core-agent-linux/netvm/iptables

# Generated by iptables-save v1.4.5 on Thu May 20 06:02:32 2010
*nat
:PREROUTING ACCEPT [2:362]
:POSTROUTING ACCEPT [4:228]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Thu May 20 06:02:32 2010
# Generated by iptables-save v1.4.5 on Thu May 20 06:02:32 2010
*filter
:INPUT ACCEPT [3:84]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i br+ -p udp -m udp --dport 68 -j DROP
-A INPUT -i vif+ -p udp -m udp --dport 68 -j DROP
-A FORWARD -i vif+ -j ACCEPT
-A FORWARD -i br+ -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j DROP
COMMIT
# Completed on Thu May 20 06:02:32 2010
Get rid of dnsmasq in netvm. qubes_setup_dnat_to_ns script sets up DNAT rules for DNS traffic; it is triggered by dhclient or NetworkManager, and manually (in case there is a static resolv.conf). Put IP-dependent rules in qubes-core, after local ip is known. It could be further improved by introducing custom chains, to enable iptables save. Restrict FORWARD. 2010-05-19 16:19:01 +02:00			`# Generated by iptables-save v1.4.5 on Thu May 20 06:02:32 2010`
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com> 2010-04-05 20:58:57 +02:00			`*nat`
Get rid of dnsmasq in netvm. qubes_setup_dnat_to_ns script sets up DNAT rules for DNS traffic; it is triggered by dhclient or NetworkManager, and manually (in case there is a static resolv.conf). Put IP-dependent rules in qubes-core, after local ip is known. It could be further improved by introducing custom chains, to enable iptables save. Restrict FORWARD. 2010-05-19 16:19:01 +02:00			`:PREROUTING ACCEPT [2:362]`
			`:POSTROUTING ACCEPT [4:228]`
			`:OUTPUT ACCEPT [0:0]`
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com> 2010-04-05 20:58:57 +02:00			`COMMIT`
Get rid of dnsmasq in netvm. qubes_setup_dnat_to_ns script sets up DNAT rules for DNS traffic; it is triggered by dhclient or NetworkManager, and manually (in case there is a static resolv.conf). Put IP-dependent rules in qubes-core, after local ip is known. It could be further improved by introducing custom chains, to enable iptables save. Restrict FORWARD. 2010-05-19 16:19:01 +02:00			`# Completed on Thu May 20 06:02:32 2010`
			`# Generated by iptables-save v1.4.5 on Thu May 20 06:02:32 2010`
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com> 2010-04-05 20:58:57 +02:00			`*filter`
Get rid of dnsmasq in netvm. qubes_setup_dnat_to_ns script sets up DNAT rules for DNS traffic; it is triggered by dhclient or NetworkManager, and manually (in case there is a static resolv.conf). Put IP-dependent rules in qubes-core, after local ip is known. It could be further improved by introducing custom chains, to enable iptables save. Restrict FORWARD. 2010-05-19 16:19:01 +02:00			`:INPUT ACCEPT [3:84]`
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com> 2010-04-05 20:58:57 +02:00			`:FORWARD ACCEPT [0:0]`
			`:OUTPUT ACCEPT [0:0]`
Get rid of dnsmasq in netvm. qubes_setup_dnat_to_ns script sets up DNAT rules for DNS traffic; it is triggered by dhclient or NetworkManager, and manually (in case there is a static resolv.conf). Put IP-dependent rules in qubes-core, after local ip is known. It could be further improved by introducing custom chains, to enable iptables save. Restrict FORWARD. 2010-05-19 16:19:01 +02:00			`-A INPUT -i br+ -p udp -m udp --dport 68 -j DROP`
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com> 2010-04-05 20:58:57 +02:00			`-A INPUT -i vif+ -p udp -m udp --dport 68 -j DROP`
Get rid of dnsmasq in netvm. qubes_setup_dnat_to_ns script sets up DNAT rules for DNS traffic; it is triggered by dhclient or NetworkManager, and manually (in case there is a static resolv.conf). Put IP-dependent rules in qubes-core, after local ip is known. It could be further improved by introducing custom chains, to enable iptables save. Restrict FORWARD. 2010-05-19 16:19:01 +02:00			`-A FORWARD -i vif+ -j ACCEPT`
			`-A FORWARD -i br+ -j ACCEPT`
			`-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT`
			`-A FORWARD -j DROP`
Initial public commit. (c) 2010 Invisible Things Lab Authors: ========= Joanna Rutkowska <joanna@invisiblethingslab.com> Rafal Wojtczuk <rafal@invisiblethingslab.com> 2010-04-05 20:58:57 +02:00			`COMMIT`
Get rid of dnsmasq in netvm. qubes_setup_dnat_to_ns script sets up DNAT rules for DNS traffic; it is triggered by dhclient or NetworkManager, and manually (in case there is a static resolv.conf). Put IP-dependent rules in qubes-core, after local ip is known. It could be further improved by introducing custom chains, to enable iptables save. Restrict FORWARD. 2010-05-19 16:19:01 +02:00			`# Completed on Thu May 20 06:02:32 2010`