19 lines
558 B
Text
19 lines
558 B
Text
chain default {
|
|
counter name "zone-default"
|
|
# Packets not belonging to any interface group traverse this chain.
|
|
# This is usually for handling traffic originating from inside containers
|
|
# addressed to the host itself, i.e. not forwarded but coming from e.g.
|
|
# cni-podman* or docker-* interfaces.
|
|
|
|
# source address based allow-/blocklist
|
|
jump xlist-lookup
|
|
|
|
jump default-zone-svc
|
|
jump proto-filter
|
|
|
|
# accept all (bridged) veth traffic to the host
|
|
ip saddr @set_private_net_v4 accept
|
|
ip6 saddr @set_private_net_v6 accept
|
|
|
|
goto $DEFAULT_VERDICT
|
|
}
|