On Sun, Mar 01, 2015 at 06:26:45PM +0000, lejeczek wrote:
hi everybody
I have a simple network:
<network>
<name>default</name>
<uuid>1e71fa47-4893-4435-8b60-575d2b51c231</uuid>
<forward mode='nat'>
<nat>
<port start='1024' end='65535'/>
</nat>
</forward>
<bridge name='virbr0' stp='on' delay='0' />
<mac address='52:54:00:58:47:4b'/>
<ip address='192.168.4.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.4.2' end='192.168.4.254' />
</dhcp>
</ip>
</network
and I wonder what might be wrong, I get many errors in firewalld when I
restart libvirtd
Main PID: 13194 (firewalld)
CGroup: /system.slice/firewalld.service
└─13194 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
2015-03-01 17:12:46 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter
--delete FORWARD --out-interface virbr0 --jump REJECT' failed: iptables: No
chain/target/match by that name.
2015-03-01 17:12:46 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter
--delete FORWARD --in-interface virbr0 --jump REJECT' failed: iptables: No
chain/target/match by that name.
2015-03-01 17:12:47 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter
--delete INPUT --in-interface virbr0 --protocol udp --destination-port 53
--jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in
that chain?).
2015-03-01 17:12:47 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter
--delete INPUT --in-interface virbr0 --protocol tcp --destination-port 53
--jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in
that chain?).
2015-03-01 17:12:47 ERROR: COMMAND_FAILED: '/sbin/iptables --table mangle
--delete POSTROUTING --out-interface virbr0 --protocol udp
--destination-port 68 --jump CHECKSUM --checksum-fill' failed: iptables: No
chain/target/match by that name.
2015-03-01 17:12:48 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter
--delete INPUT --in-interface virbr0 --protocol udp --destination-port 67
--jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in
that chain?).
2015-03-01 17:12:48 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter
--delete INPUT --in-interface virbr0 --protocol tcp --destination-port 67
--jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in
that chain?).
2015-03-01 17:36:03 ERROR: NOT_ENABLED
2015-03-01 17:36:04 ERROR: NOT_ENABLED
2015-03-01 18:19:35 ERROR: NOT_ENABLED
Ignore these, these are not errors. Firewallds design makes it impossible
for it to distinguish real errors from failures that the caller expects
to happen. Libvirt is running these commands to ensure the rules in
question do not exist, and it expects them to give errors most of the
time. There is no way for libvirt to stop these errors getting into
firewallds logs.
Regards,
Daniel
--
|:
http://berrange.com -o-
http://www.flickr.com/photos/dberrange/ :|
|:
http://libvirt.org -o-
http://virt-manager.org :|
|:
http://autobuild.org -o-
http://search.cpan.org/~danberr/ :|
|:
http://entangle-photo.org -o-
http://live.gnome.org/gtk-vnc :|