1 pre *mangle 2 pre :PREROUTING ACCEPT [0:0] 3 pre :INPUT ACCEPT [0:0] 4 pre :FORWARD ACCEPT [0:0] 5 pre :OUTPUT ACCEPT [0:0] 6 pre :POSTROUTING ACCEPT [0:0] 7 pre :selinux_input - [0:0] 8 pre :selinux_output - [0:0] 9 pre :selinux_new_input - [0:0] 10 pre :selinux_new_output - [0:0] 11 # a comment 12 pre -A INPUT -j selinux_input 13 pre -A OUTPUT -j selinux_output 14 pre -A selinux_input -m state --state NEW -j selinux_new_input 15 pre -A selinux_input -m state --state RELATED,ESTABLISHED -j CONNSECMARK --restore 16 pre -A selinux_output -m state --state NEW -j selinux_new_output 17 # another comment 18 pre -A selinux_output -m state --state RELATED,ESTABLISHED -j CONNSECMARK --restore 19 base-A selinux_new_input -j SECMARK --selctx system_u:object_r:server_packet_t 20 module -A selinux_new_input -p tcp --dport 80 -j SECMARK --selctx system_u:object_r:http_server_packet_t 21 post -A selinux_new_input -j CONNSECMARK --save 22 post -A selinux_new_input -j RETURN 23 base -A selinux_new_output -j SECMARK --selctx system_u:object_r:client_packet_t 24 module -A selinux_new_output -p tcp --dport 80 -j SECMARK --selctx system_u:object_r:http_client_packet_t 25 post -A selinux_new_output -j CONNSECMARK --save 26 post -A selinux_new_output -j RETURN 27 post COMMIT 28
