firewalld is disabled. That's among the very first things I do on servers. Search for 'virbr' and 'FORWARD' under /etc /usr /var /opt (find /$path -type f -print0 | xargs -0 grep -i virbr) doesn't return anything that might set up these rules.
On Wed, 11 Mar 2020 17:22:03 +0300 Konstantin Khorenko <khore...@virtuozzo.com> wrote: > On 03/09/2020 04:12 PM, Dmitry Konstantinov wrote: > > Hello, > > > > I've noticed that after a fresh install I have few filtering rules > > that I do not need and would like to get rid of: > > > > > > [root@localhost ~]# iptables -n -L -v > > Chain INPUT (policy ACCEPT 2353 packets, 161K bytes) pkts bytes > > target prot opt in out source destination > > 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 > > 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 > > 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 > > 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 > > > > Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) > > pkts bytes target prot opt in out source > > destination > > 0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0 > > 0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with > > icmp-port-unreachable 0 0 REJECT all -- virbr0 * 0.0.0.0/0 > > 0.0.0.0/0 reject-with icmp-port-unreachable > > > > Chain OUTPUT (policy ACCEPT 1547 packets, 356K bytes) > > pkts bytes target prot opt in out source > > destination > > 0 0 ACCEPT udp -- * virbr0 0.0.0.0/0 0.0.0.0/0 udp dpt:68 > > [root@localhost ~]# > > > > I failed to find anything that adds these rules. Is it hardcoded? If > > not, how do I disable them without writing a script to flush > > iptables? > > Hi, > > i guess rules are created upon firewalld configuration. > > > not, how do I disable them without writing a script to flush > > iptables? > may be just disable firewalld service. > > -- > Best regards, > > Konstantin Khorenko, > Virtuozzo Linux Kernel Team > _______________________________________________ > Users mailing list > Users@openvz.org > https://lists.openvz.org/mailman/listinfo/users _______________________________________________ Users mailing list Users@openvz.org https://lists.openvz.org/mailman/listinfo/users