1. swinchen@cloudy:~$ sudo iptables -vn -L
  2. [sudo] password for swinchen:
  3. Chain INPUT (policy ACCEPT 17476 packets, 9688K bytes)
  4. pkts bytes target prot opt in out source destination
  5. 17782 9719K nova-network-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
  6. 17596 9698K nova-compute-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
  7. 17596 9698K nova-api-INPUT all -- * * 0.0.0.0/0 0.0.0.0/0
  8. 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
  9. 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
  10. 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
  11. 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
  13. Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
  14. pkts bytes target prot opt in out source destination
  15. 90447 167M nova-filter-top all -- * * 0.0.0.0/0 0.0.0.0/0
  16. 46230 3923K nova-network-FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0
  17. 0 0 nova-compute-FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0
  18. 0 0 nova-api-FORWARD all -- * * 0.0.0.0/0 0.0.0.0/0
  19. 0 0 ACCEPT all -- * virbr0 0.0.0.0/0 192.168.122.0/24 state RELATED,ESTABLISHED
  20. 0 0 ACCEPT all -- virbr0 * 192.168.122.0/24 0.0.0.0/0
  21. 0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0
  22. 0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
  23. 0 0 REJECT all -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
  25. Chain OUTPUT (policy ACCEPT 16993 packets, 9661K bytes)
  26. pkts bytes target prot opt in out source destination
  27. 17317 9710K nova-filter-top all -- * * 0.0.0.0/0 0.0.0.0/0
  28. 16993 9661K nova-network-OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0
  29. 16993 9661K nova-compute-OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0
  30. 16993 9661K nova-api-OUTPUT all -- * * 0.0.0.0/0 0.0.0.0/0
  32. Chain nova-api-FORWARD (1 references)
  33. pkts bytes target prot opt in out source destination
  35. Chain nova-api-INPUT (1 references)
  36. pkts bytes target prot opt in out source destination
  37. 120 10118 ACCEPT tcp -- * * 0.0.0.0/0 10.20.0.1 tcp dpt:8775
  39. Chain nova-api-OUTPUT (1 references)
  40. pkts bytes target prot opt in out source destination
  42. Chain nova-api-local (1 references)
  43. pkts bytes target prot opt in out source destination
  45. Chain nova-compute-FORWARD (1 references)
  46. pkts bytes target prot opt in out source destination
  47. 0 0 ACCEPT all -- br1 * 0.0.0.0/0 0.0.0.0/0
  48. 0 0 ACCEPT all -- * br1 0.0.0.0/0 0.0.0.0/0
  50. Chain nova-compute-INPUT (1 references)
  51. pkts bytes target prot opt in out source destination
  53. Chain nova-compute-OUTPUT (1 references)
  54. pkts bytes target prot opt in out source destination
  56. Chain nova-compute-inst-5 (1 references)
  57. pkts bytes target prot opt in out source destination
  58. 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
  59. 44516 163M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
  60. 25 1671 nova-compute-provider all -- * * 0.0.0.0/0 0.0.0.0/0
  61. 1 339 ACCEPT udp -- * * 192.168.1.1 0.0.0.0/0 udp spt:67 dpt:68
  62. 4 240 ACCEPT all -- * * 192.168.1.0/24 0.0.0.0/0
  63. 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
  64. 3 164 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
  65. 12 636 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
  66. 5 292 nova-compute-sg-fallback all -- * * 0.0.0.0/0 0.0.0.0/0
  68. Chain nova-compute-local (1 references)
  69. pkts bytes target prot opt in out source destination
  70. 44541 163M nova-compute-inst-5 all -- * * 0.0.0.0/0 192.168.1.3
  72. Chain nova-compute-provider (1 references)
  73. pkts bytes target prot opt in out source destination
  75. Chain nova-compute-sg-fallback (1 references)
  76. pkts bytes target prot opt in out source destination
  77. 5 292 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
  79. Chain nova-filter-top (2 references)
  80. pkts bytes target prot opt in out source destination
  81. 108K 177M nova-network-local all -- * * 0.0.0.0/0 0.0.0.0/0
  82. 108K 177M nova-compute-local all -- * * 0.0.0.0/0 0.0.0.0/0
  83. 63223 14M nova-api-local all -- * * 0.0.0.0/0 0.0.0.0/0
  85. Chain nova-network-FORWARD (1 references)
  86. pkts bytes target prot opt in out source destination
  87. 46230 3923K ACCEPT all -- br1 * 0.0.0.0/0 0.0.0.0/0
  88. 0 0 ACCEPT all -- * br1 0.0.0.0/0 0.0.0.0/0
  89. 0 0 ACCEPT udp -- * * 0.0.0.0/0 192.168.1.2 udp dpt:1194
  91. Chain nova-network-INPUT (1 references)
  92. pkts bytes target prot opt in out source destination
  93. 35 11480 ACCEPT udp -- br1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
  94. 0 0 ACCEPT tcp -- br1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
  95. 151 10154 ACCEPT udp -- br1 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
  96. 0 0 ACCEPT tcp -- br1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
  98. Chain nova-network-OUTPUT (1 references)
  99. pkts bytes target prot opt in out source destination
  101. Chain nova-network-local (1 references)
  102. pkts bytes target prot opt in out source destination