2 # Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
4 # Contact: Roman Kubiak (r.kubiak@samsung.com)
6 # Licensed under the Apache License, Version 2.0 (the "License");
7 # you may not use this file except in compliance with the License.
8 # You may obtain a copy of the License at
10 # http://www.apache.org/licenses/LICENSE-2.0
12 # Unless required by applicable law or agreed to in writing, software
13 # distributed under the License is distributed on an "AS IS" BASIS,
14 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 # See the License for the specific language governing permissions and
16 # limitations under the License
19 # nether iptables rules
21 :PREROUTING ACCEPT [1008811:2134498122]
22 :INPUT ACCEPT [948545:2129919738]
24 :OUTPUT ACCEPT [816152:74580343]
25 :POSTROUTING ACCEPT [824147:75308906]
26 -A OUTPUT -p tcp -m state --state NEW -j NFQUEUE --queue-num 0 --queue-bypass
27 #-A OUTPUT -p udp -j NFQUEUE --queue-num 0 --queue-bypass
28 -A OUTPUT -p icmp -j NFQUEUE --queue-num 0 --queue-bypass
31 :INPUT ACCEPT [927054:2081201095]
33 :OUTPUT ACCEPT [805408:74228055]
34 :NETHER-ALLOWLOG - [0:0]
36 -A OUTPUT -m mark --mark 0x3 -j NETHER-DENY
37 -A OUTPUT -m mark --mark 0x4 -j NETHER-ALLOWLOG
38 -A NETHER-ALLOWLOG -j AUDIT --type accept
39 -A NETHER-DENY -j AUDIT --type reject
40 -A NETHER-DENY -j REJECT --reject-with icmp-port-unreachable