テーブル: filter Chain INPUT (policy ACCEPT) num target prot opt source destination 1 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 2 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 3 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67 4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 5 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 6 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 7 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 8 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 9 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:123 10 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1798 11 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:16509 12 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:5900:6100 13 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpts:49152:49216 14 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 BF-cloudbr0 all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-is-bridged 2 BF-cloudbr0 all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-is-bridged 3 DROP all -- 0.0.0.0/0 0.0.0.0/0 4 DROP all -- 0.0.0.0/0 0.0.0.0/0 5 ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 state RELATED,ESTABLISHED 6 ACCEPT all -- 192.168.122.0/24 0.0.0.0/0 7 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-is-bridged 8 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 9 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT) num target prot opt source destination Chain BF-cloudbr0 (2 references) num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 BF-cloudbr0-IN all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-is-in --physdev-is-bridged 3 BF-cloudbr0-OUT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-is-out --physdev-is-bridged 4 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-out eth0 --physdev-is-bridged Chain BF-cloudbr0-IN (1 references) num target prot opt source destination 1 i-2-13-def all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet9 --physdev-is-bridged Chain BF-cloudbr0-OUT (1 references) num target prot opt source destination 1 i-2-13-def all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-out vnet9 --physdev-is-bridged Chain i-2-13-VM (1 references) num target prot opt source destination 1 DROP all -- 0.0.0.0/0 0.0.0.0/0 Chain i-2-13-VM-eg (1 references) num target prot opt source destination 1 RETURN all -- 0.0.0.0/0 0.0.0.0/0 Chain i-2-13-def (2 references) num target prot opt source destination 1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-in vnet9 --physdev-is-bridged udp spt:68 dpt:67 3 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-out vnet9 --physdev-is-bridged udp spt:67 dpt:68 4 RETURN udp -- 192.168.26.168 0.0.0.0/0 PHYSDEV match --physdev-in vnet9 --physdev-is-bridged udp dpt:53 5 i-2-13-VM-eg all -- 192.168.26.168 0.0.0.0/0 PHYSDEV match --physdev-in vnet9 --physdev-is-bridged 6 i-2-13-VM all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-out vnet9 --physdev-is-bridged テーブル: mangle Chain PREROUTING (policy ACCEPT) num target prot opt source destination Chain INPUT (policy ACCEPT) num target prot opt source destination Chain FORWARD (policy ACCEPT) num target prot opt source destination Chain OUTPUT (policy ACCEPT) num target prot opt source destination Chain POSTROUTING (policy ACCEPT) num target prot opt source destination 1 CHECKSUM udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:68 CHECKSUM fill テーブル: nat Chain PREROUTING (policy ACCEPT) num target prot opt source destination Chain POSTROUTING (policy ACCEPT) num target prot opt source destination 1 MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535 2 MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535 3 MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24 Chain OUTPUT (policy ACCEPT) num target prot opt source destination