Bugzilla – Attachment 875435 Details for
Bug 1226105
Snapshot 20240606 breaks libvirt NAT networks
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
IDP Log In
|
Forgot Password
Output of nft list ruleset ip
file_1226105.txt (text/plain), 4.59 KB, created by
Alexander Graul
on 2024-06-12 08:11:07 UTC
(
hide
)
Description:
Output of nft list ruleset ip
Filename:
MIME Type:
Creator:
Alexander Graul
Created:
2024-06-12 08:11:07 UTC
Size:
4.59 KB
patch
obsolete
># Warning: table ip nat is managed by iptables-nft, do not touch! >table ip nat { > chain DOCKER { > iifname "docker0" counter packets 0 bytes 0 return > } > > chain POSTROUTING { > type nat hook postrouting priority srcnat; policy accept; > ip saddr 172.17.0.0/16 oifname != "docker0" counter packets 11 bytes 2604 xt target "MASQUERADE" > } > > chain PREROUTING { > type nat hook prerouting priority dstnat; policy accept; > xt match "addrtype" counter packets 665 bytes 73339 jump DOCKER > } > > chain OUTPUT { > type nat hook output priority dstnat; policy accept; > ip daddr != 127.0.0.0/8 xt match "addrtype" counter packets 31 bytes 7866 jump DOCKER > } >} ># Warning: table ip filter is managed by iptables-nft, do not touch! >table ip filter { > chain DOCKER { > } > > chain DOCKER-ISOLATION-STAGE-1 { > iifname "docker0" oifname != "docker0" counter packets 0 bytes 0 jump DOCKER-ISOLATION-STAGE-2 > counter packets 4465 bytes 538723 return > } > > chain DOCKER-ISOLATION-STAGE-2 { > oifname "docker0" counter packets 0 bytes 0 drop > counter packets 0 bytes 0 return > } > > chain FORWARD { > type filter hook forward priority filter; policy drop; > counter packets 4465 bytes 538723 jump DOCKER-USER > counter packets 4465 bytes 538723 jump DOCKER-ISOLATION-STAGE-1 > oifname "docker0" xt match "conntrack" counter packets 0 bytes 0 accept > oifname "docker0" counter packets 0 bytes 0 jump DOCKER > iifname "docker0" oifname != "docker0" counter packets 0 bytes 0 accept > iifname "docker0" oifname "docker0" counter packets 0 bytes 0 accept > } > > chain DOCKER-USER { > counter packets 4465 bytes 538723 return > } >} >table ip libvirt_network { > chain forward { > type filter hook forward priority filter; policy accept; > counter packets 4466 bytes 538799 jump guest_cross > counter packets 4240 bytes 516736 jump guest_input > counter packets 4240 bytes 516736 jump guest_output > } > > chain guest_output { > ip saddr 192.168.200.0/24 iif "virbr1" counter packets 0 bytes 0 accept > iif "virbr1" counter packets 0 bytes 0 reject > ip saddr 192.168.100.0/24 iif "virbr3" counter packets 0 bytes 0 accept > iif "virbr3" counter packets 0 bytes 0 reject > ip saddr 192.168.122.0/24 iif "virbr0" counter packets 354 bytes 23272 accept > iif "virbr0" counter packets 0 bytes 0 reject > } > > chain guest_input { > oif "virbr1" ip daddr 192.168.200.0/24 ct state established,related counter packets 0 bytes 0 accept > oif "virbr1" counter packets 0 bytes 0 reject > oif "virbr3" ip daddr 192.168.100.0/24 ct state established,related counter packets 0 bytes 0 accept > oif "virbr3" counter packets 0 bytes 0 reject > oif "virbr0" ip daddr 192.168.122.0/24 ct state established,related counter packets 0 bytes 0 accept > oif "virbr0" counter packets 0 bytes 0 reject > } > > chain guest_cross { > iif "virbr1" oif "virbr1" counter packets 0 bytes 0 accept > iif "virbr3" oif "virbr3" counter packets 0 bytes 0 accept > iif "virbr0" oif "virbr0" counter packets 19 bytes 3733 accept > } > > chain guest_nat { > type nat hook postrouting priority srcnat; policy accept; > ip saddr 192.168.200.0/24 ip daddr 224.0.0.0/24 counter packets 7 bytes 490 return > ip saddr 192.168.200.0/24 ip daddr 255.255.255.255 counter packets 0 bytes 0 return > meta l4proto tcp ip saddr 192.168.200.0/24 ip daddr != 192.168.200.0/24 counter packets 0 bytes 0 masquerade to :1024-65535 > meta l4proto udp ip saddr 192.168.200.0/24 ip daddr != 192.168.200.0/24 counter packets 0 bytes 0 masquerade to :1024-65535 > ip saddr 192.168.200.0/24 ip daddr != 192.168.200.0/24 counter packets 0 bytes 0 masquerade > ip saddr 192.168.100.0/24 ip daddr 224.0.0.0/24 counter packets 7 bytes 490 return > ip saddr 192.168.100.0/24 ip daddr 255.255.255.255 counter packets 0 bytes 0 return > meta l4proto tcp ip saddr 192.168.100.0/24 ip daddr != 192.168.100.0/24 counter packets 0 bytes 0 masquerade to :1024-65535 > meta l4proto udp ip saddr 192.168.100.0/24 ip daddr != 192.168.100.0/24 counter packets 0 bytes 0 masquerade to :1024-65535 > ip saddr 192.168.100.0/24 ip daddr != 192.168.100.0/24 counter packets 0 bytes 0 masquerade > ip saddr 192.168.122.0/24 ip daddr 224.0.0.0/24 counter packets 9 bytes 582 return > ip saddr 192.168.122.0/24 ip daddr 255.255.255.255 counter packets 0 bytes 0 return > meta l4proto tcp ip saddr 192.168.122.0/24 ip daddr != 192.168.122.0/24 counter packets 0 bytes 0 masquerade to :1024-65535 > meta l4proto udp ip saddr 192.168.122.0/24 ip daddr != 192.168.122.0/24 counter packets 20 bytes 4016 masquerade to :1024-65535 > ip saddr 192.168.122.0/24 ip daddr != 192.168.122.0/24 counter packets 0 bytes 0 masquerade > } >}
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=875435">View the attachment on a separate page</a>.</b>
Actions:
View
Attachments on
bug 1226105
:
875420
|
875421
| 875435