On Mon, 2019-01-28 at 22:20 +0800, Ed Greshko wrote:
On 1/26/19 6:24 AM, Patrick O'Callaghan wrote:
> $ systemctl status firewalld
> ● firewalld.service - firewalld - dynamic firewall daemon
> Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor
preset: enabled)
> Active: active (running) since Fri 2019-01-25 21:37:32 GMT; 42min ago
> Docs: man:firewalld(1)
> Main PID: 2421 (firewalld)
> Tasks: 3 (limit: 4915)
> Memory: 28.2M
> CGroup: /system.slice/firewalld.service
> └─2421 /usr/bin/python3 /usr/sbin/firewalld --nofork --nopid
>
> Jan 25 21:37:32 bree firewalld[2421]: WARNING: COMMAND_FAILED:
'/usr/sbin/iptables -w10 -w --table filter --delete FORWARD --destination
192.168.122.0/24 --out-in>
> Jan 25 21:37:32 bree firewalld[2421]: WARNING: COMMAND_FAILED:
'/usr/sbin/iptables -w10 -w --table filter --delete FORWARD --source 192.168.122.0/24
--in-interfac>
> Jan 25 21:37:32 bree firewalld[2421]: WARNING: COMMAND_FAILED:
'/usr/sbin/iptables -w10 -w --table filter --delete FORWARD --in-interface virbr0
--out-interface v>
> Jan 25 21:37:32 bree firewalld[2421]: WARNING: COMMAND_FAILED:
'/usr/sbin/iptables -w10 -w --table filter --delete FORWARD --out-interface virbr0
--jump REJECT' f>
> Jan 25 21:37:32 bree firewalld[2421]: WARNING: COMMAND_FAILED:
'/usr/sbin/iptables -w10 -w --table filter --delete FORWARD --in-interface virbr0
--jump REJECT' fa>
> Jan 25 21:37:32 bree firewalld[2421]: WARNING: COMMAND_FAILED:
'/usr/sbin/iptables -w10 -w --table filter --delete INPUT --in-interface virbr0
--protocol udp --de>
> Jan 25 21:37:32 bree firewalld[2421]: WARNING: COMMAND_FAILED:
'/usr/sbin/iptables -w10 -w --table filter --delete INPUT --in-interface virbr0
--protocol tcp --de>
> Jan 25 21:37:33 bree firewalld[2421]: WARNING: COMMAND_FAILED:
'/usr/sbin/iptables -w10 -w --table filter --delete OUTPUT --out-interface virbr0
--protocol udp -->
> Jan 25 21:37:33 bree firewalld[2421]: WARNING: COMMAND_FAILED:
'/usr/sbin/iptables -w10 -w --table filter --delete INPUT --in-interface virbr0
--protocol udp --de>
> Jan 25 21:37:33 bree firewalld[2421]: WARNING: COMMAND_FAILED:
'/usr/sbin/iptables -w10 -w --table filter --delete INPUT --in-interface virbr0
--protocol tcp --de>
Also, note that you won't get those warning messages if you restart your firewall
with
libvirtd stopped. I discovered that when reproducing your issue.
Presumably there won't be a virbr0 with libvirt stopped.
poc