1pre *mangle 2pre :PREROUTING ACCEPT [0:0] 3pre :INPUT ACCEPT [0:0] 4pre :FORWARD ACCEPT [0:0] 5pre :OUTPUT ACCEPT [0:0] 6pre :POSTROUTING ACCEPT [0:0] 7pre :selinux_input - [0:0] 8pre :selinux_output - [0:0] 9pre :selinux_new_input - [0:0] 10pre :selinux_new_output - [0:0] 11pre -A INPUT -j selinux_input 12pre -A OUTPUT -j selinux_output 13pre -A selinux_input -m state --state NEW -j selinux_new_input 14pre -A selinux_input -m state --state RELATED,ESTABLISHED -j CONNSECMARK --restore 15pre -A selinux_output -m state --state NEW -j selinux_new_output 16pre -A selinux_output -m state --state RELATED,ESTABLISHED -j CONNSECMARK --restore 17pre -A selinux_new_input -j SECMARK --selctx system_u:object_r:server_packet_t 18base -A selinux_new_input -p tcp --dport 80 -j SECMARK --selctx system_u:object_r:http_server_packet_t 19-A selinux_new_input -j CONNSECMARK --save 20post -A selinux_new_input -j RETURN 21pre -A selinux_new_output -j SECMARK --selctx system_u:object_r:client_packet_t 22module -A selinux_new_output -p tcp --dport 80 -j SECMARK --selctx system_u:object_r:http_client_packet_t 23post -A selinux_new_output -j CONNSECMARK --save 24post -A selinux_new_output -j RETURN 25post COMMIT 26