iptables-save - wrong source address

1. # Generated by iptables-save v1.8.4 on Fri Sep 4 12:08:32 2020
2. *nat
3. :PREROUTING ACCEPT [2:124]
4. :INPUT ACCEPT [0:0]
5. :OUTPUT ACCEPT [25:2120]
6. :POSTROUTING ACCEPT [25:2120]
7. :DOCKER - [0:0]
8. :OUTPUT_direct - [0:0]
9. :POSTROUTING_ZONES - [0:0]
10. :POSTROUTING_direct - [0:0]
11. :POST_FedoraWorkstation - [0:0]
12. :POST_FedoraWorkstation_allow - [0:0]
13. :POST_FedoraWorkstation_deny - [0:0]
14. :POST_FedoraWorkstation_log - [0:0]
15. :POST_FedoraWorkstation_post - [0:0]
16. :POST_FedoraWorkstation_pre - [0:0]
17. :POST_docker - [0:0]
18. :POST_docker_allow - [0:0]
19. :POST_docker_deny - [0:0]
20. :POST_docker_log - [0:0]
21. :POST_docker_post - [0:0]
22. :POST_docker_pre - [0:0]
23. :PREROUTING_ZONES - [0:0]
24. :PREROUTING_direct - [0:0]
25. :PRE_FedoraWorkstation - [0:0]
26. :PRE_FedoraWorkstation_allow - [0:0]
27. :PRE_FedoraWorkstation_deny - [0:0]
28. :PRE_FedoraWorkstation_log - [0:0]
29. :PRE_FedoraWorkstation_post - [0:0]
30. :PRE_FedoraWorkstation_pre - [0:0]
31. :PRE_docker - [0:0]
32. :PRE_docker_allow - [0:0]
33. :PRE_docker_deny - [0:0]
34. :PRE_docker_log - [0:0]
35. :PRE_docker_post - [0:0]
36. :PRE_docker_pre - [0:0]
37. [2:124] -A PREROUTING -j PREROUTING_direct
38. [2:124] -A PREROUTING -j PREROUTING_ZONES
39. [0:0] -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
40. [25:2120] -A OUTPUT -j OUTPUT_direct
41. [0:0] -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
42. [1:92] -A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
43. [25:2120] -A POSTROUTING -j POSTROUTING_direct
44. [25:2120] -A POSTROUTING -j POSTROUTING_ZONES
45. [0:0] -A DOCKER -i docker0 -j RETURN
46. [8:608] -A POSTROUTING_ZONES -o wlp4s0 -g POST_FedoraWorkstation
47. [0:0] -A POSTROUTING_ZONES -o docker0 -g POST_docker
48. [17:1512] -A POSTROUTING_ZONES -g POST_FedoraWorkstation
49. [25:2120] -A POST_FedoraWorkstation -j POST_FedoraWorkstation_pre
50. [25:2120] -A POST_FedoraWorkstation -j POST_FedoraWorkstation_log
51. [25:2120] -A POST_FedoraWorkstation -j POST_FedoraWorkstation_deny
52. [25:2120] -A POST_FedoraWorkstation -j POST_FedoraWorkstation_allow
53. [25:2120] -A POST_FedoraWorkstation -j POST_FedoraWorkstation_post
54. [0:0] -A POST_docker -j POST_docker_pre
55. [0:0] -A POST_docker -j POST_docker_log
56. [0:0] -A POST_docker -j POST_docker_deny
57. [0:0] -A POST_docker -j POST_docker_allow
58. [0:0] -A POST_docker -j POST_docker_post
59. [1:32] -A PREROUTING_ZONES -i wlp4s0 -g PRE_FedoraWorkstation
60. [1:92] -A PREROUTING_ZONES -i docker0 -g PRE_docker
61. [0:0] -A PREROUTING_ZONES -g PRE_FedoraWorkstation
62. [1:32] -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_pre
63. [1:32] -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_log
64. [1:32] -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_deny
65. [1:32] -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_allow
66. [1:32] -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_post
67. [1:92] -A PRE_docker -j PRE_docker_pre
68. [1:92] -A PRE_docker -j PRE_docker_log
69. [1:92] -A PRE_docker -j PRE_docker_deny
70. [1:92] -A PRE_docker -j PRE_docker_allow
71. [1:92] -A PRE_docker -j PRE_docker_post
72. COMMIT
73. # Completed on Fri Sep 4 12:08:32 2020
74. # Generated by iptables-save v1.8.4 on Fri Sep 4 12:08:32 2020
75. *mangle
76. :PREROUTING ACCEPT [187:55457]
77. :INPUT ACCEPT [184:55181]
78. :FORWARD ACCEPT [3:276]
79. :OUTPUT ACCEPT [171:26825]
80. :POSTROUTING ACCEPT [174:27101]
81. :FORWARD_direct - [0:0]
82. :INPUT_direct - [0:0]
83. :OUTPUT_direct - [0:0]
84. :POSTROUTING_direct - [0:0]
85. :PREROUTING_ZONES - [0:0]
86. :PREROUTING_direct - [0:0]
87. :PRE_FedoraWorkstation - [0:0]
88. :PRE_FedoraWorkstation_allow - [0:0]
89. :PRE_FedoraWorkstation_deny - [0:0]
90. :PRE_FedoraWorkstation_log - [0:0]
91. :PRE_FedoraWorkstation_post - [0:0]
92. :PRE_FedoraWorkstation_pre - [0:0]
93. :PRE_docker - [0:0]
94. :PRE_docker_allow - [0:0]
95. :PRE_docker_deny - [0:0]
96. :PRE_docker_log - [0:0]
97. :PRE_docker_post - [0:0]
98. :PRE_docker_pre - [0:0]
99. [187:55457] -A PREROUTING -j PREROUTING_direct
100. [187:55457] -A PREROUTING -j PREROUTING_ZONES
101. [184:55181] -A INPUT -j INPUT_direct
102. [3:276] -A FORWARD -j FORWARD_direct
103. [171:26825] -A OUTPUT -j OUTPUT_direct
104. [174:27101] -A POSTROUTING -j POSTROUTING_direct
105. [131:32234] -A PREROUTING_ZONES -i wlp4s0 -g PRE_FedoraWorkstation
106. [3:276] -A PREROUTING_ZONES -i docker0 -g PRE_docker
107. [53:22947] -A PREROUTING_ZONES -g PRE_FedoraWorkstation
108. [184:55181] -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_pre
109. [184:55181] -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_log
110. [184:55181] -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_deny
111. [184:55181] -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_allow
112. [184:55181] -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_post
113. [3:276] -A PRE_docker -j PRE_docker_pre
114. [3:276] -A PRE_docker -j PRE_docker_log
115. [3:276] -A PRE_docker -j PRE_docker_deny
116. [3:276] -A PRE_docker -j PRE_docker_allow
117. [3:276] -A PRE_docker -j PRE_docker_post
118. COMMIT
119. # Completed on Fri Sep 4 12:08:32 2020
120. # Generated by iptables-save v1.8.4 on Fri Sep 4 12:08:32 2020
121. *raw
122. :PREROUTING ACCEPT [187:55457]
123. :OUTPUT ACCEPT [171:26825]
124. :OUTPUT_direct - [0:0]
125. :PREROUTING_ZONES - [0:0]
126. :PREROUTING_direct - [0:0]
127. :PRE_FedoraWorkstation - [0:0]
128. :PRE_FedoraWorkstation_allow - [0:0]
129. :PRE_FedoraWorkstation_deny - [0:0]
130. :PRE_FedoraWorkstation_log - [0:0]
131. :PRE_FedoraWorkstation_post - [0:0]
132. :PRE_FedoraWorkstation_pre - [0:0]
133. :PRE_docker - [0:0]
134. :PRE_docker_allow - [0:0]
135. :PRE_docker_deny - [0:0]
136. :PRE_docker_log - [0:0]
137. :PRE_docker_post - [0:0]
138. :PRE_docker_pre - [0:0]
139. [187:55457] -A PREROUTING -j PREROUTING_direct
140. [187:55457] -A PREROUTING -j PREROUTING_ZONES
141. [171:26825] -A OUTPUT -j OUTPUT_direct
142. [131:32234] -A PREROUTING_ZONES -i wlp4s0 -g PRE_FedoraWorkstation
143. [3:276] -A PREROUTING_ZONES -i docker0 -g PRE_docker
144. [53:22947] -A PREROUTING_ZONES -g PRE_FedoraWorkstation
145. [184:55181] -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_pre
146. [184:55181] -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_log
147. [184:55181] -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_deny
148. [184:55181] -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_allow
149. [184:55181] -A PRE_FedoraWorkstation -j PRE_FedoraWorkstation_post
150. [0:0] -A PRE_FedoraWorkstation_allow -p udp -m udp --dport 137 -j CT --helper netbios-ns
151. [3:276] -A PRE_docker -j PRE_docker_pre
152. [3:276] -A PRE_docker -j PRE_docker_log
153. [3:276] -A PRE_docker -j PRE_docker_deny
154. [3:276] -A PRE_docker -j PRE_docker_allow
155. [3:276] -A PRE_docker -j PRE_docker_post
156. COMMIT
157. # Completed on Fri Sep 4 12:08:32 2020
158. # Generated by iptables-save v1.8.4 on Fri Sep 4 12:08:32 2020
159. *security
160. :INPUT ACCEPT [183:55149]
161. :FORWARD ACCEPT [3:276]
162. :OUTPUT ACCEPT [171:26825]
163. :FORWARD_direct - [0:0]
164. :INPUT_direct - [0:0]
165. :OUTPUT_direct - [0:0]
166. [183:55149] -A INPUT -j INPUT_direct
167. [3:276] -A FORWARD -j FORWARD_direct
168. [171:26825] -A OUTPUT -j OUTPUT_direct
169. COMMIT
170. # Completed on Fri Sep 4 12:08:32 2020
171. # Generated by iptables-save v1.8.4 on Fri Sep 4 12:08:32 2020
172. *filter
173. :INPUT ACCEPT [0:0]
174. :FORWARD ACCEPT [0:0]
175. :OUTPUT ACCEPT [171:26825]
176. :DOCKER - [0:0]
177. :DOCKER-ISOLATION-STAGE-1 - [0:0]
178. :DOCKER-ISOLATION-STAGE-2 - [0:0]
179. :DOCKER-USER - [0:0]
180. :FORWARD_IN_ZONES - [0:0]
181. :FORWARD_OUT_ZONES - [0:0]
182. :FORWARD_direct - [0:0]
183. :FWDI_FedoraWorkstation - [0:0]
184. :FWDI_FedoraWorkstation_allow - [0:0]
185. :FWDI_FedoraWorkstation_deny - [0:0]
186. :FWDI_FedoraWorkstation_log - [0:0]
187. :FWDI_FedoraWorkstation_post - [0:0]
188. :FWDI_FedoraWorkstation_pre - [0:0]
189. :FWDI_docker - [0:0]
190. :FWDI_docker_allow - [0:0]
191. :FWDI_docker_deny - [0:0]
192. :FWDI_docker_log - [0:0]
193. :FWDI_docker_post - [0:0]
194. :FWDI_docker_pre - [0:0]
195. :FWDO_FedoraWorkstation - [0:0]
196. :FWDO_FedoraWorkstation_allow - [0:0]
197. :FWDO_FedoraWorkstation_deny - [0:0]
198. :FWDO_FedoraWorkstation_log - [0:0]
199. :FWDO_FedoraWorkstation_post - [0:0]
200. :FWDO_FedoraWorkstation_pre - [0:0]
201. :FWDO_docker - [0:0]
202. :FWDO_docker_allow - [0:0]
203. :FWDO_docker_deny - [0:0]
204. :FWDO_docker_log - [0:0]
205. :FWDO_docker_post - [0:0]
206. :FWDO_docker_pre - [0:0]
207. :INPUT_ZONES - [0:0]
208. :INPUT_direct - [0:0]
209. :IN_FedoraWorkstation - [0:0]
210. :IN_FedoraWorkstation_allow - [0:0]
211. :IN_FedoraWorkstation_deny - [0:0]
212. :IN_FedoraWorkstation_log - [0:0]
213. :IN_FedoraWorkstation_post - [0:0]
214. :IN_FedoraWorkstation_pre - [0:0]
215. :IN_docker - [0:0]
216. :IN_docker_allow - [0:0]
217. :IN_docker_deny - [0:0]
218. :IN_docker_log - [0:0]
219. :IN_docker_post - [0:0]
220. :IN_docker_pre - [0:0]
221. :OUTPUT_direct - [0:0]
222. [183:55149] -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED,DNAT -j ACCEPT
223. [0:0] -A INPUT -i lo -j ACCEPT
224. [1:32] -A INPUT -j INPUT_direct
225. [1:32] -A INPUT -j INPUT_ZONES
226. [0:0] -A INPUT -m conntrack --ctstate INVALID -j LOG --log-prefix "STATE_INVALID_DROP: "
227. [0:0] -A INPUT -m conntrack --ctstate INVALID -j DROP
228. [1:32] -A INPUT -j LOG --log-prefix "FINAL_REJECT: "
229. [1:32] -A INPUT -j REJECT --reject-with icmp-host-prohibited
230. [3:276] -A FORWARD -j DOCKER-USER
231. [3:276] -A FORWARD -j DOCKER-ISOLATION-STAGE-1
232. [0:0] -A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
233. [0:0] -A FORWARD -o docker0 -j DOCKER
234. [3:276] -A FORWARD -i docker0 ! -o docker0 -j ACCEPT
235. [0:0] -A FORWARD -i docker0 -o docker0 -j ACCEPT
236. [0:0] -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED,DNAT -j ACCEPT
237. [0:0] -A FORWARD -i lo -j ACCEPT
238. [0:0] -A FORWARD -j FORWARD_direct
239. [0:0] -A FORWARD -j FORWARD_IN_ZONES
240. [0:0] -A FORWARD -j FORWARD_OUT_ZONES
241. [0:0] -A FORWARD -m conntrack --ctstate INVALID -j LOG --log-prefix "STATE_INVALID_DROP: "
242. [0:0] -A FORWARD -m conntrack --ctstate INVALID -j DROP
243. [0:0] -A FORWARD -j LOG --log-prefix "FINAL_REJECT: "
244. [0:0] -A FORWARD -j REJECT --reject-with icmp-host-prohibited
245. [0:0] -A OUTPUT -o lo -j ACCEPT
246. [171:26825] -A OUTPUT -j OUTPUT_direct
247. [3:276] -A DOCKER-ISOLATION-STAGE-1 -j RETURN
248. [0:0] -A DOCKER-ISOLATION-STAGE-2 -j RETURN
249. [3:276] -A DOCKER-USER -j RETURN
250. [0:0] -A FORWARD_IN_ZONES -i wlp4s0 -g FWDI_FedoraWorkstation
251. [0:0] -A FORWARD_IN_ZONES -i docker0 -g FWDI_docker
252. [0:0] -A FORWARD_IN_ZONES -g FWDI_FedoraWorkstation
253. [0:0] -A FORWARD_OUT_ZONES -o wlp4s0 -g FWDO_FedoraWorkstation
254. [0:0] -A FORWARD_OUT_ZONES -o docker0 -g FWDO_docker
255. [0:0] -A FORWARD_OUT_ZONES -g FWDO_FedoraWorkstation
256. [0:0] -A FWDI_FedoraWorkstation -j FWDI_FedoraWorkstation_pre
257. [0:0] -A FWDI_FedoraWorkstation -j FWDI_FedoraWorkstation_log
258. [0:0] -A FWDI_FedoraWorkstation -j FWDI_FedoraWorkstation_deny
259. [0:0] -A FWDI_FedoraWorkstation -j FWDI_FedoraWorkstation_allow
260. [0:0] -A FWDI_FedoraWorkstation -j FWDI_FedoraWorkstation_post
261. [0:0] -A FWDI_FedoraWorkstation -p icmp -j ACCEPT
262. [0:0] -A FWDI_docker -j FWDI_docker_pre
263. [0:0] -A FWDI_docker -j FWDI_docker_log
264. [0:0] -A FWDI_docker -j FWDI_docker_deny
265. [0:0] -A FWDI_docker -j FWDI_docker_allow
266. [0:0] -A FWDI_docker -j FWDI_docker_post
267. [0:0] -A FWDI_docker -j ACCEPT
268. [0:0] -A FWDO_FedoraWorkstation -j FWDO_FedoraWorkstation_pre
269. [0:0] -A FWDO_FedoraWorkstation -j FWDO_FedoraWorkstation_log
270. [0:0] -A FWDO_FedoraWorkstation -j FWDO_FedoraWorkstation_deny
271. [0:0] -A FWDO_FedoraWorkstation -j FWDO_FedoraWorkstation_allow
272. [0:0] -A FWDO_FedoraWorkstation -j FWDO_FedoraWorkstation_post
273. [0:0] -A FWDO_docker -j FWDO_docker_pre
274. [0:0] -A FWDO_docker -j FWDO_docker_log
275. [0:0] -A FWDO_docker -j FWDO_docker_deny
276. [0:0] -A FWDO_docker -j FWDO_docker_allow
277. [0:0] -A FWDO_docker -j FWDO_docker_post
278. [0:0] -A FWDO_docker -j ACCEPT
279. [1:32] -A INPUT_ZONES -i wlp4s0 -g IN_FedoraWorkstation
280. [0:0] -A INPUT_ZONES -i docker0 -g IN_docker
281. [0:0] -A INPUT_ZONES -g IN_FedoraWorkstation
282. [1:32] -A IN_FedoraWorkstation -j IN_FedoraWorkstation_pre
283. [1:32] -A IN_FedoraWorkstation -j IN_FedoraWorkstation_log
284. [1:32] -A IN_FedoraWorkstation -j IN_FedoraWorkstation_deny
285. [1:32] -A IN_FedoraWorkstation -j IN_FedoraWorkstation_allow
286. [1:32] -A IN_FedoraWorkstation -j IN_FedoraWorkstation_post
287. [0:0] -A IN_FedoraWorkstation -p icmp -j ACCEPT
288. [0:0] -A IN_FedoraWorkstation_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
289. [0:0] -A IN_FedoraWorkstation_allow -p udp -m udp --dport 137 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
290. [0:0] -A IN_FedoraWorkstation_allow -p udp -m udp --dport 138 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
291. [0:0] -A IN_FedoraWorkstation_allow -d 224.0.0.251/32 -p udp -m udp --dport 5353 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
292. [0:0] -A IN_FedoraWorkstation_allow -p udp -m udp --dport 1025:65535 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
293. [0:0] -A IN_FedoraWorkstation_allow -p tcp -m tcp --dport 1025:65535 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
294. [0:0] -A IN_docker -j IN_docker_pre
295. [0:0] -A IN_docker -j IN_docker_log
296. [0:0] -A IN_docker -j IN_docker_deny
297. [0:0] -A IN_docker -j IN_docker_allow
298. [0:0] -A IN_docker -j IN_docker_post
299. [0:0] -A IN_docker -j ACCEPT
300. COMMIT
301. # Completed on Fri Sep 4 12:08:32 2020
302.