Thanks for the followup, Jeff. I tried to reproduce the bug locally but failed. Here are the steps I did:
1) Inside a Focal test environment, installed all the libvirt packages mentioned by you. 2) Verified that the iptables rules added by libvirt are also present, as in your case. 3) Edited (virsh net-edit --network default) the XML file and changed the forward mode to "open", and restarted the libvirt service. 4) Noticed that the iptables rules are *still* present and exactly as they were before the libvirt restart. This is because, as Lena explained, these rules need to be cleaned up manually. 5) Restarted the machine in order to guarantee a clean environment. 6) Verified that the libvirt service is still active, but now the iptables rules are: # iptables-save | grep -i virt :LIBVIRT_PRT - [0:0] -A POSTROUTING -j LIBVIRT_PRT :LIBVIRT_PRT - [0:0] -A POSTROUTING -j LIBVIRT_PRT :LIBVIRT_FWI - [0:0] :LIBVIRT_FWO - [0:0] :LIBVIRT_FWX - [0:0] :LIBVIRT_INP - [0:0] :LIBVIRT_OUT - [0:0] -A INPUT -j LIBVIRT_INP -A FORWARD -j LIBVIRT_FWX -A FORWARD -j LIBVIRT_FWI -A FORWARD -j LIBVIRT_FWO -A OUTPUT -j LIBVIRT_OUT which is different than before, and reflect what I'd expect from the "open" forward mode. The test was made using the following packages: # dpkg -l | grep libvirt ii libvirt-clients 6.0.0-0ubuntu8.16 amd64 Programs for the libvirt library ii libvirt-daemon 6.0.0-0ubuntu8.16 amd64 Virtualization daemon ii libvirt-daemon-driver-qemu 6.0.0-0ubuntu8.16 amd64 Virtualization daemon QEMU connection driver ii libvirt-daemon-driver-storage-rbd 6.0.0-0ubuntu8.16 amd64 Virtualization daemon RBD storage driver ii libvirt-daemon-system 6.0.0-0ubuntu8.16 amd64 Libvirt daemon configuration files ii libvirt-daemon-system-systemd 6.0.0-0ubuntu8.16 amd64 Libvirt daemon configuration files (systemd) ii libvirt0:amd64 6.0.0-0ubuntu8.16 amd64 library for interfacing with different virtualization systems Could you please double check and make sure that your rules are indeed being cleaned before you restart the libvirt service? It seems to me that this may be the root cause of what you're experiencing. Thanks. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1971619 Title: forward mode open is adding libvirt iptables rules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1971619/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
