# Generated by ip6tables-save v1.4.21 on Sat Mar 28 05:21:26 2020
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:openstack-INPUT - [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -m comment --comment "000 accept related established rules ipv6" -j ACCEPT
-A INPUT -p ipv6-icmp -m state --state NEW -m comment --comment "001 accept all icmp ipv6" -j ACCEPT
-A INPUT -i lo -m state --state NEW -m comment --comment "002 accept all to lo interface ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 22 -m state --state NEW -m comment --comment "003 accept ssh from all ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 22 -m state --state NEW -m comment --comment "003 accept ssh from any ipv6" -j ACCEPT
-A INPUT -d fe80::/64 -p udp -m multiport --dports 546 -m state --state NEW -m comment --comment "004 accept ipv6 dhcpv6 ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 9292 -m state --state NEW -m comment --comment "100 glance_api_haproxy ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 13292 -m state --state NEW -m comment --comment "100 glance_api_haproxy_ssl ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 8004 -m state --state NEW -m comment --comment "100 heat_api_haproxy ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 13004 -m state --state NEW -m comment --comment "100 heat_api_haproxy_ssl ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 8000 -m state --state NEW -m comment --comment "100 heat_cfn_haproxy ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 13005 -m state --state NEW -m comment --comment "100 heat_cfn_haproxy_ssl ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 5050 -m state --state NEW -m comment --comment "100 ironic-inspector_haproxy ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 13050 -m state --state NEW -m comment --comment "100 ironic-inspector_haproxy_ssl ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 6385 -m state --state NEW -m comment --comment "100 ironic_haproxy ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 13385 -m state --state NEW -m comment --comment "100 ironic_haproxy_ssl ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 35357 -m state --state NEW -m comment --comment "100 keystone_admin_haproxy ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 5000 -m state --state NEW -m comment --comment "100 keystone_public_haproxy ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 13000 -m state --state NEW -m comment --comment "100 keystone_public_haproxy_ssl ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 8989 -m state --state NEW -m comment --comment "100 mistral_haproxy ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 13989 -m state --state NEW -m comment --comment "100 mistral_haproxy_ssl ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 3306 -m state --state NEW -m comment --comment "100 mysql_haproxy ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 9696 -m state --state NEW -m comment --comment "100 neutron_haproxy ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 13696 -m state --state NEW -m comment --comment "100 neutron_haproxy_ssl ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 8775 -m state --state NEW -m comment --comment "100 nova_metadata_haproxy ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 8774 -m state --state NEW -m comment --comment "100 nova_osapi_haproxy ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 13774 -m state --state NEW -m comment --comment "100 nova_osapi_haproxy_ssl ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 8778 -m state --state NEW -m comment --comment "100 nova_placement_haproxy ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 13778 -m state --state NEW -m comment --comment "100 nova_placement_haproxy_ssl ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 8080 -m state --state NEW -m comment --comment "100 swift_proxy_server_haproxy ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 13808 -m state --state NEW -m comment --comment "100 swift_proxy_server_haproxy_ssl ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 3000 -m state --state NEW -m comment --comment "100 ui_haproxy ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 443 -m state --state NEW -m comment --comment "100 ui_haproxy_ssl ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 8888 -m state --state NEW -m comment --comment "100 zaqar_api_haproxy ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 13888 -m state --state NEW -m comment --comment "100 zaqar_api_haproxy_ssl ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 9000 -m state --state NEW -m comment --comment "100 zaqar_ws_haproxy ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 9000 -m state --state NEW -m comment --comment "100 zaqar_ws_haproxy_ssl ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 873,3306,4444,4567,4568,9200 -m state --state NEW -m comment --comment "104 mysql galera ipv6" -j ACCEPT
-A INPUT -p udp -m multiport --dports 123 -m state --state NEW -m comment --comment "105 ntp ipv6" -j ACCEPT
-A INPUT -p vrrp -m state --state NEW -m comment --comment "106 keepalived vrrp ipv6" -j ACCEPT
-A INPUT -p vrrp -m state --state NEW -m comment --comment "106 neutron_l3 vrrp ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 1993 -m state --state NEW -m comment --comment "107 haproxy stats ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 4369,5672,25672 -m state --state NEW -m comment --comment "109 rabbitmq ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 5000,13000,35357 -m state --state NEW -m comment --comment "111 keystone ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 9292,13292 -m state --state NEW -m comment --comment "112 glance_api ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 8774,13774,8775 -m state --state NEW -m comment --comment "113 nova_api ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 9000,8888,3000,13888 -m state --state NEW -m comment --comment "113 zaqar_api ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 9696,13696 -m state --state NEW -m comment --comment "114 neutron api ipv6" -j ACCEPT
-A INPUT -p udp -m multiport --dports 67 -m state --state NEW -m comment --comment "115 neutron dhcp input ipv6" -j ACCEPT
-A INPUT -p udp -m multiport --dports 4789 -m state --state NEW -m comment --comment "118 neutron vxlan networks ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 8080,13808 -m state --state NEW -m comment --comment "122 swift proxy ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 873,6000,6001,6002 -m state --state NEW -m comment --comment "123 swift storage ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 8004,13004 -m state --state NEW -m comment --comment "125 heat_api ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 8000,13800 -m state --state NEW -m comment --comment "125 heat_cfn ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 6385,13385 -m state --state NEW -m comment --comment "133 ironic api ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 8989,13989 -m state --state NEW -m comment --comment "133 mistral ipv6" -j ACCEPT
-A INPUT -p udp -m multiport --dports 69 -m state --state NEW -m comment --comment "134 ironic conductor TFTP ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 8088 -m state --state NEW -m comment --comment "135 ironic conductor HTTP ipv6" -j ACCEPT
-A INPUT -p gre -m comment --comment "136 neutron gre networks ipv6" -j ACCEPT
-A INPUT -i br-ctlplane -p udp -m multiport --dports 67 -m state --state NEW -m comment --comment "137 ironic-inspector dhcp input ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 5050 -m state --state NEW -m comment --comment "137 ironic-inspector ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 8778,13778 -m state --state NEW -m comment --comment "138 nova_placement ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 8775,13775 -m state --state NEW -m comment --comment "139 nova_metadata ipv6" -j ACCEPT
-A INPUT -p tcp -m multiport --dports 8787,13787 -m state --state NEW -m comment --comment "155 docker-registry ipv6" -j ACCEPT
-A INPUT -j openstack-INPUT
-A INPUT -m state --state NEW -m limit --limit 20/min --limit-burst 15 -m comment --comment "998 log all ipv6" -j LOG
-A INPUT -m state --state NEW -m comment --comment "999 drop all ipv6" -j DROP
-A OUTPUT -p udp -m multiport --dports 68 -m state --state NEW -m comment --comment "116 neutron dhcp output ipv6" -j ACCEPT
-A OUTPUT -p udp -m multiport --dports 68 -m state --state NEW -m comment --comment "137 ironic-inspector dhcp output ipv6" -j ACCEPT
-A openstack-INPUT -i lo -j ACCEPT
-A openstack-INPUT -p ipv6-icmp -j ACCEPT
-A openstack-INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A openstack-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A openstack-INPUT -p tcp -m state --state NEW -m tcp --dport 19885 -j ACCEPT
-A openstack-INPUT -j REJECT --reject-with icmp6-adm-prohibited
COMMIT
# Completed on Sat Mar 28 05:21:26 2020