1. List all network interfaces
$ nmcli d
DEVICE TYPE STATE CONNECTION
enp0s3 ethernet connected enp0s3
virbr0 bridge connected virbr0
lo loopback unmanaged --
virbr0-nic tun unmanaged --
2.
$ sudo iptables -L --line-number
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT udp -- anywhere anywhere udp dpt:domain
2 ACCEPT tcp -- anywhere anywhere tcp dpt:domain
3 ACCEPT udp -- anywhere anywhere udp dpt:bootps
4 ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
5 ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
6 ACCEPT all -- anywhere anywhere
7 INPUT_direct all -- anywhere anywhere
8 INPUT_ZONES_SOURCE all -- anywhere anywhere
9 INPUT_ZONES all -- anywhere anywhere
10 DROP all -- anywhere anywhere ctstate INVALID
11 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- anywhere 192.168.122.0/24 ctstate RELATED,ESTABLISHED
2 ACCEPT all -- 192.168.122.0/24 anywhere
3 ACCEPT all -- anywhere anywhere
4 REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
5 REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
6 ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
7 ACCEPT all -- anywhere anywhere
8 FORWARD_direct all -- anywhere anywhere
9 FORWARD_IN_ZONES_SOURCE all -- anywhere anywhere
10 FORWARD_IN_ZONES all -- anywhere anywhere
11 FORWARD_OUT_ZONES_SOURCE all -- anywhere anywhere
12 FORWARD_OUT_ZONES all -- anywhere anywhere
13 DROP all -- anywhere anywhere ctstate INVALID
14 REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT udp -- anywhere anywhere udp dpt:bootpc
2 ACCEPT all -- anywhere anywhere
3 OUTPUT_direct all -- anywhere anywhere
Chain FORWARD_IN_ZONES (1 references)
num target prot opt source destination
1 FWDI_public all -- anywhere anywhere [goto]
2 FWDI_public all -- anywhere anywhere [goto]
Chain FORWARD_IN_ZONES_SOURCE (1 references)
num target prot opt source destination
Chain FORWARD_OUT_ZONES (1 references)
num target prot opt source destination
1 FWDO_public all -- anywhere anywhere [goto]
2 FWDO_public all -- anywhere anywhere [goto]
Chain FORWARD_OUT_ZONES_SOURCE (1 references)
num target prot opt source destination
Chain FORWARD_direct (1 references)
num target prot opt source destination
Chain FWDI_public (2 references)
num target prot opt source destination
1 FWDI_public_log all -- anywhere anywhere
2 FWDI_public_deny all -- anywhere anywhere
3 FWDI_public_allow all -- anywhere anywhere
4 ACCEPT icmp -- anywhere anywhere
Chain FWDI_public_allow (1 references)
num target prot opt source destination
Chain FWDI_public_deny (1 references)
num target prot opt source destination
Chain FWDI_public_log (1 references)
num target prot opt source destination
Chain FWDO_public (2 references)
num target prot opt source destination
1 FWDO_public_log all -- anywhere anywhere
2 FWDO_public_deny all -- anywhere anywhere
3 FWDO_public_allow all -- anywhere anywhere
Chain FWDO_public_allow (1 references)
num target prot opt source destination
Chain FWDO_public_deny (1 references)
num target prot opt source destination
Chain FWDO_public_log (1 references)
num target prot opt source destination
Chain INPUT_ZONES (1 references)
num target prot opt source destination
1 IN_public all -- anywhere anywhere [goto]
2 IN_public all -- anywhere anywhere [goto]
Chain INPUT_ZONES_SOURCE (1 references)
num target prot opt source destination
Chain INPUT_direct (1 references)
num target prot opt source destination
Chain IN_public (2 references)
num target prot opt source destination
1 IN_public_log all -- anywhere anywhere
2 IN_public_deny all -- anywhere anywhere
3 IN_public_allow all -- anywhere anywhere
4 ACCEPT icmp -- anywhere anywhere
Chain IN_public_allow (1 references)
num target prot opt source destination
1 ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW,UNTRACKED
Chain IN_public_deny (1 references)
num target prot opt source destination
Chain IN_public_log (1 references)
num target prot opt source destination
Chain OUTPUT_direct (1 references)
num target prot opt source destination
2. Block all connection
$ sudo iptables -A INPUT -j DROP
$ sudo iptables -A OUTPUT -j DROP
3. Delete the appended rules
$ sudo iptables -D INPUT 12
$ sudo iptables -D OUTPUT 4