1*mangle 2:PREROUTING ACCEPT [0:0] 3:INPUT ACCEPT [0:0] 4:FORWARD ACCEPT [0:0] 5:OUTPUT ACCEPT [0:0] 6:POSTROUTING ACCEPT [0:0] 7:selinux_input - [0:0] 8:selinux_output - [0:0] 9:selinux_new_input - [0:0] 10:selinux_new_output - [0:0] 11-A INPUT -j selinux_input 12-A OUTPUT -j selinux_output 13-A selinux_input -m state --state NEW -j selinux_new_input 14-A selinux_input -m state --state RELATED,ESTABLISHED -j CONNSECMARK --restore 15-A selinux_output -m state --state NEW -j selinux_new_output 16-A selinux_output -m state --state RELATED,ESTABLISHED -j CONNSECMARK --restore 17-A selinux_new_input -j SECMARK --selctx system_u:object_r:server_packet_t 18-A selinux_new_output -j SECMARK --selctx system_u:object_r:client_packet_t 19-A selinux_new_input -p tcp --dport 80 -j SECMARK --selctx system_u:object_r:http_server_packet_t 20-A selinux_new_output -p tcp --dport 80 -j SECMARK --selctx system_u:object_r:http_client_packet_t 21-A selinux_new_input -j CONNSECMARK --save 22-A selinux_new_input -j RETURN 23-A selinux_new_output -j CONNSECMARK --save 24-A selinux_new_output -j RETURN 25COMMIT 26