# Generated by iptables-save v1.8.10 (nf_tables) on Mon Oct 6 18:31:06 2025 *mangle :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [658225:3954798654] :LIBVIRT_PRT - [0:0] -A POSTROUTING -j LIBVIRT_PRT -A LIBVIRT_PRT -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill COMMIT # Completed on Mon Oct 6 18:31:06 2025 # Generated by iptables-save v1.8.10 (nf_tables) on Mon Oct 6 18:31:06 2025 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [687917:3958937275] :LIBVIRT_FWI - [0:0] :LIBVIRT_FWO - [0:0] :LIBVIRT_FWX - [0:0] :LIBVIRT_INP - [0:0] :LIBVIRT_OUT - [0:0] :openstack-INPUT - [0:0] -A INPUT -d 10.209.33.215/32 -p tcp -m tcp --dport 3928 -j ACCEPT -A INPUT -d 10.209.33.215/32 -p tcp -m tcp --dport 9292 -j ACCEPT -A INPUT -d 10.209.33.215/32 -p tcp -m tcp --dport 8080 -j ACCEPT -A INPUT -d 10.209.33.215/32 -p tcp -m tcp --dport 443 -j ACCEPT -A INPUT -d 10.209.33.215/32 -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -d 10.209.33.215/32 -p tcp -m tcp --dport 443 -j ACCEPT -A INPUT -d 10.209.33.215/32 -p tcp -m tcp --dport 80 -j ACCEPT -A INPUT -d 10.209.33.215/32 -p udp -m udp --dport 69 -j ACCEPT -A INPUT -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT -A INPUT -j LIBVIRT_INP -A INPUT -s 104.130.127.119/32 -j ACCEPT -A INPUT -s 10.209.33.215/32 -j ACCEPT -A INPUT -j openstack-INPUT -A FORWARD -j LIBVIRT_FWX -A FORWARD -j LIBVIRT_FWI -A FORWARD -j LIBVIRT_FWO -A OUTPUT -j LIBVIRT_OUT -A LIBVIRT_FWI -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A LIBVIRT_FWI -o virbr0 -j REJECT --reject-with icmp-port-unreachable -A LIBVIRT_FWO -s 192.168.122.0/24 -i virbr0 -j ACCEPT -A LIBVIRT_FWO -i virbr0 -j REJECT --reject-with icmp-port-unreachable -A LIBVIRT_FWX -i virbr0 -o virbr0 -j ACCEPT -A LIBVIRT_INP -i virbr0 -p udp -m udp --dport 53 -j ACCEPT -A LIBVIRT_INP -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT -A LIBVIRT_INP -i virbr0 -p udp -m udp --dport 67 -j ACCEPT -A LIBVIRT_INP -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT -A LIBVIRT_OUT -o virbr0 -p udp -m udp --dport 53 -j ACCEPT -A LIBVIRT_OUT -o virbr0 -p tcp -m tcp --dport 53 -j ACCEPT -A LIBVIRT_OUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT -A LIBVIRT_OUT -o virbr0 -p tcp -m tcp --dport 68 -j ACCEPT -A openstack-INPUT -i lo -j ACCEPT -A openstack-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT -A openstack-INPUT -p tcp -m tcp --dport 22 -j ACCEPT -A openstack-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A openstack-INPUT -p tcp -m state --state NEW -m tcp --dport 19885 -j ACCEPT -A openstack-INPUT -s 172.24.4.0/23 -p udp -m udp --dport 69 -j ACCEPT -A openstack-INPUT -s 172.24.4.0/23 -p tcp -m tcp --dport 6385 -j ACCEPT -A openstack-INPUT -s 172.24.4.0/23 -p tcp -m tcp --dport 80 -j ACCEPT -A openstack-INPUT -s 172.24.4.0/23 -p tcp -m tcp --dport 8000 -j ACCEPT -A openstack-INPUT -s 172.24.4.0/23 -p tcp -m tcp --dport 8003 -j ACCEPT -A openstack-INPUT -s 172.24.4.0/23 -p tcp -m tcp --dport 8004 -j ACCEPT -A openstack-INPUT -m limit --limit 2/min -j LOG --log-prefix "iptables dropped: " -A openstack-INPUT -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Mon Oct 6 18:31:06 2025 # Generated by iptables-save v1.8.10 (nf_tables) on Mon Oct 6 18:31:06 2025 *nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [7349:442986] :LIBVIRT_PRT - [0:0] -A POSTROUTING -j LIBVIRT_PRT -A POSTROUTING -s 172.24.5.0/24 -o enX0 -j MASQUERADE -A LIBVIRT_PRT -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN -A LIBVIRT_PRT -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN -A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 -A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 -A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE COMMIT # Completed on Mon Oct 6 18:31:06 2025