On Sun, Mar 01, 2015 at 06:26:45PM +0000, lejeczek wrote: > hi everybody > I have a simple network: > > <network> > <name>default</name> > <uuid>1e71fa47-4893-4435-8b60-575d2b51c231</uuid> > <forward mode='nat'> > <nat> > <port start='1024' end='65535'/> > </nat> > </forward> > <bridge name='virbr0' stp='on' delay='0' /> > <mac address='52:54:00:58:47:4b'/> > <ip address='192.168.4.1' netmask='255.255.255.0'> > <dhcp> > <range start='192.168.4.2' end='192.168.4.254' /> > </dhcp> > </ip> > </network > > and I wonder what might be wrong, I get many errors in firewalld when I > restart libvirtd > > Main PID: 13194 (firewalld) > CGroup: /system.slice/firewalld.service > └─13194 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid > > 2015-03-01 17:12:46 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter > --delete FORWARD --out-interface virbr0 --jump REJECT' failed: iptables: No > chain/target/match by that name. > 2015-03-01 17:12:46 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter > --delete FORWARD --in-interface virbr0 --jump REJECT' failed: iptables: No > chain/target/match by that name. > 2015-03-01 17:12:47 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter > --delete INPUT --in-interface virbr0 --protocol udp --destination-port 53 > --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in > that chain?). > 2015-03-01 17:12:47 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter > --delete INPUT --in-interface virbr0 --protocol tcp --destination-port 53 > --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in > that chain?). > 2015-03-01 17:12:47 ERROR: COMMAND_FAILED: '/sbin/iptables --table mangle > --delete POSTROUTING --out-interface virbr0 --protocol udp > --destination-port 68 --jump CHECKSUM --checksum-fill' failed: iptables: No > chain/target/match by that name. > 2015-03-01 17:12:48 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter > --delete INPUT --in-interface virbr0 --protocol udp --destination-port 67 > --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in > that chain?). > 2015-03-01 17:12:48 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter > --delete INPUT --in-interface virbr0 --protocol tcp --destination-port 67 > --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in > that chain?). > 2015-03-01 17:36:03 ERROR: NOT_ENABLED > 2015-03-01 17:36:04 ERROR: NOT_ENABLED > 2015-03-01 18:19:35 ERROR: NOT_ENABLED Ignore these, these are not errors. Firewallds design makes it impossible for it to distinguish real errors from failures that the caller expects to happen. Libvirt is running these commands to ensure the rules in question do not exist, and it expects them to give errors most of the time. There is no way for libvirt to stop these errors getting into firewallds logs. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| _______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
