Re: [Libvir] Virtual network iptables rules

>> Chain INPUT (policy ACCEPT 76724 packets, 366M bytes) >> pkts bytes target prot opt in out source >> destination >> 0 0 ACCEPT udp -- vnet2 * 0.0.0.0/0 >> 0.0.0.0/0 udp dpt:53 >> 0 0 ACCEPT tcp -- vnet2 * 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:53 >> 0 0 ACCEPT udp -- vnet2 * 0.0.0.0/0 >> 0.0.0.0/0 udp dpt:67 >> 0 0 ACCEPT tcp -- vnet2 * 0.0.0.0/0 >> 0.0.0.0/0 tcp dpt:67 > So we have ACCEPT rules on a chain whose default policy is ACCEPT? Is > there a later catch-all REJECT rule which I'm not seeing? Basically assume the policy of the chain could be anything. I just happened to have it as ACCEPT, but the user may well have other rules added by the OS tools (eg system-config-securitylevel) which would otherwise block our traffic. So in coming up with the rules I tried to be as explicit as possible about what to ACCEPT/REJECT.