armadillo:/var/app/volumes/backup/log# iptables -S
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N MYCHAIN
-N NETAVARK_FORWARD
-N NETAVARK_INPUT
-N NETAVARK_ISOLATION_2
-N NETAVARK_ISOLATION_3
-A INPUT -m comment --comment "netavark firewall rules" -j NETAVARK_INPUT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j MYCHAIN
-A FORWARD -m comment --comment "netavark firewall rules" -j NETAVARK_FORWARD
-A MYCHAIN -s 113.xxx.xxx.xxx/32 -j ACCEPT
-A MYCHAIN -s 164.xxx.xxx.xxx/32 -j ACCEPT
-A MYCHAIN -p udp -m udp --dport 53 -j ACCEPT
-A MYCHAIN -p tcp -m tcp --dport 53 -j ACCEPT
-A MYCHAIN -s 169.254.0.0/16 -j ACCEPT
-A MYCHAIN -s 192.168.200.0/24 -j ACCEPT
-A MYCHAIN -j DROP
-A NETAVARK_FORWARD -m conntrack --ctstate INVALID -j DROP
-A NETAVARK_FORWARD -d 10.88.0.0/16 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A NETAVARK_FORWARD -s 10.88.0.0/16 -j ACCEPT
-A NETAVARK_INPUT -s 10.88.0.0/16 -p udp -m udp --dport 153 -j ACCEPT
-A NETAVARK_INPUT -s 10.88.0.0/16 -p tcp -m tcp --dport 153 -j ACCEPT
-A NETAVARK_ISOLATION_3 -o podman0 -j DROP
-A NETAVARK_ISOLATION_3 -j NETAVARK_ISOLATION_2

armadillo:/var/app/volumes/backup/log# cat /proc/net/nf_conntrack
ipv4     2 tcp      6 431960 ESTABLISHED src=192.168.15.152 dst=34.199.160.42 sport=56250 dport=443 src=34.199.160.42 dst=192.168.15.152 sport=443 dport=56250 [ASSURED] mark=0 zone=0 use=2
ipv4     2 icmp     1 4 src=192.168.15.152 dst=8.8.8.8 type=8 code=0 id=11793 src=8.8.8.8 dst=192.168.15.152 type=0 code=0 id=11793 mark=0 zone=0 use=2
ipv4     2 udp      17 18 src=169.254.182.214 dst=224.0.0.251 sport=5353 dport=5353 [UNREPLIED] src=224.0.0.251 dst=169.254.182.214 sport=5353 dport=5353 mark=0 zone=0 use=2