 16 14:51:31 2012

Generated by iptables-save v1.4.12 on Wed May 16 14:51:31 2012

*nat :PREROUTING ACCEPT [135:35818] :INPUT ACCEPT [54:10054] :OUTPUT ACCEPT [22:1351] :POSTROUTING ACCEPT [22:1351] :nova-api-OUTPUT - [0:0] :nova-api-POSTROUTING - [0:0] :nova-api-PREROUTING - [0:0] :nova-api-float-snat - [0:0] :nova-api-snat - [0:0] :nova-compute-OUTPUT - [0:0] :nova-compute-POSTROUTING - [0:0] :nova-compute-PREROUTING - [0:0] :nova-compute-float-snat - [0:0] :nova-compute-snat - [0:0] :nova-manage-OUTPUT - [0:0] :nova-manage-POSTROUTING - [0:0] :nova-manage-PREROUTING - [0:0] :nova-manage-float-snat - [0:0] :nova-manage-snat - [0:0] :nova-network-OUTPUT - [0:0] :nova-network-POSTROUTING - [0:0] :nova-network-PREROUTING - [0:0] :nova-network-float-snat - [0:0] :nova-network-snat - [0:0] :nova-postrouting-bottom - [0:0] -A PREROUTING -j nova-compute-PREROUTING -A PREROUTING -j nova-network-PREROUTING -A PREROUTING -j nova-manage-PREROUTING -A PREROUTING -j nova-api-PREROUTING -A OUTPUT -j nova-compute-OUTPUT -A OUTPUT -j nova-network-OUTPUT -A OUTPUT -j nova-manage-OUTPUT -A OUTPUT -j nova-api-OUTPUT -A POSTROUTING -j nova-compute-POSTROUTING -A POSTROUTING -j nova-network-POSTROUTING -A POSTROUTING -j nova-manage-POSTROUTING -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE -A POSTROUTING -j nova-api-POSTROUTING -A POSTROUTING -j nova-postrouting-bottom -A nova-api-snat -j nova-api-float-snat -A nova-compute-snat -j nova-compute-float-snat -A nova-manage-snat -j nova-manage-float-snat -A nova-manage-snat -s 192.168.207.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-POSTROUTING -s 192.168.200.0/24 -d 10.131.0.244/32 -j ACCEPT -A nova-network-POSTROUTING -s 192.168.200.0/24 -d 10.128.0.0/24 -j ACCEPT -A nova-network-POSTROUTING -s 192.168.200.0/24 -d 192.168.200.0/24 -m conntrack ! --ctstate DNAT -j ACCEPT -A nova-network-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.131.0.244:8775 -A nova-network-snat -j nova-network-float-snat -A nova-network-snat -s 192.168.200.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-snat -s 8.8.8.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-snat -s 7.7.7.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-snat -s 9.9.9.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-snat -s 192.168.201.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-snat -s 192.168.202.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-snat -s 192.168.203.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-snat -s 192.168.204.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-snat -s 192.168.205.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-snat -s 6.6.6.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-snat -s 5.5.5.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-snat -s 18.18.18.0/24 -j SNAT --to-source 10.131.0.244 -A nova-postrouting-bottom -j nova-compute-snat -A nova-postrouting-bottom -j nova-network-snat -A nova-postrouting-bottom -j nova-manage-snat -A nova-postrouting-bottom -j nova-api-snat COMMIT

Completed on Wed May 16 14:51:31 2012

Generated by iptables-save v1.4.12 on Wed May 16 14:51:31 2012

*filter :INPUT ACCEPT [4078:2021343] :FORWARD ACCEPT [5005:306502] :OUTPUT ACCEPT [3747:2009987] :nova-api-FORWARD - [0:0] :nova-api-INPUT - [0:0] :nova-api-OUTPUT - [0:0] :nova-api-local - [0:0] :nova-compute-FORWARD - [0:0] :nova-compute-INPUT - [0:0] :nova-compute-OUTPUT - [0:0] :nova-compute-inst-54 - [0:0] :nova-compute-inst-55 - [0:0] :nova-compute-inst-56 - [0:0] :nova-compute-inst-57 - [0:0] :nova-compute-inst-58 - [0:0] :nova-compute-inst-59 - [0:0] :nova-compute-local - [0:0] :nova-compute-provider - [0:0] :nova-compute-sg-fallback - [0:0] :nova-filter-top - [0:0] :nova-manage-FORWARD - [0:0] :nova-manage-INPUT - [0:0] :nova-manage-OUTPUT - [0:0] :nova-manage-local - [0:0] :nova-network-FORWARD - [0:0] :nova-network-INPUT - [0:0] :nova-network-OUTPUT - [0:0] :nova-network-local - [0:0] -A INPUT -j nova-compute-INPUT -A INPUT -j nova-network-INPUT -A INPUT -j nova-manage-INPUT -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT -A INPUT -j nova-api-INPUT -A INPUT -p gre -j ACCEPT -A FORWARD -j nova-filter-top -A FORWARD -j nova-compute-FORWARD -A FORWARD -j nova-network-FORWARD -A FORWARD -j nova-manage-FORWARD -A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT -A FORWARD -i virbr0 -o virbr0 -j ACCEPT -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -j nova-api-FORWARD -A OUTPUT -j nova-filter-top -A OUTPUT -j nova-compute-OUTPUT -A OUTPUT -j nova-network-OUTPUT -A OUTPUT -j nova-manage-OUTPUT -A OUTPUT -j nova-api-OUTPUT -A nova-api-INPUT -d 10.131.0.244/32 -p tcp -m tcp --dport 8775 -j ACCEPT -A nova-compute-inst-54 -m state --state INVALID -j DROP -A nova-compute-inst-54 -m state --state RELATED,ESTABLISHED -j ACCEPT -A nova-compute-inst-54 -j nova-compute-provider -A nova-compute-inst-54 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-54 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-54 -s 8.8.8.0/24 -j ACCEPT -A nova-compute-inst-54 -s 9.9.9.0/24 -j ACCEPT -A nova-compute-inst-54 -p tcp -m tcp --dport 22 -j ACCEPT -A nova-compute-inst-54 -j nova-compute-sg-fallback -A nova-compute-inst-55 -m state --state INVALID -j DROP -A nova-compute-inst-55 -m state --state RELATED,ESTABLISHED -j ACCEPT -A nova-compute-inst-55 -j nova-compute-provider -A nova-compute-inst-55 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-55 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-55 -s 9.9.9.0/24 -j ACCEPT -A nova-compute-inst-55 -s 8.8.8.0/24 -j ACCEPT -A nova-compute-inst-55 -p tcp -m tcp --dport 22 -j ACCEPT -A nova-compute-inst-55 -j nova-compute-sg-fallback -A nova-compute-inst-56 -m state --state INVALID -j DROP -A nova-compute-inst-56 -m state --state RELATED,ESTABLISHED -j ACCEPT -A nova-compute-inst-56 -j nova-compute-provider -A nova-compute-inst-56 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-56 -s 192.168.201.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-56 -s 8.8.8.0/24 -j ACCEPT -A nova-compute-inst-56 -s 192.168.201.0/24 -j ACCEPT -A nova-compute-inst-56 -p tcp -m tcp --dport 22 -j ACCEPT -A nova-compute-inst-56 -j nova-compute-sg-fallback -A nova-compute-inst-57 -m state --state INVALID -j DROP -A nova-compute-inst-57 -m state --state RELATED,ESTABLISHED -j ACCEPT -A nova-compute-inst-57 -j nova-compute-provider -A nova-compute-inst-57 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-57 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-57 -s 9.9.9.0/24 -j ACCEPT -A nova-compute-inst-57 -s 8.8.8.0/24 -j ACCEPT -A nova-compute-inst-57 -p tcp -m tcp --dport 22 -j ACCEPT -A nova-compute-inst-57 -j nova-compute-sg-fallback -A nova-compute-inst-58 -m state --state INVALID -j DROP -A nova-compute-inst-58 -m state --state RELATED,ESTABLISHED -j ACCEPT -A nova-compute-inst-58 -j nova-compute-provider -A nova-compute-inst-58 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-58 -s 192.168.206.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-58 -s 9.9.9.0/24 -j ACCEPT -A nova-compute-inst-58 -s 192.168.206.0/24 -j ACCEPT -A nova-compute-inst-58 -p tcp -m tcp --dport 22 -j ACCEPT -A nova-compute-inst-58 -j nova-compute-sg-fallback -A nova-compute-inst-59 -m state --state INVALID -j DROP -A nova-compute-inst-59 -m state --state RELATED,ESTABLISHED -j ACCEPT -A nova-compute-inst-59 -j nova-compute-provider -A nova-compute-inst-59 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-59 -s 192.168.207.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-59 -s 9.9.9.0/24 -j ACCEPT -A nova-compute-inst-59 -s 192.168.207.0/24 -j ACCEPT -A nova-compute-inst-59 -p tcp -m tcp --dport 22 -j ACCEPT -A nova-compute-inst-59 -j nova-compute-sg-fallback -A nova-compute-local -d 8.8.8.6/32 -j nova-compute-inst-54 -A nova-compute-local -d 9.9.9.3/32 -j nova-compute-inst-54 -A nova-compute-local -d 9.9.9.4/32 -j nova-compute-inst-55 -A nova-compute-local -d 8.8.8.7/32 -j nova-compute-inst-55 -A nova-compute-local -d 8.8.8.8/32 -j nova-compute-inst-56 -A nova-compute-local -d 192.168.201.2/32 -j nova-compute-inst-56 -A nova-compute-local -d 9.9.9.5/32 -j nova-compute-inst-57 -A nova-compute-local -d 8.8.8.9/32 -j nova-compute-inst-57 -A nova-compute-local -d 9.9.9.6/32 -j nova-compute-inst-58 -A nova-compute-local -d 192.168.206.2/32 -j nova-compute-inst-58 -A nova-compute-local -d 9.9.9.7/32 -j nova-compute-inst-59 -A nova-compute-local -d 192.168.207.2/32 -j nova-compute-inst-59 -A nova-compute-sg-fallback -j DROP -A nova-filter-top -j nova-compute-local -A nova-filter-top -j nova-network-local -A nova-filter-top -j nova-manage-local -A nova-filter-top -j nova-api-local -A nova-network-FORWARD -i br-int -j ACCEPT -A nova-network-FORWARD -o br-int -j ACCEPT -A nova-network-INPUT -i gw-50c4308f-34 -p udp -m udp --dport 67 -j ACCEPT -A nova-network-INPUT -i gw-50c4308f-34 -p tcp -m tcp --dport 67 -j ACCEPT -A nova-network-INPUT -i gw-50c4308f-34 -p udp -m udp --dport 53 -j ACCEPT -A nova-network-INPUT -i gw-50c4308f-34 -p tcp -m tcp --dport 53 -j ACCEPT -A nova-network-INPUT -i gw-5bfd9bfa-d6 -p udp -m udp --dport 67 -j ACCEPT -A nova-network-INPUT -i gw-5bfd9bfa-d6 -p tcp -m tcp --dport 67 -j ACCEPT -A nova-network-INPUT -i gw-5bfd9bfa-d6 -p udp -m udp --dport 53 -j ACCEPT -A nova-network-INPUT -i gw-5bfd9bfa-d6 -p tcp -m tcp --dport 53 -j ACCEPT -A nova-network-INPUT -i gw-23abd98f-03 -p udp -m udp --dport 67 -j ACCEPT -A nova-network-INPUT -i gw-23abd98f-03 -p tcp -m tcp --dport 67 -j ACCEPT -A nova-network-INPUT -i gw-23abd98f-03 -p udp -m udp --dport 53 -j ACCEPT -A nova-network-INPUT -i gw-23abd98f-03 -p tcp -m tcp --dport 53 -j ACCEPT -A nova-network-INPUT -i gw-7c3078e0-e6 -p udp -m udp --dport 67 -j ACCEPT -A nova-network-INPUT -i gw-7c3078e0-e6 -p tcp -m tcp --dport 67 -j ACCEPT -A nova-network-INPUT -i gw-7c3078e0-e6 -p udp -m udp --dport 53 -j ACCEPT -A nova-network-INPUT -i gw-7c3078e0-e6 -p tcp -m tcp --dport 53 -j ACCEPT -A nova-network-INPUT -i gw-ec8a468b-ea -p udp -m udp --dport 67 -j ACCEPT -A nova-network-INPUT -i gw-ec8a468b-ea -p tcp -m tcp --dport 67 -j ACCEPT -A nova-network-INPUT -i gw-ec8a468b-ea -p udp -m udp --dport 53 -j ACCEPT -A nova-network-INPUT -i gw-ec8a468b-ea -p tcp -m tcp --dport 53 -j ACCEPT COMMIT

Completed on Wed May 16 14:51:31 2012

AFTER CREATING NETWORK:

Generated by iptables-save v1.4.12 on Wed May 16 14:52:01 2012

*mangle :PREROUTING ACCEPT [252638:222628974] :INPUT ACCEPT [58858:32725770] :FORWARD ACCEPT [190065:188684684] :OUTPUT ACCEPT [54341:31821825] :POSTROUTING ACCEPT [244411:220508149] -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill COMMIT

Completed on Wed May 16 14:52:01 2012

Generated by iptables-save v1.4.12 on Wed May 16 14:52:01 2012

*nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :nova-api-OUTPUT - [0:0] :nova-api-POSTROUTING - [0:0] :nova-api-PREROUTING - [0:0] :nova-api-float-snat - [0:0] :nova-api-snat - [0:0] :nova-compute-OUTPUT - [0:0] :nova-compute-POSTROUTING - [0:0] :nova-compute-PREROUTING - [0:0] :nova-compute-float-snat - [0:0] :nova-compute-snat - [0:0] :nova-manage-OUTPUT - [0:0] :nova-manage-POSTROUTING - [0:0] :nova-manage-PREROUTING - [0:0] :nova-manage-float-snat - [0:0] :nova-manage-snat - [0:0] :nova-network-OUTPUT - [0:0] :nova-network-POSTROUTING - [0:0] :nova-network-PREROUTING - [0:0] :nova-network-float-snat - [0:0] :nova-network-snat - [0:0] :nova-postrouting-bottom - [0:0] -A PREROUTING -j nova-manage-PREROUTING -A PREROUTING -j nova-compute-PREROUTING -A PREROUTING -j nova-network-PREROUTING -A PREROUTING -j nova-api-PREROUTING -A OUTPUT -j nova-manage-OUTPUT -A OUTPUT -j nova-compute-OUTPUT -A OUTPUT -j nova-network-OUTPUT -A OUTPUT -j nova-api-OUTPUT -A POSTROUTING -j nova-manage-POSTROUTING -A POSTROUTING -j nova-compute-POSTROUTING -A POSTROUTING -j nova-network-POSTROUTING -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE -A POSTROUTING -j nova-api-POSTROUTING -A POSTROUTING -j nova-postrouting-bottom -A nova-api-snat -j nova-api-float-snat -A nova-compute-snat -j nova-compute-float-snat -A nova-manage-snat -j nova-manage-float-snat -A nova-manage-snat -s 192.168.208.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-POSTROUTING -s 192.168.200.0/24 -d 10.131.0.244/32 -j ACCEPT -A nova-network-POSTROUTING -s 192.168.200.0/24 -d 10.128.0.0/24 -j ACCEPT -A nova-network-POSTROUTING -s 192.168.200.0/24 -d 192.168.200.0/24 -m conntrack ! --ctstate DNAT -j ACCEPT -A nova-network-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.131.0.244:8775 -A nova-network-snat -j nova-network-float-snat -A nova-network-snat -s 192.168.200.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-snat -s 8.8.8.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-snat -s 7.7.7.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-snat -s 9.9.9.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-snat -s 192.168.201.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-snat -s 192.168.202.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-snat -s 192.168.203.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-snat -s 192.168.204.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-snat -s 192.168.205.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-snat -s 6.6.6.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-snat -s 5.5.5.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-snat -s 18.18.18.0/24 -j SNAT --to-source 10.131.0.244 -A nova-postrouting-bottom -j nova-manage-snat -A nova-postrouting-bottom -j nova-compute-snat -A nova-postrouting-bottom -j nova-network-snat -A nova-postrouting-bottom -j nova-api-snat COMMIT

Completed on Wed May 16 14:52:01 2012

Generated by iptables-save v1.4.12 on Wed May 16 14:52:01 2012

*filter :INPUT ACCEPT [168:68743] :FORWARD ACCEPT [1266:71368] :OUTPUT ACCEPT [158:83083] :nova-api-FORWARD - [0:0] :nova-api-INPUT - [0:0] :nova-api-OUTPUT - [0:0] :nova-api-local - [0:0] :nova-compute-FORWARD - [0:0] :nova-compute-INPUT - [0:0] :nova-compute-OUTPUT - [0:0] :nova-compute-inst-54 - [0:0] :nova-compute-inst-55 - [0:0] :nova-compute-inst-56 - [0:0] :nova-compute-inst-57 - [0:0] :nova-compute-inst-58 - [0:0] :nova-compute-inst-59 - [0:0] :nova-compute-local - [0:0] :nova-compute-provider - [0:0] :nova-compute-sg-fallback - [0:0] :nova-filter-top - [0:0] :nova-manage-FORWARD - [0:0] :nova-manage-INPUT - [0:0] :nova-manage-OUTPUT - [0:0] :nova-manage-local - [0:0] :nova-network-FORWARD - [0:0] :nova-network-INPUT - [0:0] :nova-network-OUTPUT - [0:0] :nova-network-local - [0:0] -A INPUT -j nova-manage-INPUT -A INPUT -j nova-compute-INPUT -A INPUT -j nova-network-INPUT -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT -A INPUT -j nova-api-INPUT -A INPUT -p gre -j ACCEPT -A FORWARD -j nova-filter-top -A FORWARD -j nova-manage-FORWARD -A FORWARD -j nova-compute-FORWARD -A FORWARD -j nova-network-FORWARD -A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT -A FORWARD -i virbr0 -o virbr0 -j ACCEPT -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -j nova-api-FORWARD -A OUTPUT -j nova-filter-top -A OUTPUT -j nova-manage-OUTPUT -A OUTPUT -j nova-compute-OUTPUT -A OUTPUT -j nova-network-OUTPUT -A OUTPUT -j nova-api-OUTPUT -A nova-api-INPUT -d 10.131.0.244/32 -p tcp -m tcp --dport 8775 -j ACCEPT -A nova-compute-inst-54 -m state --state INVALID -j DROP -A nova-compute-inst-54 -m state --state RELATED,ESTABLISHED -j ACCEPT -A nova-compute-inst-54 -j nova-compute-provider -A nova-compute-inst-54 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-54 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-54 -s 8.8.8.0/24 -j ACCEPT -A nova-compute-inst-54 -s 9.9.9.0/24 -j ACCEPT -A nova-compute-inst-54 -p tcp -m tcp --dport 22 -j ACCEPT -A nova-compute-inst-54 -j nova-compute-sg-fallback -A nova-compute-inst-55 -m state --state INVALID -j DROP -A nova-compute-inst-55 -m state --state RELATED,ESTABLISHED -j ACCEPT -A nova-compute-inst-55 -j nova-compute-provider -A nova-compute-inst-55 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-55 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-55 -s 9.9.9.0/24 -j ACCEPT -A nova-compute-inst-55 -s 8.8.8.0/24 -j ACCEPT -A nova-compute-inst-55 -p tcp -m tcp --dport 22 -j ACCEPT -A nova-compute-inst-55 -j nova-compute-sg-fallback -A nova-compute-inst-56 -m state --state INVALID -j DROP -A nova-compute-inst-56 -m state --state RELATED,ESTABLISHED -j ACCEPT -A nova-compute-inst-56 -j nova-compute-provider -A nova-compute-inst-56 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-56 -s 192.168.201.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-56 -s 8.8.8.0/24 -j ACCEPT -A nova-compute-inst-56 -s 192.168.201.0/24 -j ACCEPT -A nova-compute-inst-56 -p tcp -m tcp --dport 22 -j ACCEPT -A nova-compute-inst-56 -j nova-compute-sg-fallback -A nova-compute-inst-57 -m state --state INVALID -j DROP -A nova-compute-inst-57 -m state --state RELATED,ESTABLISHED -j ACCEPT -A nova-compute-inst-57 -j nova-compute-provider -A nova-compute-inst-57 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-57 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-57 -s 9.9.9.0/24 -j ACCEPT -A nova-compute-inst-57 -s 8.8.8.0/24 -j ACCEPT -A nova-compute-inst-57 -p tcp -m tcp --dport 22 -j ACCEPT -A nova-compute-inst-57 -j nova-compute-sg-fallback -A nova-compute-inst-58 -m state --state INVALID -j DROP -A nova-compute-inst-58 -m state --state RELATED,ESTABLISHED -j ACCEPT -A nova-compute-inst-58 -j nova-compute-provider -A nova-compute-inst-58 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-58 -s 192.168.206.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-58 -s 9.9.9.0/24 -j ACCEPT -A nova-compute-inst-58 -s 192.168.206.0/24 -j ACCEPT -A nova-compute-inst-58 -p tcp -m tcp --dport 22 -j ACCEPT -A nova-compute-inst-58 -j nova-compute-sg-fallback -A nova-compute-inst-59 -m state --state INVALID -j DROP -A nova-compute-inst-59 -m state --state RELATED,ESTABLISHED -j ACCEPT -A nova-compute-inst-59 -j nova-compute-provider -A nova-compute-inst-59 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-59 -s 192.168.207.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-59 -s 9.9.9.0/24 -j ACCEPT -A nova-compute-inst-59 -s 192.168.207.0/24 -j ACCEPT -A nova-compute-inst-59 -p tcp -m tcp --dport 22 -j ACCEPT -A nova-compute-inst-59 -j nova-compute-sg-fallback -A nova-compute-local -d 8.8.8.6/32 -j nova-compute-inst-54 -A nova-compute-local -d 9.9.9.3/32 -j nova-compute-inst-54 -A nova-compute-local -d 9.9.9.4/32 -j nova-compute-inst-55 -A nova-compute-local -d 8.8.8.7/32 -j nova-compute-inst-55 -A nova-compute-local -d 8.8.8.8/32 -j nova-compute-inst-56 -A nova-compute-local -d 192.168.201.2/32 -j nova-compute-inst-56 -A nova-compute-local -d 9.9.9.5/32 -j nova-compute-inst-57 -A nova-compute-local -d 8.8.8.9/32 -j nova-compute-inst-57 -A nova-compute-local -d 9.9.9.6/32 -j nova-compute-inst-58 -A nova-compute-local -d 192.168.206.2/32 -j nova-compute-inst-58 -A nova-compute-local -d 9.9.9.7/32 -j nova-compute-inst-59 -A nova-compute-local -d 192.168.207.2/32 -j nova-compute-inst-59 -A nova-compute-sg-fallback -j DROP -A nova-filter-top -j nova-manage-local -A nova-filter-top -j nova-compute-local -A nova-filter-top -j nova-network-local -A nova-filter-top -j nova-api-local -A nova-network-FORWARD -i br-int -j ACCEPT -A nova-network-FORWARD -o br-int -j ACCEPT -A nova-network-INPUT -i gw-50c4308f-34 -p udp -m udp --dport 67 -j ACCEPT -A nova-network-INPUT -i gw-50c4308f-34 -p tcp -m tcp --dport 67 -j ACCEPT -A nova-network-INPUT -i gw-50c4308f-34 -p udp -m udp --dport 53 -j ACCEPT -A nova-network-INPUT -i gw-50c4308f-34 -p tcp -m tcp --dport 53 -j ACCEPT -A nova-network-INPUT -i gw-5bfd9bfa-d6 -p udp -m udp --dport 67 -j ACCEPT -A nova-network-INPUT -i gw-5bfd9bfa-d6 -p tcp -m tcp --dport 67 -j ACCEPT -A nova-network-INPUT -i gw-5bfd9bfa-d6 -p udp -m udp --dport 53 -j ACCEPT -A nova-network-INPUT -i gw-5bfd9bfa-d6 -p tcp -m tcp --dport 53 -j ACCEPT -A nova-network-INPUT -i gw-23abd98f-03 -p udp -m udp --dport 67 -j ACCEPT -A nova-network-INPUT -i gw-23abd98f-03 -p tcp -m tcp --dport 67 -j ACCEPT -A nova-network-INPUT -i gw-23abd98f-03 -p udp -m udp --dport 53 -j ACCEPT -A nova-network-INPUT -i gw-23abd98f-03 -p tcp -m tcp --dport 53 -j ACCEPT -A nova-network-INPUT -i gw-7c3078e0-e6 -p udp -m udp --dport 67 -j ACCEPT -A nova-network-INPUT -i gw-7c3078e0-e6 -p tcp -m tcp --dport 67 -j ACCEPT -A nova-network-INPUT -i gw-7c3078e0-e6 -p udp -m udp --dport 53 -j ACCEPT -A nova-network-INPUT -i gw-7c3078e0-e6 -p tcp -m tcp --dport 53 -j ACCEPT -A nova-network-INPUT -i gw-ec8a468b-ea -p udp -m udp --dport 67 -j ACCEPT -A nova-network-INPUT -i gw-ec8a468b-ea -p tcp -m tcp --dport 67 -j ACCEPT -A nova-network-INPUT -i gw-ec8a468b-ea -p udp -m udp --dport 53 -j ACCEPT -A nova-network-INPUT -i gw-ec8a468b-ea -p tcp -m tcp --dport 53 -j ACCEPT COMMIT

Completed on Wed May 16 14:52:01 2012

AFTER CREATING VM:

Generated by iptables-save v1.4.12 on Wed May 16 14:54:57 2012

*mangle :PREROUTING ACCEPT [263188:230724325] :INPUT ACCEPT [64717:36049324] :FORWARD ACCEPT [194581:193399081] :OUTPUT ACCEPT [59942:35114595] :POSTROUTING ACCEPT [254528:228515316] -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill COMMIT

Completed on Wed May 16 14:54:57 2012

Generated by iptables-save v1.4.12 on Wed May 16 14:54:57 2012

*nat :PREROUTING ACCEPT [41:4806] :INPUT ACCEPT [59:5066] :OUTPUT ACCEPT [34:2572] :POSTROUTING ACCEPT [33:2241] :nova-api-OUTPUT - [0:0] :nova-api-POSTROUTING - [0:0] :nova-api-PREROUTING - [0:0] :nova-api-float-snat - [0:0] :nova-api-snat - [0:0] :nova-compute-OUTPUT - [0:0] :nova-compute-POSTROUTING - [0:0] :nova-compute-PREROUTING - [0:0] :nova-compute-float-snat - [0:0] :nova-compute-snat - [0:0] :nova-manage-OUTPUT - [0:0] :nova-manage-POSTROUTING - [0:0] :nova-manage-PREROUTING - [0:0] :nova-manage-float-snat - [0:0] :nova-manage-snat - [0:0] :nova-network-OUTPUT - [0:0] :nova-network-POSTROUTING - [0:0] :nova-network-PREROUTING - [0:0] :nova-network-float-snat - [0:0] :nova-network-snat - [0:0] :nova-postrouting-bottom - [0:0] -A PREROUTING -j nova-compute-PREROUTING -A PREROUTING -j nova-network-PREROUTING -A PREROUTING -j nova-manage-PREROUTING -A PREROUTING -j nova-api-PREROUTING -A OUTPUT -j nova-compute-OUTPUT -A OUTPUT -j nova-network-OUTPUT -A OUTPUT -j nova-manage-OUTPUT -A OUTPUT -j nova-api-OUTPUT -A POSTROUTING -j nova-compute-POSTROUTING -A POSTROUTING -j nova-network-POSTROUTING -A POSTROUTING -j nova-manage-POSTROUTING -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE -A POSTROUTING -j nova-api-POSTROUTING -A POSTROUTING -j nova-postrouting-bottom -A nova-api-snat -j nova-api-float-snat -A nova-compute-snat -j nova-compute-float-snat -A nova-manage-snat -j nova-manage-float-snat -A nova-manage-snat -s 192.168.208.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-POSTROUTING -s 192.168.200.0/24 -d 10.131.0.244/32 -j ACCEPT -A nova-network-POSTROUTING -s 192.168.200.0/24 -d 10.128.0.0/24 -j ACCEPT -A nova-network-POSTROUTING -s 192.168.200.0/24 -d 192.168.200.0/24 -m conntrack ! --ctstate DNAT -j ACCEPT -A nova-network-PREROUTING -d 169.254.169.254/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination 10.131.0.244:8775 -A nova-network-snat -j nova-network-float-snat -A nova-network-snat -s 192.168.200.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-snat -s 8.8.8.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-snat -s 7.7.7.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-snat -s 9.9.9.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-snat -s 192.168.201.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-snat -s 192.168.202.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-snat -s 192.168.203.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-snat -s 192.168.204.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-snat -s 192.168.205.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-snat -s 6.6.6.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-snat -s 5.5.5.0/24 -j SNAT --to-source 10.131.0.244 -A nova-network-snat -s 18.18.18.0/24 -j SNAT --to-source 10.131.0.244 -A nova-postrouting-bottom -j nova-compute-snat -A nova-postrouting-bottom -j nova-network-snat -A nova-postrouting-bottom -j nova-manage-snat -A nova-postrouting-bottom -j nova-api-snat COMMIT

Completed on Wed May 16 14:54:57 2012

Generated by iptables-save v1.4.12 on Wed May 16 14:54:57 2012

*filter :INPUT ACCEPT [951:539981] :FORWARD ACCEPT [10:807] :OUTPUT ACCEPT [898:541768] :nova-api-FORWARD - [0:0] :nova-api-INPUT - [0:0] :nova-api-OUTPUT - [0:0] :nova-api-local - [0:0] :nova-compute-FORWARD - [0:0] :nova-compute-INPUT - [0:0] :nova-compute-OUTPUT - [0:0] :nova-compute-inst-54 - [0:0] :nova-compute-inst-55 - [0:0] :nova-compute-inst-56 - [0:0] :nova-compute-inst-57 - [0:0] :nova-compute-inst-58 - [0:0] :nova-compute-inst-59 - [0:0] :nova-compute-inst-60 - [0:0] :nova-compute-local - [0:0] :nova-compute-provider - [0:0] :nova-compute-sg-fallback - [0:0] :nova-filter-top - [0:0] :nova-manage-FORWARD - [0:0] :nova-manage-INPUT - [0:0] :nova-manage-OUTPUT - [0:0] :nova-manage-local - [0:0] :nova-network-FORWARD - [0:0] :nova-network-INPUT - [0:0] :nova-network-OUTPUT - [0:0] :nova-network-local - [0:0] -A INPUT -j nova-compute-INPUT -A INPUT -j nova-network-INPUT -A INPUT -j nova-manage-INPUT -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT -A INPUT -j nova-api-INPUT -A INPUT -p gre -j ACCEPT -A FORWARD -j nova-filter-top -A FORWARD -j nova-compute-FORWARD -A FORWARD -j nova-network-FORWARD -A FORWARD -j nova-manage-FORWARD -A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT -A FORWARD -i virbr0 -o virbr0 -j ACCEPT -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -j nova-api-FORWARD -A OUTPUT -j nova-filter-top -A OUTPUT -j nova-compute-OUTPUT -A OUTPUT -j nova-network-OUTPUT -A OUTPUT -j nova-manage-OUTPUT -A OUTPUT -j nova-api-OUTPUT -A nova-api-INPUT -d 10.131.0.244/32 -p tcp -m tcp --dport 8775 -j ACCEPT -A nova-compute-inst-54 -m state --state INVALID -j DROP -A nova-compute-inst-54 -m state --state RELATED,ESTABLISHED -j ACCEPT -A nova-compute-inst-54 -j nova-compute-provider -A nova-compute-inst-54 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-54 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-54 -s 8.8.8.0/24 -j ACCEPT -A nova-compute-inst-54 -s 9.9.9.0/24 -j ACCEPT -A nova-compute-inst-54 -p tcp -m tcp --dport 22 -j ACCEPT -A nova-compute-inst-54 -j nova-compute-sg-fallback -A nova-compute-inst-55 -m state --state INVALID -j DROP -A nova-compute-inst-55 -m state --state RELATED,ESTABLISHED -j ACCEPT -A nova-compute-inst-55 -j nova-compute-provider -A nova-compute-inst-55 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-55 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-55 -s 9.9.9.0/24 -j ACCEPT -A nova-compute-inst-55 -s 8.8.8.0/24 -j ACCEPT -A nova-compute-inst-55 -p tcp -m tcp --dport 22 -j ACCEPT -A nova-compute-inst-55 -j nova-compute-sg-fallback -A nova-compute-inst-56 -m state --state INVALID -j DROP -A nova-compute-inst-56 -m state --state RELATED,ESTABLISHED -j ACCEPT -A nova-compute-inst-56 -j nova-compute-provider -A nova-compute-inst-56 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-56 -s 192.168.201.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-56 -s 8.8.8.0/24 -j ACCEPT -A nova-compute-inst-56 -s 192.168.201.0/24 -j ACCEPT -A nova-compute-inst-56 -p tcp -m tcp --dport 22 -j ACCEPT -A nova-compute-inst-56 -j nova-compute-sg-fallback -A nova-compute-inst-57 -m state --state INVALID -j DROP -A nova-compute-inst-57 -m state --state RELATED,ESTABLISHED -j ACCEPT -A nova-compute-inst-57 -j nova-compute-provider -A nova-compute-inst-57 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-57 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-57 -s 9.9.9.0/24 -j ACCEPT -A nova-compute-inst-57 -s 8.8.8.0/24 -j ACCEPT -A nova-compute-inst-57 -p tcp -m tcp --dport 22 -j ACCEPT -A nova-compute-inst-57 -j nova-compute-sg-fallback -A nova-compute-inst-58 -m state --state INVALID -j DROP -A nova-compute-inst-58 -m state --state RELATED,ESTABLISHED -j ACCEPT -A nova-compute-inst-58 -j nova-compute-provider -A nova-compute-inst-58 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-58 -s 192.168.206.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-58 -s 9.9.9.0/24 -j ACCEPT -A nova-compute-inst-58 -s 192.168.206.0/24 -j ACCEPT -A nova-compute-inst-58 -p tcp -m tcp --dport 22 -j ACCEPT -A nova-compute-inst-58 -j nova-compute-sg-fallback -A nova-compute-inst-59 -m state --state INVALID -j DROP -A nova-compute-inst-59 -m state --state RELATED,ESTABLISHED -j ACCEPT -A nova-compute-inst-59 -j nova-compute-provider -A nova-compute-inst-59 -s 9.9.9.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-59 -s 192.168.207.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-59 -s 9.9.9.0/24 -j ACCEPT -A nova-compute-inst-59 -s 192.168.207.0/24 -j ACCEPT -A nova-compute-inst-59 -p tcp -m tcp --dport 22 -j ACCEPT -A nova-compute-inst-59 -j nova-compute-sg-fallback -A nova-compute-inst-60 -m state --state INVALID -j DROP -A nova-compute-inst-60 -m state --state RELATED,ESTABLISHED -j ACCEPT -A nova-compute-inst-60 -j nova-compute-provider -A nova-compute-inst-60 -s 8.8.8.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-60 -s 192.168.208.1/32 -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A nova-compute-inst-60 -s 8.8.8.0/24 -j ACCEPT -A nova-compute-inst-60 -s 192.168.208.0/24 -j ACCEPT -A nova-compute-inst-60 -p tcp -m tcp --dport 22 -j ACCEPT -A nova-compute-inst-60 -j nova-compute-sg-fallback -A nova-compute-local -d 8.8.8.6/32 -j nova-compute-inst-54 -A nova-compute-local -d 9.9.9.3/32 -j nova-compute-inst-54 -A nova-compute-local -d 9.9.9.4/32 -j nova-compute-inst-55 -A nova-compute-local -d 8.8.8.7/32 -j nova-compute-inst-55 -A nova-compute-local -d 8.8.8.8/32 -j nova-compute-inst-56 -A nova-compute-local -d 192.168.201.2/32 -j nova-compute-inst-56 -A nova-compute-local -d 9.9.9.5/32 -j nova-compute-inst-57 -A nova-compute-local -d 8.8.8.9/32 -j nova-compute-inst-57 -A nova-compute-local -d 9.9.9.6/32 -j nova-compute-inst-58 -A nova-compute-local -d 192.168.206.2/32 -j nova-compute-inst-58 -A nova-compute-local -d 9.9.9.7/32 -j nova-compute-inst-59 -A nova-compute-local -d 192.168.207.2/32 -j nova-compute-inst-59 -A nova-compute-local -d 8.8.8.10/32 -j nova-compute-inst-60 -A nova-compute-local -d 192.168.208.2/32 -j nova-compute-inst-60 -A nova-compute-sg-fallback -j DROP -A nova-filter-top -j nova-compute-local -A nova-filter-top -j nova-network-local -A nova-filter-top -j nova-manage-local -A nova-filter-top -j nova-api-local -A nova-network-FORWARD -i br-int -j ACCEPT -A nova-network-FORWARD -o br-int -j ACCEPT -A nova-network-INPUT -i gw-50c4308f-34 -p udp -m udp --dport 67 -j ACCEPT -A nova-network-INPUT -i gw-50c4308f-34 -p tcp -m tcp --dport 67 -j ACCEPT -A nova-network-INPUT -i gw-50c4308f-34 -p udp -m udp --dport 53 -j ACCEPT -A nova-network-INPUT -i gw-50c4308f-34 -p tcp -m tcp --dport 53 -j ACCEPT -A nova-network-INPUT -i gw-5bfd9bfa-d6 -p udp -m udp --dport 67 -j ACCEPT -A nova-network-INPUT -i gw-5bfd9bfa-d6 -p tcp -m tcp --dport 67 -j ACCEPT -A nova-network-INPUT -i gw-5bfd9bfa-d6 -p udp -m udp --dport 53 -j ACCEPT -A nova-network-INPUT -i gw-5bfd9bfa-d6 -p tcp -m tcp --dport 53 -j ACCEPT -A nova-network-INPUT -i gw-23abd98f-03 -p udp -m udp --dport 67 -j ACCEPT -A nova-network-INPUT -i gw-23abd98f-03 -p tcp -m tcp --dport 67 -j ACCEPT -A nova-network-INPUT -i gw-23abd98f-03 -p udp -m udp --dport 53 -j ACCEPT -A nova-network-INPUT -i gw-23abd98f-03 -p tcp -m tcp --dport 53 -j ACCEPT -A nova-network-INPUT -i gw-7c3078e0-e6 -p udp -m udp --dport 67 -j ACCEPT -A nova-network-INPUT -i gw-7c3078e0-e6 -p tcp -m tcp --dport 67 -j ACCEPT -A nova-network-INPUT -i gw-7c3078e0-e6 -p udp -m udp --dport 53 -j ACCEPT -A nova-network-INPUT -i gw-7c3078e0-e6 -p tcp -m tcp --dport 53 -j ACCEPT -A nova-network-INPUT -i gw-ec8a468b-ea -p udp -m udp --dport 67 -j ACCEPT -A nova-network-INPUT -i gw-ec8a468b-ea -p tcp -m tcp --dport 67 -j ACCEPT -A nova-network-INPUT -i gw-ec8a468b-ea -p udp -m udp --dport 53 -j ACCEPT -A nova-network-INPUT -i gw-ec8a468b-ea -p tcp -m tcp --dport 53 -j ACCEPT -A nova-network-INPUT -i gw-3d604d8e-b8 -p udp -m udp --dport 67 -j ACCEPT -A nova-network-INPUT -i gw-3d604d8e-b8 -p tcp -m tcp --dport 67 -j ACCEPT -A nova-network-INPUT -i gw-3d604d8e-b8 -p udp -m udp --dport 53 -j ACCEPT -A nova-network-INPUT -i gw-3d604d8e-b8 -p tcp -m tcp --dport 53 -j ACCEPT COMMIT

Completed on Wed May 16 14:54:57 2012