etc/xtables.conf - platform/external/iptables - Gitiles

 family ipv4 {
 	table raw {
 		chain PREROUTING hook NF_INET_PRE_ROUTING prio -300
 		chain OUTPUT hook NF_INET_LOCAL_OUT prio -300
 	}

 	table mangle {
 		chain PREROUTING hook NF_INET_PRE_ROUTING prio -150
 		chain INPUT hook NF_INET_LOCAL_IN prio -150
 		chain FORWARD hook NF_INET_FORWARD prio -150
 		chain OUTPUT hook NF_INET_LOCAL_OUT prio -150
 		chain POSTROUTING hook NF_INET_POST_ROUTING prio -150
 	}

 	table filter {
 		chain INPUT hook NF_INET_LOCAL_IN prio 0
 		chain FORWARD hook NF_INET_FORWARD prio 0
 		chain OUTPUT hook NF_INET_LOCAL_OUT prio 0
 	}

 	table nat {
 		chain PREROUTING hook NF_INET_PRE_ROUTING prio -100
 		chain INPUT hook NF_INET_LOCAL_IN prio -100
 		chain OUTPUT hook NF_INET_LOCAL_OUT prio 100
 		chain POSTROUTING hook NF_INET_POST_ROUTING prio 100
 	}

 	table security {
 		chain INPUT hook NF_INET_LOCAL_IN prio 50
 		chain FORWARD hook NF_INET_FORWARD prio 50
 		chain OUTPUT hook NF_INET_LOCAL_OUT prio 50
 	}
 }

 family ipv6 {
 	table raw {
 		chain PREROUTING hook NF_INET_PRE_ROUTING prio -300
 		chain OUTPUT hook NF_INET_LOCAL_OUT prio -300
 	}

 	table mangle {
 		chain PREROUTING hook NF_INET_PRE_ROUTING prio -150
 		chain INPUT hook NF_INET_LOCAL_IN prio -150
 		chain FORWARD hook NF_INET_FORWARD prio -150
 		chain OUTPUT hook NF_INET_LOCAL_OUT prio -150
 		chain POSTROUTING hook NF_INET_POST_ROUTING prio -150
 	}

 	table filter {
 		chain INPUT hook NF_INET_LOCAL_IN prio 0
 		chain FORWARD hook NF_INET_FORWARD prio 0
 		chain OUTPUT hook NF_INET_LOCAL_OUT prio 0
 	}

 	table nat {
 		chain PREROUTING hook NF_INET_PRE_ROUTING prio -100
 		chain INPUT hook NF_INET_LOCAL_IN prio -100
 		chain OUTPUT hook NF_INET_LOCAL_OUT prio 100
 		chain POSTROUTING hook NF_INET_POST_ROUTING prio 100
 	}

 	table security {
 		chain INPUT hook NF_INET_LOCAL_IN prio 50
 		chain FORWARD hook NF_INET_FORWARD prio 50
 		chain OUTPUT hook NF_INET_LOCAL_OUT prio 50
 	}
 }

 family arp {
 	table filter {
 		chain INPUT hook NF_ARP_IN prio 0
 		chain FORWARD hook NF_ARP_FORWARD prio 0
 		chain OUTPUT hook NF_ARP_OUT prio 0
 	}
 }
	family ipv4 {
	table raw {
	chain PREROUTING hook NF_INET_PRE_ROUTING prio -300
	chain OUTPUT hook NF_INET_LOCAL_OUT prio -300
	}

	table mangle {
	chain PREROUTING hook NF_INET_PRE_ROUTING prio -150
	chain INPUT hook NF_INET_LOCAL_IN prio -150
	chain FORWARD hook NF_INET_FORWARD prio -150
	chain OUTPUT hook NF_INET_LOCAL_OUT prio -150
	chain POSTROUTING hook NF_INET_POST_ROUTING prio -150
	}

	table filter {
	chain INPUT hook NF_INET_LOCAL_IN prio 0
	chain FORWARD hook NF_INET_FORWARD prio 0
	chain OUTPUT hook NF_INET_LOCAL_OUT prio 0
	}

	table nat {
	chain PREROUTING hook NF_INET_PRE_ROUTING prio -100
	chain INPUT hook NF_INET_LOCAL_IN prio -100
	chain OUTPUT hook NF_INET_LOCAL_OUT prio 100
	chain POSTROUTING hook NF_INET_POST_ROUTING prio 100
	}

	table security {
	chain INPUT hook NF_INET_LOCAL_IN prio 50
	chain FORWARD hook NF_INET_FORWARD prio 50
	chain OUTPUT hook NF_INET_LOCAL_OUT prio 50
	}
	}

	family ipv6 {
	table raw {
	chain PREROUTING hook NF_INET_PRE_ROUTING prio -300
	chain OUTPUT hook NF_INET_LOCAL_OUT prio -300
	}

	table mangle {
	chain PREROUTING hook NF_INET_PRE_ROUTING prio -150
	chain INPUT hook NF_INET_LOCAL_IN prio -150
	chain FORWARD hook NF_INET_FORWARD prio -150
	chain OUTPUT hook NF_INET_LOCAL_OUT prio -150
	chain POSTROUTING hook NF_INET_POST_ROUTING prio -150
	}

	table filter {
	chain INPUT hook NF_INET_LOCAL_IN prio 0
	chain FORWARD hook NF_INET_FORWARD prio 0
	chain OUTPUT hook NF_INET_LOCAL_OUT prio 0
	}

	table nat {
	chain PREROUTING hook NF_INET_PRE_ROUTING prio -100
	chain INPUT hook NF_INET_LOCAL_IN prio -100
	chain OUTPUT hook NF_INET_LOCAL_OUT prio 100
	chain POSTROUTING hook NF_INET_POST_ROUTING prio 100
	}

	table security {
	chain INPUT hook NF_INET_LOCAL_IN prio 50
	chain FORWARD hook NF_INET_FORWARD prio 50
	chain OUTPUT hook NF_INET_LOCAL_OUT prio 50
	}
	}

	family arp {
	table filter {
	chain INPUT hook NF_ARP_IN prio 0
	chain FORWARD hook NF_ARP_FORWARD prio 0
	chain OUTPUT hook NF_ARP_OUT prio 0
	}
	}