-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, I'm sorry to report this, but network should start or stop regardless iptables status. virsh # net-start default error: Failed to start network default error: internal error '/usr/sbin/iptables --table filter --delete INPUT - --in-interface virbr0 --protocol udp --destination-port 69 --jump ACCEPT' exited with non-zero status 1 and signal 0: iptables: Bad rule (does a matching rule exist in that chain?). Ok, so I'm going to create this rule to make you happy. virsh # net-start default error: Failed to start network default error: internal error '/usr/sbin/iptables --table mangle --delete POSTROUTING --out-interface virbr0 --protocol udp --destination-port 68 - --jump CHECKSUM --checksum-fill' exited with non-zero status 2 and signal 0: iptables v1.4.7: unknown option `--checksum-fill' Try `iptables -h' or 'iptables --help' for more information. And Oops, because I don't have CHECKSUM support. And to note, it's not even in kernel. Rely on such features is unfriendly and bellow belt :) Once again, I'm locked by hard-coded features :( That's why I "fight" against these. btw it's strange to me that libvirt is deleting rules that shouldn't be present since I want to start network, not to stop it. Let's dump all nwfilters and hope for miracle...and nothing. Same errors, although nwfilter rules are gone. What the ...? :| libvirt-0.8.4 Regards, Zdenek - -- Zdenek Styblik Net/Linux admin OS TurnovFree.net email: stybla@xxxxxxxxxxxxxx jabber: stybla@xxxxxxxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkyrezwACgkQ8MreUbSH7ikbpQCdEDtbwG+PV6u0yvUZYzXlQas9 ohEAoIyy/HPZwtWlaOAgtx6jnOEFashR =u7st -----END PGP SIGNATURE----- -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list