*nat
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:PR-QBS - [0:0]
:PR-QBS-SERVICES - [0:0]
-A PREROUTING -j PR-QBS
-A PREROUTING -j PR-QBS-SERVICES
-A POSTROUTING -o vif+ -j ACCEPT
-A POSTROUTING -o lo -j ACCEPT
-A POSTROUTING -j MASQUERADE
COMMIT
*raw
:QBS-PREROUTING - [0:0]
-A PREROUTING -j QBS-PREROUTING
COMMIT
*mangle
:QBS-POSTROUTING - [0:0]
-A POSTROUTING -j QBS-POSTROUTING
COMMIT
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:QBS-FORWARD - [0:0]
-A INPUT -m state --state INVALID -j DROP
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT ! -i vif+ -p udp -s fe80::/64 -d fe80::/64 --dport 546 -j ACCEPT
-A INPUT -i vif+ -p icmpv6 --icmpv6-type router-advertisement -j DROP
-A INPUT -i vif+ -p icmpv6 --icmpv6-type redirect -j DROP
-A INPUT -i vif+ -p icmpv6 -j ACCEPT
-A INPUT -i vif+ -j REJECT --reject-with icmp6-adm-prohibited
-A INPUT -p icmpv6 -j ACCEPT
-A INPUT -j DROP
-A FORWARD -m state --state INVALID -j DROP
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -j QBS-FORWARD
-A FORWARD -i vif+ -o vif+ -j DROP
-A FORWARD -i vif+ -j ACCEPT
-A FORWARD -j DROP
COMMIT