(typealias iptables_var_run_t)
(typealiasactual iptables_var_run_t iptables_runtime_t)
(roleattribute iptables_roles)
(roleattributeset iptables_roles (system_r ))
(roletype iptables_roles iptables_t)
(roletype iptables_roles ifconfig_t)
(type iptables_t)
(roletype object_r iptables_t)
(type iptables_exec_t)
(roletype object_r iptables_exec_t)
(type iptables_initrc_exec_t)
(roletype object_r iptables_initrc_exec_t)
(type iptables_conf_t)
(roletype object_r iptables_conf_t)
(type iptables_runtime_t)
(roletype object_r iptables_runtime_t)
(type iptables_tmp_t)
(roletype object_r iptables_tmp_t)
(type iptables_unit_t)
(roletype object_r iptables_unit_t)
(roleattributeset cil_gen_require system_r)
(roletype system_r iptables_t)
(typeattributeset cil_gen_require initrc_t)
(typeattributeset cil_gen_require systemprocess)
(typeattributeset systemprocess (iptables_t ))
(typeattributeset cil_gen_require application_domain_type)
(typeattributeset application_domain_type (iptables_t ))
(typeattributeset cil_gen_require domain)
(typeattributeset domain (iptables_t ))
(typeattributeset cil_gen_require init_t)
(typeattributeset cil_gen_require sysfs_t)
(typeattributeset cil_gen_require application_exec_type)
(typeattributeset application_exec_type (iptables_exec_t ))
(typeattributeset cil_gen_require exec_type)
(typeattributeset exec_type (iptables_exec_t iptables_initrc_exec_t ))
(typeattributeset cil_gen_require file_type)
(typeattributeset file_type (iptables_exec_t iptables_initrc_exec_t iptables_conf_t iptables_runtime_t iptables_tmp_t iptables_unit_t ))
(typeattributeset cil_gen_require non_security_file_type)
(typeattributeset non_security_file_type (iptables_exec_t iptables_initrc_exec_t iptables_conf_t iptables_runtime_t iptables_tmp_t iptables_unit_t ))
(typeattributeset cil_gen_require non_auth_file_type)
(typeattributeset non_auth_file_type (iptables_exec_t iptables_initrc_exec_t iptables_conf_t iptables_runtime_t iptables_tmp_t iptables_unit_t ))
(typeattributeset cil_gen_require entry_type)
(typeattributeset entry_type (iptables_exec_t iptables_initrc_exec_t ))
(typeattributeset cil_gen_require init_script_file_type)
(typeattributeset init_script_file_type (iptables_initrc_exec_t ))
(typeattributeset cil_gen_require init_run_all_scripts_domain)
(typeattributeset cil_gen_require configfile)
(typeattributeset configfile (iptables_conf_t ))
(typeattributeset cil_gen_require pidfile)
(typeattributeset pidfile (iptables_runtime_t ))
(typeattributeset cil_gen_require tmpfile)
(typeattributeset tmpfile (iptables_tmp_t ))
(typeattributeset cil_gen_require polymember)
(typeattributeset polymember (iptables_tmp_t ))
(typeattributeset cil_gen_require systemdunit)
(typeattributeset systemdunit (iptables_unit_t ))
(typeattributeset cil_gen_require etc_t)
(typeattributeset cil_gen_require var_t)
(typeattributeset cil_gen_require var_run_t)
(typeattributeset cil_gen_require tmp_t)
(typeattributeset cil_gen_require proc_t)
(typeattributeset cil_gen_require kernel_t)
(typeattributeset cil_gen_require proc_net_t)
(typeattributeset cil_gen_require sysctl_t)
(typeattributeset cil_gen_require sysctl_kernel_t)
(typeattributeset cil_gen_require sysctl_modprobe_t)
(typeattributeset cil_gen_require bin_t)
(typeattributeset cil_gen_require usr_t)
(typeattributeset cil_gen_require shell_exec_t)
(typeattributeset cil_gen_require packet_type)
(typeattributeset cil_gen_require tun_tap_device_t)
(typeattributeset cil_gen_require mtrr_device_t)
(typeattributeset cil_gen_require fs_t)
(typeattributeset cil_gen_require autofs_t)
(typeattributeset cil_gen_require cgroup_types)
(typeattributeset cil_gen_require inotifyfs_t)
(typeattributeset cil_gen_require cgroup_t)
(typeattributeset cil_gen_require mlsfileread)
(typeattributeset mlsfileread (iptables_t ))
(typeattributeset cil_gen_require privfd)
(typeattributeset cil_gen_require etc_runtime_t)
(typeattributeset cil_gen_require nsswitch_domain)
(typeattributeset nsswitch_domain (iptables_t ))
(typeattributeset cil_gen_require initrc_devpts_t)
(typeattributeset cil_gen_require devpts_t)
(typeattributeset cil_gen_require device_t)
(typeattributeset cil_gen_require initrc_tmp_t)
(typeattributeset cil_gen_require syslogd_t)
(typeattributeset cil_gen_require syslogd_runtime_t)
(typeattributeset cil_gen_require devlog_t)
(typeattributeset cil_gen_require init_runtime_t)
(typeattributeset cil_gen_require console_device_t)
(typeattributeset cil_gen_require locale_t)
(typeattributeset cil_gen_require ifconfig_t)
(typeattributeset cil_gen_require ifconfig_exec_t)
(typeattributeset cil_gen_require netlabel_peer_t)
(typeattributeset cil_gen_require netif_t)
(typeattributeset cil_gen_require node_t)
(typeattributeset cil_gen_require dns_port_t)
(typeattributeset cil_gen_require dns_client_packet_t)
(typeattributeset cil_gen_require net_conf_t)
(typeattributeset cil_gen_require user_devpts_t)
(typeattributeset cil_gen_require user_tty_device_t)
(allow iptables_t iptables_exec_t (file (entrypoint)))
(allow iptables_t iptables_exec_t (file (ioctl read getattr lock map execute open)))
(allow initrc_t iptables_exec_t (file (ioctl read getattr map execute open)))
(allow initrc_t iptables_t (process (transition)))
(dontaudit initrc_t iptables_t (process (noatsecure siginh rlimitinh)))
(typetransition initrc_t iptables_exec_t process iptables_t)
(allow iptables_t initrc_t (fd (use)))
(allow iptables_t initrc_t (fifo_file (ioctl read write getattr lock append)))
(allow iptables_t initrc_t (process (sigchld)))
(allow initrc_t iptables_initrc_exec_t (file (entrypoint)))
(allow initrc_t iptables_initrc_exec_t (file (ioctl read getattr lock map execute open)))
(allow init_run_all_scripts_domain iptables_initrc_exec_t (file (ioctl read getattr map execute open)))
(allow init_run_all_scripts_domain initrc_t (process (transition)))
(dontaudit init_run_all_scripts_domain initrc_t (process (noatsecure siginh rlimitinh)))
(typetransition init_run_all_scripts_domain iptables_initrc_exec_t process initrc_t)
(allow initrc_t init_run_all_scripts_domain (fd (use)))
(allow initrc_t init_run_all_scripts_domain (fifo_file (ioctl read write getattr lock append)))
(allow initrc_t init_run_all_scripts_domain (process (sigchld)))
(allow iptables_t self (capability (dac_override dac_read_search net_admin net_raw)))
(dontaudit iptables_t self (capability (sys_tty_config)))
(allow iptables_t self (cap_userns (net_admin net_raw)))
(allow iptables_t self (fifo_file (ioctl read write getattr lock append open)))
(allow iptables_t self (process (sigchld sigkill sigstop signull signal)))
(allow iptables_t self (netlink_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow iptables_t self (netlink_netfilter_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow iptables_t self (rawip_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow iptables_t iptables_conf_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow iptables_t iptables_conf_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow iptables_t etc_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition iptables_t etc_t file iptables_conf_t)
(allow iptables_t iptables_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow iptables_t iptables_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(allow iptables_t iptables_runtime_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow iptables_t var_t (dir (getattr open search)))
(allow iptables_t var_run_t (lnk_file (read getattr)))
(allow iptables_t var_run_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition iptables_t var_run_t file iptables_runtime_t)
(allow iptables_t iptables_tmp_t (dir (ioctl read write create getattr setattr lock unlink link rename open add_name remove_name reparent search rmdir)))
(allow iptables_t iptables_tmp_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
(allow iptables_t tmp_t (dir (ioctl read write getattr lock open add_name remove_name search)))
(typetransition iptables_t tmp_t dir iptables_tmp_t)
(typetransition iptables_t tmp_t file iptables_tmp_t)
(allow iptables_t proc_t (filesystem (getattr)))
(allow iptables_t kernel_t (system (module_request)))
(allow iptables_t proc_t (dir (getattr open search)))
(allow iptables_t proc_t (file (ioctl read getattr lock open)))
(allow iptables_t proc_t (dir (getattr open search)))
(allow iptables_t proc_t (lnk_file (read getattr)))
(allow iptables_t proc_t (dir (getattr open search)))
(allow iptables_t proc_t (dir (ioctl read getattr lock open search)))
(allow iptables_t proc_t (dir (getattr open search)))
(allow iptables_t proc_net_t (dir (getattr open search)))
(allow iptables_t proc_net_t (file (ioctl read getattr lock open)))
(allow iptables_t proc_t (dir (getattr open search)))
(allow iptables_t proc_net_t (dir (getattr open search)))
(allow iptables_t proc_net_t (lnk_file (read getattr)))
(allow iptables_t proc_t (dir (getattr open search)))
(allow iptables_t proc_net_t (dir (ioctl read getattr lock open search)))
(allow iptables_t proc_t (dir (getattr open search)))
(allow iptables_t sysctl_t (dir (getattr open search)))
(allow iptables_t sysctl_kernel_t (dir (getattr open search)))
(allow iptables_t sysctl_kernel_t (file (ioctl read getattr lock open)))
(allow iptables_t proc_t (dir (getattr open search)))
(allow iptables_t sysctl_t (dir (getattr open search)))
(allow iptables_t sysctl_kernel_t (dir (ioctl read getattr lock open search)))
(allow iptables_t proc_t (dir (getattr open search)))
(allow iptables_t sysctl_t (dir (getattr open search)))
(allow iptables_t sysctl_kernel_t (dir (getattr open search)))
(allow iptables_t sysctl_modprobe_t (file (ioctl read getattr lock open)))
(allow iptables_t proc_t (dir (getattr open search)))
(allow iptables_t sysctl_t (dir (getattr open search)))
(allow iptables_t sysctl_kernel_t (dir (ioctl read getattr lock open search)))
(allow iptables_t kernel_t (fd (use)))
(allow iptables_t bin_t (dir (getattr open search)))
(allow iptables_t bin_t (lnk_file (read getattr)))
(allow iptables_t usr_t (dir (getattr open search)))
(allow iptables_t bin_t (dir (getattr open search)))
(allow iptables_t bin_t (dir (ioctl read getattr lock open search)))
(allow iptables_t bin_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow iptables_t bin_t (dir (getattr open search)))
(allow iptables_t bin_t (lnk_file (read getattr)))
(allow iptables_t usr_t (dir (getattr open search)))
(allow iptables_t bin_t (dir (getattr open search)))
(allow iptables_t bin_t (dir (ioctl read getattr lock open search)))
(allow iptables_t shell_exec_t (file (ioctl read getattr lock map execute open execute_no_trans)))
(allow iptables_t packet_type (packet (relabelto)))
(dontaudit iptables_t tun_tap_device_t (chr_file (read write)))
(allow iptables_t sysfs_t (dir (getattr open search)))
(allow iptables_t sysfs_t (file (ioctl read getattr lock open)))
(allow iptables_t sysfs_t (dir (getattr open search)))
(allow iptables_t sysfs_t (lnk_file (read getattr)))
(allow iptables_t sysfs_t (dir (getattr open search)))
(allow iptables_t sysfs_t (dir (ioctl read getattr lock open search)))
(dontaudit iptables_t mtrr_device_t (file (write)))
(dontaudit iptables_t mtrr_device_t (chr_file (write)))
(allow iptables_t fs_t (filesystem (getattr)))
(allow iptables_t autofs_t (dir (getattr open search)))
(allow iptables_t cgroup_types (dir (getattr open search)))
(allow iptables_t cgroup_types (dir (ioctl read getattr lock open search)))
(allow iptables_t sysfs_t (dir (getattr open search)))
(allow iptables_t sysfs_t (dir (getattr open search)))
(allow iptables_t inotifyfs_t (dir (ioctl read getattr lock open search)))
(allow iptables_t cgroup_t (dir (ioctl)))
(allow iptables_t sysfs_t (dir (getattr open search)))
(allow iptables_t sysfs_t (dir (getattr open search)))
(allow iptables_t privfd (fd (use)))
(allow iptables_t etc_t (dir (ioctl read getattr lock open search)))
(allow iptables_t etc_t (dir (getattr open search)))
(allow iptables_t etc_t (file (ioctl read getattr lock open)))
(allow iptables_t etc_t (dir (getattr open search)))
(allow iptables_t etc_t (lnk_file (read getattr)))
(allow iptables_t etc_t (dir (ioctl read getattr lock open search)))
(allow iptables_t etc_t (dir (getattr open search)))
(allow iptables_t etc_runtime_t (file (ioctl read getattr lock open)))
(allow iptables_t etc_t (dir (getattr open search)))
(allow iptables_t etc_runtime_t (lnk_file (read getattr)))
(allow iptables_t usr_t (dir (ioctl read getattr lock open search)))
(allow iptables_t usr_t (dir (getattr open search)))
(allow iptables_t usr_t (file (ioctl read getattr lock open)))
(allow iptables_t usr_t (dir (getattr open search)))
(allow iptables_t usr_t (lnk_file (read getattr)))
(allow iptables_t init_t (fd (use)))
(allow iptables_t device_t (dir (getattr open search)))
(allow iptables_t device_t (dir (ioctl read getattr lock open search)))
(allow iptables_t device_t (dir (getattr open search)))
(allow iptables_t device_t (lnk_file (read getattr)))
(allow iptables_t devpts_t (dir (ioctl read getattr lock open search)))
(allow iptables_t initrc_devpts_t (chr_file (ioctl read write getattr lock append open)))
(allow iptables_t initrc_t (fifo_file (ioctl read getattr lock open)))
(allow iptables_t initrc_t (fifo_file (ioctl read write getattr lock append open)))
(allow iptables_t tmp_t (dir (getattr open search)))
(allow iptables_t initrc_tmp_t (dir (getattr open search)))
(allow iptables_t initrc_tmp_t (file (ioctl read write getattr lock append open)))
(allow iptables_t initrc_t (unix_stream_socket (ioctl read write getattr setattr append bind connect getopt setopt shutdown)))
(allow iptables_t devlog_t (sock_file (write getattr append open)))
(allow iptables_t var_run_t (lnk_file (read getattr)))
(allow iptables_t var_t (dir (getattr open search)))
(allow iptables_t var_run_t (dir (getattr open search)))
(allow iptables_t init_runtime_t (dir (getattr open search)))
(allow iptables_t syslogd_runtime_t (dir (getattr open search)))
(allow iptables_t syslogd_t (unix_dgram_socket (sendto)))
(allow iptables_t syslogd_t (unix_stream_socket (connectto)))
(allow iptables_t self (unix_dgram_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow iptables_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow iptables_t device_t (dir (getattr open search)))
(allow iptables_t device_t (dir (ioctl read getattr lock open search)))
(allow iptables_t device_t (dir (getattr open search)))
(allow iptables_t device_t (lnk_file (read getattr)))
(allow iptables_t console_device_t (chr_file (ioctl write getattr lock append open)))
(dontaudit iptables_t console_device_t (chr_file (ioctl read getattr lock open)))
(allow iptables_t etc_t (dir (getattr open search)))
(allow iptables_t etc_t (lnk_file (read getattr)))
(allow iptables_t usr_t (dir (getattr open search)))
(allow iptables_t locale_t (dir (ioctl read getattr lock open search)))
(allow iptables_t locale_t (dir (getattr open search)))
(allow iptables_t locale_t (file (ioctl read getattr lock open)))
(allow iptables_t locale_t (dir (getattr open search)))
(allow iptables_t locale_t (lnk_file (read getattr)))
(allow iptables_t locale_t (file (map)))
(allow iptables_t bin_t (dir (getattr open search)))
(allow iptables_t bin_t (lnk_file (read getattr)))
(allow iptables_t usr_t (dir (getattr open search)))
(allow iptables_t bin_t (dir (getattr open search)))
(allow iptables_t bin_t (lnk_file (read getattr)))
(allow iptables_t usr_t (dir (getattr open search)))
(allow iptables_t ifconfig_exec_t (file (ioctl read getattr map execute open)))
(allow iptables_t ifconfig_t (process (transition)))
(dontaudit iptables_t ifconfig_t (process (noatsecure siginh rlimitinh)))
(typetransition iptables_t ifconfig_exec_t process ifconfig_t)
(allow ifconfig_t iptables_t (fd (use)))
(allow ifconfig_t iptables_t (fifo_file (ioctl read write getattr lock append)))
(allow ifconfig_t iptables_t (process (sigchld)))
(allow iptables_t self (tcp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow iptables_t self (udp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
(allow iptables_t self (netlink_route_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown nlmsg_read)))
(allow iptables_t netlabel_peer_t (peer (recv)))
(allow iptables_t netlabel_peer_t (tcp_socket (recvfrom)))
(allow iptables_t netlabel_peer_t (udp_socket (recvfrom)))
(allow iptables_t netlabel_peer_t (rawip_socket (recvfrom)))
(allow iptables_t netif_t (netif (ingress egress)))
(allow iptables_t netif_t (netif (egress)))
(allow iptables_t netif_t (netif (ingress)))
(allow iptables_t node_t (node (recvfrom sendto)))
(allow iptables_t node_t (node (sendto)))
(allow iptables_t node_t (node (recvfrom)))
(allow iptables_t dns_port_t (tcp_socket (name_connect)))
(allow iptables_t dns_client_packet_t (packet (send)))
(allow iptables_t dns_client_packet_t (packet (recv)))
(allow iptables_t etc_t (dir (getattr open search)))
(allow iptables_t var_run_t (lnk_file (read getattr)))
(allow iptables_t var_t (dir (getattr open search)))
(allow iptables_t var_run_t (dir (getattr open search)))
(allow iptables_t net_conf_t (dir (ioctl read getattr lock open search)))
(allow iptables_t net_conf_t (file (ioctl read getattr lock open)))
(allow iptables_t net_conf_t (lnk_file (read getattr)))
(allow iptables_t device_t (dir (getattr open search)))
(allow iptables_t device_t (dir (ioctl read getattr lock open search)))
(allow iptables_t device_t (dir (getattr open search)))
(allow iptables_t device_t (lnk_file (read getattr)))
(allow iptables_t devpts_t (dir (ioctl read getattr lock open search)))
(allow iptables_t user_devpts_t (chr_file (ioctl read write getattr append)))
(allow iptables_t user_tty_device_t (chr_file (ioctl read write getattr append)))
(optional iptables_optional_2
    (typeattributeset cil_gen_require init_t)
    (allow iptables_t init_t (process (sigchld)))
    (allow iptables_t init_t (process (signull)))
    (optional iptables_optional_3
        (typeattributeset cil_gen_require rpm_t)
        (allow iptables_t rpm_t (fd (use)))
        (allow iptables_t rpm_t (fifo_file (ioctl read getattr lock open)))
    )
    (optional iptables_optional_4
        (typeattributeset cil_gen_require security_t)
        (typeattributeset cil_gen_require sysfs_t)
        (dontaudit iptables_t security_t (filesystem (getattr)))
        (dontaudit iptables_t sysfs_t (filesystem (getattr)))
        (dontaudit iptables_t sysfs_t (dir (getattr open search)))
        (dontaudit iptables_t security_t (dir (getattr open search)))
        (dontaudit iptables_t security_t (file (ioctl read getattr lock open)))
    )
    (optional iptables_optional_5
        (typeattributeset cil_gen_require selinux_config_t)
        (dontaudit iptables_t selinux_config_t (dir (getattr open search)))
        (dontaudit iptables_t selinux_config_t (file (ioctl read getattr lock open)))
    )
    (optional iptables_optional_6
        (typeattributeset cil_gen_require var_t)
        (typeattributeset cil_gen_require var_run_t)
        (typeattributeset cil_gen_require avahi_t)
        (typeattributeset cil_gen_require avahi_runtime_t)
        (allow iptables_t var_run_t (lnk_file (read getattr)))
        (allow iptables_t var_t (dir (getattr open search)))
        (allow iptables_t var_run_t (dir (getattr open search)))
        (allow iptables_t avahi_runtime_t (dir (getattr open search)))
        (allow iptables_t avahi_runtime_t (sock_file (write getattr append open)))
        (allow iptables_t avahi_t (unix_stream_socket (connectto)))
    )
    (optional iptables_optional_7
        (typeattributeset cil_gen_require var_t)
        (typeattributeset cil_gen_require var_run_t)
        (typeattributeset cil_gen_require NetworkManager_runtime_t)
        (allow iptables_t var_run_t (lnk_file (read getattr)))
        (allow iptables_t var_t (dir (getattr open search)))
        (allow iptables_t var_run_t (dir (getattr open search)))
        (allow iptables_t NetworkManager_runtime_t (dir (getattr open search)))
        (allow iptables_t NetworkManager_runtime_t (file (ioctl read getattr lock open)))
    )
    (optional iptables_optional_8
        (typeattributeset cil_gen_require var_t)
        (typeattributeset cil_gen_require var_run_t)
        (typeattributeset cil_gen_require nscd_t)
        (typeattributeset cil_gen_require nscd_runtime_t)
        (booleanif (nscd_use_shm)
            (true
                (allow iptables_t nscd_runtime_t (sock_file (read getattr open)))
                (allow iptables_t nscd_runtime_t (dir (ioctl read getattr lock open search)))
                (dontaudit iptables_t nscd_runtime_t (file (ioctl read getattr lock open)))
                (allow iptables_t nscd_t (unix_stream_socket (connectto)))
                (allow iptables_t nscd_runtime_t (sock_file (write getattr append open)))
                (allow iptables_t nscd_runtime_t (dir (getattr open search)))
                (allow iptables_t var_run_t (dir (getattr open search)))
                (allow iptables_t var_t (dir (getattr open search)))
                (allow iptables_t var_run_t (lnk_file (read getattr)))
                (allow iptables_t nscd_t (fd (use)))
                (allow iptables_t nscd_t (nscd (getgrp gethost getpwd shmemgrp shmemhost shmempwd)))
                (allow iptables_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown)))
            )
            (false
                (allow nscd_t iptables_t (process (getattr)))
                (allow nscd_t iptables_t (lnk_file (read getattr)))
                (allow nscd_t iptables_t (file (ioctl read getattr lock open)))
                (allow nscd_t iptables_t (dir (ioctl read getattr lock open search)))
                (dontaudit iptables_t nscd_runtime_t (file (ioctl read getattr lock open)))
                (allow iptables_t nscd_t (unix_stream_socket (connectto)))
                (allow iptables_t nscd_runtime_t (sock_file (write getattr append open)))
                (allow iptables_t nscd_runtime_t (dir (getattr open search)))
                (allow iptables_t var_run_t (dir (getattr open search)))
                (allow iptables_t var_t (dir (getattr open search)))
                (allow iptables_t var_run_t (lnk_file (read getattr)))
                (dontaudit iptables_t nscd_t (nscd (shmemgrp shmemhost shmempwd getserv shmemserv)))
                (dontaudit iptables_t nscd_t (fd (use)))
                (allow iptables_t nscd_t (nscd (getgrp gethost getpwd)))
                (allow iptables_t self (unix_stream_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
            )
        )
    )
    (optional iptables_optional_9
        (typeattributeset cil_gen_require tmp_t)
        (typeattributeset cil_gen_require container_file_t)
        (typeattributeset cil_gen_require container_engine_tmp_t)
        (dontaudit iptables_t container_file_t (chr_file (ioctl read write getattr lock append open)))
        (allow iptables_t tmp_t (dir (getattr open search)))
        (allow iptables_t container_engine_tmp_t (dir (getattr open search)))
        (allow iptables_t container_engine_tmp_t (file (ioctl read getattr lock open)))
    )
    (optional iptables_optional_10
        (typeattributeset cil_gen_require var_t)
        (typeattributeset cil_gen_require fail2ban_log_t)
        (typeattributeset cil_gen_require var_log_t)
        (allow iptables_t var_t (dir (getattr open search)))
        (allow iptables_t var_log_t (dir (getattr open search)))
        (allow iptables_t var_log_t (lnk_file (read getattr)))
        (allow iptables_t fail2ban_log_t (file (ioctl getattr lock append open)))
    )
    (optional iptables_optional_11
        (typeattributeset cil_gen_require etc_t)
        (typeattributeset cil_gen_require var_t)
        (typeattributeset cil_gen_require var_run_t)
        (typeattributeset cil_gen_require firewalld_etc_rw_t)
        (typeattributeset cil_gen_require firewalld_runtime_t)
        (typeattributeset cil_gen_require firewalld_tmp_t)
        (allow iptables_t etc_t (dir (getattr open search)))
        (allow iptables_t firewalld_etc_rw_t (dir (getattr open search)))
        (allow iptables_t firewalld_etc_rw_t (file (ioctl read getattr lock open)))
        (allow iptables_t var_run_t (lnk_file (read getattr)))
        (allow iptables_t var_t (dir (getattr open search)))
        (allow iptables_t var_run_t (dir (getattr open search)))
        (allow iptables_t firewalld_runtime_t (dir (getattr open search)))
        (allow iptables_t firewalld_runtime_t (file (ioctl read getattr lock open)))
        (dontaudit iptables_t firewalld_tmp_t (file (read write)))
    )
    (optional iptables_optional_12
        (typeattributeset cil_gen_require firstboot_t)
        (allow iptables_t firstboot_t (fd (use)))
        (allow iptables_t firstboot_t (fifo_file (ioctl read write getattr lock append)))
    )
    (optional iptables_optional_13
        (typeattributeset cil_gen_require kubernetes_container_engine_domain)
        (allow iptables_t kubernetes_container_engine_domain (fifo_file (ioctl read write getattr lock append open)))
    )
    (optional iptables_optional_14
        (roleattributeset cil_gen_require kmod_roles)
        (typeattributeset cil_gen_require bin_t)
        (typeattributeset cil_gen_require usr_t)
        (typeattributeset cil_gen_require kmod_t)
        (typeattributeset cil_gen_require kmod_exec_t)
        (roleattributeset cil_gen_require kmod_roles)
        (roleattributeset kmod_roles (iptables_roles ))
        (allow iptables_t bin_t (dir (getattr open search)))
        (allow iptables_t bin_t (lnk_file (read getattr)))
        (allow iptables_t usr_t (dir (getattr open search)))
        (allow iptables_t kmod_exec_t (file (ioctl read getattr map execute open)))
        (allow iptables_t kmod_t (process (transition)))
        (dontaudit iptables_t kmod_t (process (noatsecure siginh rlimitinh)))
        (typetransition iptables_t kmod_exec_t process kmod_t)
        (allow kmod_t iptables_t (fd (use)))
        (allow kmod_t iptables_t (fifo_file (ioctl read write getattr lock append)))
        (allow kmod_t iptables_t (process (sigchld)))
    )
    (optional iptables_optional_15
        (typeattributeset cil_gen_require etc_t)
        (typeattributeset cil_gen_require var_t)
        (typeattributeset cil_gen_require var_run_t)
        (typeattributeset cil_gen_require netlabel_peer_t)
        (typeattributeset cil_gen_require netif_t)
        (typeattributeset cil_gen_require node_t)
        (typeattributeset cil_gen_require net_conf_t)
        (typeattributeset cil_gen_require var_yp_t)
        (typeattributeset cil_gen_require port_t)
        (typeattributeset cil_gen_require defined_port_type)
        (typeattributeset cil_gen_require reserved_port_type)
        (typeattributeset cil_gen_require port_type)
        (typeattributeset cil_gen_require portmap_port_t)
        (typeattributeset cil_gen_require reserved_port_t)
        (typeattributeset cil_gen_require portmap_client_packet_t)
        (typeattributeset cil_gen_require client_packet_t)
        (typeattributeset cil_gen_require server_packet_t)
        (booleanif (allow_ypbind)
            (true
                (allow iptables_t net_conf_t (lnk_file (read getattr)))
                (allow iptables_t net_conf_t (file (ioctl read getattr lock open)))
                (allow iptables_t net_conf_t (dir (ioctl read getattr lock open search)))
                (allow iptables_t var_run_t (dir (getattr open search)))
                (allow iptables_t var_t (dir (getattr open search)))
                (allow iptables_t var_run_t (lnk_file (read getattr)))
                (allow iptables_t etc_t (dir (getattr open search)))
                (allow iptables_t server_packet_t (packet (recv)))
                (allow iptables_t server_packet_t (packet (send)))
                (allow iptables_t client_packet_t (packet (recv)))
                (allow iptables_t client_packet_t (packet (send)))
                (allow iptables_t portmap_client_packet_t (packet (recv)))
                (allow iptables_t portmap_client_packet_t (packet (send)))
                (dontaudit iptables_t port_type (tcp_socket (name_connect)))
                (allow iptables_t port_t (tcp_socket (name_connect)))
                (allow iptables_t reserved_port_t (tcp_socket (name_connect)))
                (allow iptables_t portmap_port_t (tcp_socket (name_connect)))
                (dontaudit iptables_t port_type (udp_socket (name_bind)))
                (dontaudit iptables_t port_type (tcp_socket (name_bind)))
                (dontaudit iptables_t reserved_port_type (udp_socket (name_bind)))
                (dontaudit iptables_t reserved_port_type (tcp_socket (name_bind)))
                (dontaudit iptables_t defined_port_type (udp_socket (name_bind)))
                (allow iptables_t port_t (udp_socket (name_bind)))
                (dontaudit iptables_t defined_port_type (tcp_socket (name_bind)))
                (allow iptables_t port_t (tcp_socket (name_bind)))
                (allow iptables_t node_t (udp_socket (node_bind)))
                (allow iptables_t node_t (tcp_socket (node_bind)))
                (allow iptables_t node_t (node (recvfrom)))
                (allow iptables_t node_t (node (sendto)))
                (allow iptables_t node_t (node (recvfrom sendto)))
                (allow iptables_t netif_t (netif (ingress)))
                (allow iptables_t netif_t (netif (egress)))
                (allow iptables_t netif_t (netif (ingress egress)))
                (allow iptables_t netlabel_peer_t (tcp_socket (recvfrom)))
                (allow iptables_t netlabel_peer_t (udp_socket (recvfrom)))
                (allow iptables_t netlabel_peer_t (rawip_socket (recvfrom)))
                (allow iptables_t netlabel_peer_t (peer (recv)))
                (allow iptables_t var_yp_t (lnk_file (read getattr)))
                (allow iptables_t var_yp_t (file (ioctl read getattr lock open)))
                (allow iptables_t var_yp_t (dir (ioctl read getattr lock open search)))
                (allow iptables_t self (udp_socket (ioctl read write create getattr setattr append bind connect getopt setopt shutdown)))
                (allow iptables_t self (tcp_socket (ioctl read write create getattr setattr append bind connect listen accept getopt setopt shutdown)))
                (allow iptables_t self (capability (net_bind_service)))
            )
        )
    )
    (optional iptables_optional_16
        (typeattributeset cil_gen_require pppd_t)
        (dontaudit iptables_t pppd_t (fd (use)))
    )
    (optional iptables_optional_17
        (typeattributeset cil_gen_require tmp_t)
        (typeattributeset cil_gen_require psad_tmp_t)
        (allow iptables_t tmp_t (dir (getattr open search)))
        (allow iptables_t psad_tmp_t (dir (getattr open search)))
        (allow iptables_t psad_tmp_t (file (ioctl read write getattr lock append open)))
    )
    (optional iptables_optional_18
        (typeattributeset cil_gen_require etc_t)
        (typeattributeset cil_gen_require var_t)
        (typeattributeset cil_gen_require tmp_t)
        (typeattributeset cil_gen_require shorewall_tmp_t)
        (typeattributeset cil_gen_require shorewall_var_lib_t)
        (typeattributeset cil_gen_require var_lib_t)
        (typeattributeset cil_gen_require shorewall_etc_t)
        (allow iptables_t tmp_t (dir (getattr open search)))
        (allow iptables_t shorewall_tmp_t (dir (getattr open search)))
        (allow iptables_t shorewall_tmp_t (file (ioctl read getattr lock open)))
        (allow iptables_t var_t (dir (getattr open search)))
        (allow iptables_t var_lib_t (dir (getattr open search)))
        (allow iptables_t shorewall_var_lib_t (dir (getattr open search)))
        (allow iptables_t shorewall_var_lib_t (file (ioctl read write getattr lock append open)))
        (allow iptables_t etc_t (dir (getattr open search)))
        (allow iptables_t shorewall_etc_t (dir (getattr open search)))
        (allow iptables_t shorewall_etc_t (file (ioctl read getattr lock open)))
    )
    (optional iptables_optional_19
        (typeattributeset cil_gen_require var_t)
        (typeattributeset cil_gen_require var_run_t)
        (typeattributeset cil_gen_require udev_runtime_t)
        (allow iptables_t var_run_t (lnk_file (read getattr)))
        (allow iptables_t var_t (dir (getattr open search)))
        (allow iptables_t var_run_t (dir (getattr open search)))
        (allow iptables_t udev_runtime_t (dir (ioctl read write getattr lock open add_name remove_name search)))
        (allow iptables_t udev_runtime_t (file (ioctl read write create getattr setattr lock append unlink link rename open)))
    )
)
(filecon "/etc/rc\.d/init\.d/ip6?tables" file (system_u object_r iptables_initrc_exec_t (systemlow systemlow)))
(filecon "/etc/rc\.d/init\.d/ebtables" file (system_u object_r iptables_initrc_exec_t (systemlow systemlow)))
(filecon "/etc/rc\.d/init\.d/nftables" file (system_u object_r iptables_initrc_exec_t (systemlow systemlow)))
(filecon "/etc/sysconfig/ip6?tables.*" file (system_u object_r iptables_conf_t (systemlow systemlow)))
(filecon "/etc/sysconfig/system-config-firewall.*" file (system_u object_r iptables_conf_t (systemlow systemlow)))
(filecon "/run/ebtables\.lock" file (system_u object_r iptables_runtime_t (systemlow systemlow)))
(filecon "/run/xtables.*" file (system_u object_r iptables_runtime_t (systemlow systemlow)))
(filecon "/usr/bin/conntrack" file (system_u object_r iptables_exec_t (systemlow systemlow)))
(filecon "/usr/bin/ebtables" file (system_u object_r iptables_exec_t (systemlow systemlow)))
(filecon "/usr/bin/ebtables-restore" file (system_u object_r iptables_exec_t (systemlow systemlow)))
(filecon "/usr/bin/ipchains.*" file (system_u object_r iptables_exec_t (systemlow systemlow)))
(filecon "/usr/bin/ipset" file (system_u object_r iptables_exec_t (systemlow systemlow)))
(filecon "/usr/bin/ip6?tables" file (system_u object_r iptables_exec_t (systemlow systemlow)))
(filecon "/usr/bin/ip6?tables-multi" file (system_u object_r iptables_exec_t (systemlow systemlow)))
(filecon "/usr/bin/ip6?tables-restore" file (system_u object_r iptables_exec_t (systemlow systemlow)))
(filecon "/usr/bin/ipvsadm" file (system_u object_r iptables_exec_t (systemlow systemlow)))
(filecon "/usr/bin/ipvsadm-restore" file (system_u object_r iptables_exec_t (systemlow systemlow)))
(filecon "/usr/bin/ipvsadm-save" file (system_u object_r iptables_exec_t (systemlow systemlow)))
(filecon "/usr/bin/nft" file (system_u object_r iptables_exec_t (systemlow systemlow)))
(filecon "/usr/bin/xtables-compat-multi" file (system_u object_r iptables_exec_t (systemlow systemlow)))
(filecon "/usr/bin/xtables-legacy-multi" file (system_u object_r iptables_exec_t (systemlow systemlow)))
(filecon "/usr/bin/xtables-multi" file (system_u object_r iptables_exec_t (systemlow systemlow)))
(filecon "/usr/bin/xtables-nft-multi" file (system_u object_r iptables_exec_t (systemlow systemlow)))
(filecon "/usr/libexec/nftables/nftables\.sh" file (system_u object_r iptables_exec_t (systemlow systemlow)))
(filecon "/usr/lib/systemd/system/[^/]*arptables.*" file (system_u object_r iptables_unit_t (systemlow systemlow)))
(filecon "/usr/lib/systemd/system/[^/]*ebtables.*" file (system_u object_r iptables_unit_t (systemlow systemlow)))
(filecon "/usr/lib/systemd/system/[^/]*ip6tables.*" file (system_u object_r iptables_unit_t (systemlow systemlow)))
(filecon "/usr/lib/systemd/system/[^/]*iptables.*" file (system_u object_r iptables_unit_t (systemlow systemlow)))
(filecon "/usr/sbin/conntrack" file (system_u object_r iptables_exec_t (systemlow systemlow)))
(filecon "/usr/sbin/ebtables" file (system_u object_r iptables_exec_t (systemlow systemlow)))
(filecon "/usr/sbin/ebtables-restore" file (system_u object_r iptables_exec_t (systemlow systemlow)))
(filecon "/usr/sbin/ipchains.*" file (system_u object_r iptables_exec_t (systemlow systemlow)))
(filecon "/usr/sbin/ipset" file (system_u object_r iptables_exec_t (systemlow systemlow)))
(filecon "/usr/sbin/ip6?tables" file (system_u object_r iptables_exec_t (systemlow systemlow)))
(filecon "/usr/sbin/ip6?tables-multi" file (system_u object_r iptables_exec_t (systemlow systemlow)))
(filecon "/usr/sbin/ip6?tables-restore" file (system_u object_r iptables_exec_t (systemlow systemlow)))
(filecon "/usr/sbin/ipvsadm" file (system_u object_r iptables_exec_t (systemlow systemlow)))
(filecon "/usr/sbin/ipvsadm-restore" file (system_u object_r iptables_exec_t (systemlow systemlow)))
(filecon "/usr/sbin/ipvsadm-save" file (system_u object_r iptables_exec_t (systemlow systemlow)))
(filecon "/usr/sbin/nft" file (system_u object_r iptables_exec_t (systemlow systemlow)))
(filecon "/usr/sbin/xtables-compat-multi" file (system_u object_r iptables_exec_t (systemlow systemlow)))
(filecon "/usr/sbin/xtables-legacy-multi" file (system_u object_r iptables_exec_t (systemlow systemlow)))
(filecon "/usr/sbin/xtables-multi" file (system_u object_r iptables_exec_t (systemlow systemlow)))
(filecon "/usr/sbin/xtables-nft-multi" file (system_u object_r iptables_exec_t (systemlow systemlow)))
(filecon "/var/lib/ip6?tables(/.*)?" any (system_u object_r iptables_conf_t (systemlow systemlow)))
(filecon "/var/lib/nftables(/.*)?" any (system_u object_r iptables_conf_t (systemlow systemlow)))
