1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
|
#iptables -L FI-vnet0 -n
Chain FI-vnet0 (1 references)
target prot opt source destination
RETURN esp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
RETURN esp -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
RETURN esp -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L FO-vnet0 -n
Chain FO-vnet0 (1 references)
target prot opt source destination
ACCEPT esp -- 10.1.2.3 0.0.0.0/0 DSCP match 0x02state ESTABLISHED ctdir ORIGINAL
ACCEPT esp -- 10.1.0.0/22 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
ACCEPT esp -- 10.1.0.0/22 0.0.0.0/0 MAC 01:02:03:04:05:06 DSCP match 0x21state NEW,ESTABLISHED ctdir REPLY
#iptables -L HI-vnet0 -n
Chain HI-vnet0 (1 references)
target prot opt source destination
RETURN esp -- 0.0.0.0/0 10.1.2.3 MAC 01:02:03:04:05:06 DSCP match 0x02state NEW,ESTABLISHED ctdir REPLY
RETURN esp -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
RETURN esp -- 0.0.0.0/0 10.1.0.0/22 DSCP match 0x21state ESTABLISHED ctdir ORIGINAL
#iptables -L libvirt-host-in -n | grep vnet0 | tr -s " "
HI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0
#iptables -L libvirt-in -n | grep vnet0 | tr -s " "
FI-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-in vnet0
#iptables -L libvirt-in-post -n | grep vnet0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet0
#iptables -L libvirt-out -n | grep vnet0 | tr -s " "
FO-vnet0 all -- 0.0.0.0/0 0.0.0.0/0 [goto] PHYSDEV match --physdev-out vnet0
|
