{ "Enabled": true, "Version": 1, "SystemRules": [ { "Rule": { "Table": "mangle", "Chain": "OUTPUT", "Enabled": false, "Position": "0", "Description": "Allow icmp", "Parameters": "-p icmp", "Expressions": [], "Target": "ACCEPT", "TargetParameters": "" }, "Chains": [] }, { "Chains": [ { "Name": "forward", "Table": "filter", "Family": "inet", "Priority": "", "Type": "filter", "Hook": "forward", "Policy": "accept", "Rules": [] }, { "Name": "output", "Table": "filter", "Family": "inet", "Priority": "", "Type": "filter", "Hook": "output", "Policy": "accept", "Rules": [] }, { "Name": "input", "Table": "filter", "Family": "inet", "Priority": "", "Type": "filter", "Hook": "input", "Policy": "accept", "Rules": [ { "Enabled": false, "Position": "0", "Description": "Allow SSH server connections when input policy is DROP", "Parameters": "", "Expressions": [ { "Statement": { "Op": "", "Name": "tcp", "Values": [ { "Key": "dport", "Value": "22" } ] } } ], "Target": "accept", "TargetParameters": "" } ] }, { "Name": "filter-prerouting", "Table": "nat", "Family": "inet", "Priority": "", "Type": "filter", "Hook": "prerouting", "Policy": "accept", "Rules": [] }, { "Name": "prerouting", "Table": "mangle", "Family": "inet", "Priority": "", "Type": "mangle", "Hook": "prerouting", "Policy": "accept", "Rules": [] }, { "Name": "postrouting", "Table": "mangle", "Family": "inet", "Priority": "", "Type": "mangle", "Hook": "postrouting", "Policy": "accept", "Rules": [] }, { "Name": "prerouting", "Table": "nat", "Family": "inet", "Priority": "", "Type": "natdest", "Hook": "prerouting", "Policy": "accept", "Rules": [] }, { "Name": "postrouting", "Table": "nat", "Family": "inet", "Priority": "", "Type": "natsource", "Hook": "postrouting", "Policy": "accept", "Rules": [] }, { "Name": "input", "Table": "nat", "Family": "inet", "Priority": "", "Type": "natsource", "Hook": "input", "Policy": "accept", "Rules": [] }, { "Name": "output", "Table": "nat", "Family": "inet", "Priority": "", "Type": "natdest", "Hook": "output", "Policy": "accept", "Rules": [] }, { "Name": "output", "Table": "mangle", "Family": "inet", "Priority": "", "Type": "mangle", "Hook": "output", "Policy": "accept", "Rules": [ { "Enabled": true, "Position": "0", "Description": "Allow ICMP", "Expressions": [ { "Statement": { "Op": "", "Name": "icmp", "Values": [ { "Key": "type", "Value": "echo-request,echo-reply,destination-unreachable" } ] } } ], "Target": "accept", "TargetParameters": "" }, { "Enabled": true, "Position": "0", "Description": "Allow ICMPv6", "Expressions": [ { "Statement": { "Op": "", "Name": "icmpv6", "Values": [ { "Key": "type", "Value": "echo-request,echo-reply,destination-unreachable" } ] } } ], "Target": "accept", "TargetParameters": "" }, { "Enabled": false, "Position": "0", "Description": "Exclude WireGuard VPN from being intercepted", "Parameters": "", "Expressions": [ { "Statement": { "Op": "", "Name": "udp", "Values": [ { "Key": "dport", "Value": "51820" } ] } } ], "Target": "accept", "TargetParameters": "" } ] }, { "Name": "forward", "Table": "mangle", "Family": "inet", "Priority": "", "Type": "mangle", "Hook": "forward", "Policy": "accept", "Rules": [ { "UUID": "7d7394e1-100d-4b87-a90a-cd68c46edb0b", "Enabled": false, "Position": "0", "Description": "Intercept forwarded connections (docker, etc)", "Expressions": [ { "Statement": { "Op": "", "Name": "ct", "Values": [ { "Key": "state", "Value": "new" } ] } } ], "Target": "queue", "TargetParameters": "num 0" } ] } ] } ] }