What's the output of *
- Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
- Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!
Even more IP Tables Lunacy
Collapse
X
-
-
Originally posted by stek View PostWhat's the output of *Comment
-
Originally posted by administrator View PostSomebody might be daft enough to try that one
Edit : Just seen your edit of his post.Knock first as I might be balancing my chakras.Comment
-
Have you modified the libvirt filters as you may need to do this, the defaults that come with it might be blocking it: https://libvirt.org/formatnwfilter.html“Brexit is having a wee in the middle of the room at a house party because nobody is talking to you, and then complaining about the smell.”Comment
-
CentOS7? What's the output of 'systemctl status firewalld' ?
EDIT: also try
firewall-cmd --state && echo "Running" || echo "Not running"
?
Not-so-ninja-edit: yikes, what's with the tags?Last edited by Mattski; 5 March 2015, 14:37.Comment
-
Originally posted by Mattski View PostCentOS7? What's the output of 'systemctl status firewalld' ?
EDIT: also try
firewall-cmd --state && echo "Running" || echo "Not running"
?
Not-so-ninja-edit: yikes, what's with the tags?
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: active (running) since Thu 2015-03-05 09:14:04 GMT; 5h 26min ago
Main PID: 12357 (firewalld)
CGroup: /system.slice/firewalld.service
\u2514\u250012357 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Mar 05 09:14:05 maidmentjudd.com firewalld[12357]: 2015-03-05 09:14:05 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete FORWARD --destination 10.0.0.0/24 --in-interface em2 --out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Mar 05 09:14:05 maidmentjudd.com firewalld[12357]: 2015-03-05 09:14:05 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete FORWARD --source 10.0.0.0/24 --in-interface virbr0 --out-interface em2 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Mar 05 09:14:05 maidmentjudd.com firewalld[12357]: 2015-03-05 09:14:05 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete FORWARD --in-interface virbr0 --out-interface virbr0 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Mar 05 09:14:05 maidmentjudd.com firewalld[12357]: 2015-03-05 09:14:05 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete FORWARD --out-interface virbr0 --jump REJECT' failed: iptables: No chain/target/match by that name.
Mar 05 09:14:05 maidmentjudd.com firewalld[12357]: 2015-03-05 09:14:05 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete FORWARD --in-interface virbr0 --jump REJECT' failed: iptables: No chain/target/match by that name.
Mar 05 09:14:05 maidmentjudd.com firewalld[12357]: 2015-03-05 09:14:05 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete INPUT --in-interface virbr0 --protocol udp --destination-port 53 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Mar 05 09:14:06 maidmentjudd.com firewalld[12357]: 2015-03-05 09:14:06 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete INPUT --in-interface virbr0 --protocol tcp --destination-port 53 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Mar 05 09:14:06 maidmentjudd.com firewalld[12357]: 2015-03-05 09:14:06 ERROR: COMMAND_FAILED: '/sbin/iptables --table mangle --delete POSTROUTING --out-interface virbr0 --protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill' failed: iptables: No chain/target/match by that name.
Mar 05 09:14:06 maidmentjudd.com firewalld[12357]: 2015-03-05 09:14:06 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete INPUT --in-interface virbr0 --protocol udp --destination-port 67 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Mar 05 09:14:06 maidmentjudd.com firewalld[12357]: 2015-03-05 09:14:06 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete INPUT --in-interface virbr0 --protocol tcp --destination-port 67 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Knock first as I might be balancing my chakras.Comment
-
That might be it - RHEL7+ uses firewalld by default, not iptables. Give these a try and report back:
firewall-cmd --get-zones
firewall-cmd --get-active-zonesComment
-
systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: active (running) since Thu 2015-03-05 14:44:52 GMT; 42s ago
Main PID: 44375 (firewalld)
CGroup: /system.slice/firewalld.service
\u2514\u250044375 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Mar 05 14:44:53 maidmentjudd.com firewalld[44375]: 2015-03-05 14:44:53 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete FORWARD --destination 10.0.0.0/24 --in-interface em2 --out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Mar 05 14:44:53 maidmentjudd.com firewalld[44375]: 2015-03-05 14:44:53 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete FORWARD --source 10.0.0.0/24 --in-interface virbr0 --out-interface em2 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Mar 05 14:44:53 maidmentjudd.com firewalld[44375]: 2015-03-05 14:44:53 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete FORWARD --in-interface virbr0 --out-interface virbr0 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Mar 05 14:44:54 maidmentjudd.com firewalld[44375]: 2015-03-05 14:44:54 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete FORWARD --out-interface virbr0 --jump REJECT' failed: iptables: No chain/target/match by that name.
Mar 05 14:44:54 maidmentjudd.com firewalld[44375]: 2015-03-05 14:44:54 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete FORWARD --in-interface virbr0 --jump REJECT' failed: iptables: No chain/target/match by that name.
Mar 05 14:44:54 maidmentjudd.com firewalld[44375]: 2015-03-05 14:44:54 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete INPUT --in-interface virbr0 --protocol udp --destination-port 53 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Mar 05 14:44:54 maidmentjudd.com firewalld[44375]: 2015-03-05 14:44:54 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete INPUT --in-interface virbr0 --protocol tcp --destination-port 53 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Mar 05 14:44:54 maidmentjudd.com firewalld[44375]: 2015-03-05 14:44:54 ERROR: COMMAND_FAILED: '/sbin/iptables --table mangle --delete POSTROUTING --out-interface virbr0 --protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill' failed: iptables: No chain/target/match by that name.
Mar 05 14:44:55 maidmentjudd.com firewalld[44375]: 2015-03-05 14:44:55 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete INPUT --in-interface virbr0 --protocol udp --destination-port 67 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Mar 05 14:44:55 maidmentjudd.com firewalld[44375]: 2015-03-05 14:44:55 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete INPUT --in-interface virbr0 --protocol tcp --destination-port 67 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).Knock first as I might be balancing my chakras.Comment
-
Originally posted by Mattski View PostThat might be it - RHEL7+ uses firewalld by default, not iptables. Give these a try and report back:
firewall-cmd --get-zones
firewall-cmd --get-active-zonesKnock first as I might be balancing my chakras.Comment
-
Originally posted by Mattski View PostThat might be it - RHEL7+ uses firewalld by default, not iptables. Give these a try and report back:
firewall-cmd --get-zones
firewall-cmd --get-active-zones
block dmz drop external home internal public trusted work
Knock first as I might be balancing my chakras.Comment
- Home
- News & Features
- First Timers
- IR35 / S660 / BN66
- Employee Benefit Trusts
- Agency Workers Regulations
- MSC Legislation
- Limited Companies
- Dividends
- Umbrella Company
- VAT / Flat Rate VAT
- Job News & Guides
- Money News & Guides
- Guide to Contracts
- Successful Contracting
- Contracting Overseas
- Contractor Calculators
- MVL
- Contractor Expenses
Advertisers
Contractor Services
CUK News
- Streamline Your Retirement with iSIPP: A Solution for Contractor Pensions Sep 1 09:13
- Making the most of pension lump sums: overview for contractors Sep 1 08:36
- Umbrella company tribunal cases are opening up; are your wages subject to unlawful deductions, too? Aug 31 08:38
- Contractors, relabelling 'labour' as 'services' to appear 'fully contracted out' won't dupe IR35 inspectors Aug 31 08:30
- How often does HMRC check tax returns? Aug 30 08:27
- Work-life balance as an IT contractor: 5 top tips from a tech recruiter Aug 30 08:20
- Autumn Statement 2023 tipped to prioritise mental health, in a boost for UK workplaces Aug 29 08:33
- Final reminder for contractors to respond to the umbrella consultation (closing today) Aug 29 08:09
- Top 5 most in demand cyber security contract roles Aug 25 08:38
- Changes to the right to request flexible working are incoming, but how will contractors be affected? Aug 24 08:25
Comment