Aren Tahmasian asked:
iptables -L -v -n does not match
Specifically, I’m looking for the forwarding rules I have in place for two virtual machines. They can be clearly seen with iptables.
[[email protected] ~]# iptables -S -v | grep 192.168 -A FORWARD -d 192.168.122.0/24 -i br0 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -c 160 12160 -j ACCEPT -A FORWARD -s 192.168.122.0/24 -i virbr0 -o br0 -c 160 12160 -j ACCEPT -A FORWARD -d 192.168.100.0/24 -i br0 -o virbr1 -m conntrack --ctstate RELATED,ESTABLISHED -c 110 8360 -j ACCEPT -A FORWARD -s 192.168.100.0/24 -i virbr1 -o br0 -c 110 8360 -j ACCEPT
I cannot find this same info with
[[email protected] ~]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: br0 sources: services: ftp dhcpv6-client http ssh ports: 5901/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
The other zones have even less info but I can display them if you wish to see.
I should be able to view these rules with
firewall-cmd, correct? Or am I wrong to believe this? Or am I simply using the wrong
firewall-cmd command? I’ve read through the manual for firewall-cmd and I can’t seem to find the correct command if it exists.
They look like firewall rules added by libvirt. These are not visible or manageable through firewalld.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.