1. Contracting
    1. General
      1. Brexit
    2. Business / Contracts
      1. Coronavirus Assistance
    3. Accounting / Legal
      1. Umbrella Companies
      2. HMRC Scheme Enquiries
      3. The Future of Contracting
      4. IR35 Reform
    4. Technical
    5. Welcome / FAQs
  2. Social
    1. Light Relief
    2. Social / Events
  • Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Even more IP Tables Lunacy

Collapse
X
21 to 30 of 41 Previous 1 2 3 4 5 template Next
Collapse
Reply to Thread
  •  
  • Filter
  • Time
  • Show
Clear All
new posts
21 to 30 of 41 Previous 1 2 3 4 5 template Next
    #21
    What's the output of *
    Last edited by administrator; 5 March 2015, 13:01. Reason: naughty!

    Comment

      #22
      Originally posted by stek View Post
      What's the output of *
      Somebody might be daft enough to try that one

      Comment

        #23
        Originally posted by administrator View Post
        Somebody might be daft enough to try that one
        If you hadn't posted that I might have tried

        Edit : Just seen your edit of his post.
        Knock first as I might be balancing my chakras.

        Comment

          #24
          Have you modified the libvirt filters as you may need to do this, the defaults that come with it might be blocking it: https://libvirt.org/formatnwfilter.html
          Brexit is having a wee in the middle of the room at a house party because nobody is talking to you, and then complaining about the smell.

          Comment

            #25
            CentOS7? What's the output of 'systemctl status firewalld' ?

            EDIT: also try

            firewall-cmd --state && echo "Running" || echo "Not running"

            ?

            Not-so-ninja-edit: yikes, what's with the tags?
            Last edited by Mattski; 5 March 2015, 14:37.

            Comment

              #26
              Originally posted by Mattski View Post
              CentOS7? What's the output of 'systemctl status firewalld' ?

              EDIT: also try

              firewall-cmd --state && echo "Running" || echo "Not running"

              ?

              Not-so-ninja-edit: yikes, what's with the tags?
              systemctl status firewalld - l

              firewalld.service - firewalld - dynamic firewall daemon
              Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
              Active: active (running) since Thu 2015-03-05 09:14:04 GMT; 5h 26min ago
              Main PID: 12357 (firewalld)
              CGroup: /system.slice/firewalld.service
              \u2514\u250012357 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

              Mar 05 09:14:05 maidmentjudd.com firewalld[12357]: 2015-03-05 09:14:05 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete FORWARD --destination 10.0.0.0/24 --in-interface em2 --out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
              Mar 05 09:14:05 maidmentjudd.com firewalld[12357]: 2015-03-05 09:14:05 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete FORWARD --source 10.0.0.0/24 --in-interface virbr0 --out-interface em2 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
              Mar 05 09:14:05 maidmentjudd.com firewalld[12357]: 2015-03-05 09:14:05 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete FORWARD --in-interface virbr0 --out-interface virbr0 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
              Mar 05 09:14:05 maidmentjudd.com firewalld[12357]: 2015-03-05 09:14:05 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete FORWARD --out-interface virbr0 --jump REJECT' failed: iptables: No chain/target/match by that name.
              Mar 05 09:14:05 maidmentjudd.com firewalld[12357]: 2015-03-05 09:14:05 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete FORWARD --in-interface virbr0 --jump REJECT' failed: iptables: No chain/target/match by that name.
              Mar 05 09:14:05 maidmentjudd.com firewalld[12357]: 2015-03-05 09:14:05 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete INPUT --in-interface virbr0 --protocol udp --destination-port 53 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
              Mar 05 09:14:06 maidmentjudd.com firewalld[12357]: 2015-03-05 09:14:06 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete INPUT --in-interface virbr0 --protocol tcp --destination-port 53 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
              Mar 05 09:14:06 maidmentjudd.com firewalld[12357]: 2015-03-05 09:14:06 ERROR: COMMAND_FAILED: '/sbin/iptables --table mangle --delete POSTROUTING --out-interface virbr0 --protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill' failed: iptables: No chain/target/match by that name.
              Mar 05 09:14:06 maidmentjudd.com firewalld[12357]: 2015-03-05 09:14:06 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete INPUT --in-interface virbr0 --protocol udp --destination-port 67 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
              Mar 05 09:14:06 maidmentjudd.com firewalld[12357]: 2015-03-05 09:14:06 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete INPUT --in-interface virbr0 --protocol tcp --destination-port 67 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
              Which I think are the rules I added earlier that I mentioned didn't work. Let me just flush ipTables and reload from scratch.
              Knock first as I might be balancing my chakras.

              Comment

                #27
                That might be it - RHEL7+ uses firewalld by default, not iptables. Give these a try and report back:

                firewall-cmd --get-zones

                firewall-cmd --get-active-zones

                Comment

                  #28
                  systemctl status firewalld

                  firewalld.service - firewalld - dynamic firewall daemon
                  Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
                  Active: active (running) since Thu 2015-03-05 14:44:52 GMT; 42s ago
                  Main PID: 44375 (firewalld)
                  CGroup: /system.slice/firewalld.service
                  \u2514\u250044375 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

                  Mar 05 14:44:53 maidmentjudd.com firewalld[44375]: 2015-03-05 14:44:53 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete FORWARD --destination 10.0.0.0/24 --in-interface em2 --out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
                  Mar 05 14:44:53 maidmentjudd.com firewalld[44375]: 2015-03-05 14:44:53 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete FORWARD --source 10.0.0.0/24 --in-interface virbr0 --out-interface em2 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
                  Mar 05 14:44:53 maidmentjudd.com firewalld[44375]: 2015-03-05 14:44:53 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete FORWARD --in-interface virbr0 --out-interface virbr0 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
                  Mar 05 14:44:54 maidmentjudd.com firewalld[44375]: 2015-03-05 14:44:54 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete FORWARD --out-interface virbr0 --jump REJECT' failed: iptables: No chain/target/match by that name.
                  Mar 05 14:44:54 maidmentjudd.com firewalld[44375]: 2015-03-05 14:44:54 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete FORWARD --in-interface virbr0 --jump REJECT' failed: iptables: No chain/target/match by that name.
                  Mar 05 14:44:54 maidmentjudd.com firewalld[44375]: 2015-03-05 14:44:54 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete INPUT --in-interface virbr0 --protocol udp --destination-port 53 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
                  Mar 05 14:44:54 maidmentjudd.com firewalld[44375]: 2015-03-05 14:44:54 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete INPUT --in-interface virbr0 --protocol tcp --destination-port 53 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
                  Mar 05 14:44:54 maidmentjudd.com firewalld[44375]: 2015-03-05 14:44:54 ERROR: COMMAND_FAILED: '/sbin/iptables --table mangle --delete POSTROUTING --out-interface virbr0 --protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill' failed: iptables: No chain/target/match by that name.
                  Mar 05 14:44:55 maidmentjudd.com firewalld[44375]: 2015-03-05 14:44:55 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete INPUT --in-interface virbr0 --protocol udp --destination-port 67 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
                  Mar 05 14:44:55 maidmentjudd.com firewalld[44375]: 2015-03-05 14:44:55 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete INPUT --in-interface virbr0 --protocol tcp --destination-port 67 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
                  Knock first as I might be balancing my chakras.

                  Comment

                    #29
                    Originally posted by Mattski View Post
                    That might be it - RHEL7+ uses firewalld by default, not iptables. Give these a try and report back:

                    firewall-cmd --get-zones

                    firewall-cmd --get-active-zones
                    The only problem with that statement is that KVM uses Libvirt, which loads rules into IPTables.
                    Knock first as I might be balancing my chakras.

                    Comment

                      #30
                      Originally posted by Mattski View Post
                      That might be it - RHEL7+ uses firewalld by default, not iptables. Give these a try and report back:

                      firewall-cmd --get-zones

                      firewall-cmd --get-active-zones
                      firewall-cmd --get-zones

                      block dmz drop external home internal public trusted work
                      firewall-cmd --get-active-zones

                      Knock first as I might be balancing my chakras.

                      Comment

                      Reply to Thread
                      21 to 30 of 41 Previous 1 2 3 4 5 template Next

                      Advertisers

                      1. Contracting
                        1. General
                          1. Brexit
                        2. Business / Contracts
                          1. Coronavirus Assistance
                        3. Accounting / Legal
                          1. Umbrella Companies
                          2. HMRC Scheme Enquiries
                          3. The Future of Contracting
                          4. IR35 Reform
                        4. Technical
                        5. Welcome / FAQs
                      2. Social
                        1. Light Relief
                        2. Social / Events
                      Working...
                      X