1 *mangle 2 :PREROUTING ACCEPT [0:0] 3 :INPUT ACCEPT [0:0] 4 :FORWARD ACCEPT [0:0] 5 :OUTPUT ACCEPT [0:0] 6 :POSTROUTING ACCEPT [0:0] 7 :selinux_input - [0:0] 8 :selinux_output - [0:0] 9 :selinux_new_input - [0:0] 10 :selinux_new_output - [0:0] 11 -A INPUT -j selinux_input 12 -A OUTPUT -j selinux_output 13 -A selinux_input -m state --state NEW -j selinux_new_input 14 -A selinux_input -m state --state RELATED,ESTABLISHED -j CONNSECMARK --restore 15 -A selinux_output -m state --state NEW -j selinux_new_output 16 -A selinux_output -m state --state RELATED,ESTABLISHED -j CONNSECMARK --restore 17 -A selinux_new_input -j SECMARK --selctx system_u:object_r:server_packet_t 18 -A selinux_new_output -j SECMARK --selctx system_u:object_r:client_packet_t 19 -A selinux_new_input -p tcp --dport 80 -j SECMARK --selctx system_u:object_r:http_server_packet_t 20 -A selinux_new_output -p tcp --dport 80 -j SECMARK --selctx system_u:object_r:http_client_packet_t 21 -A selinux_new_input -j CONNSECMARK --save 22 -A selinux_new_input -j RETURN 23 -A selinux_new_output -j CONNSECMARK --save 24 -A selinux_new_output -j RETURN 25 COMMIT 26
