search for: forward_direct

...u can still use a direct rule for it. I think it should be something like this to test: firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i tun+ -j ACCEPT Manual page and some examples with man firewalld.direct The "iptables like" rule will be added into the pre-built chain named FORWARD_direct The 0 above means it is put at top of FORWARD_direct chain. In your example appears "3" and it is not clear what are lines 1 and 2. With iptables -L command you will see: # iptables -v -L FORWARD_direct Chain FORWARD_direct (1 references) pkts bytes target prot opt in out so...

...rule... but when I try firewall-cmd --reload, it tells me error, that FORWARD is a built-in. Now, today, what I've been looking at is to run iptables-save, and what I see is this (in part): -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i lo -j ACCEPT -A FORWARD -j FORWARD_direct -A FORWARD -j FORWARD_IN_ZONES_SOURCE -A FORWARD -j FORWARD_IN_ZONES -A FORWARD -j FORWARD_OUT_ZONES_SOURCE -A FORWARD -j FORWARD_OUT_ZONES -A FORWARD -m conntrack --ctstate INVALID -j DROP -A FORWARD -j REJECT --reject-with icmp-host-prohibited Does this mean that, instead of the format of the en...

...on the 4/24 network- and it hands out addresses in the 8/24 network. So I would like libvirt to also create the following rules in iptables: -A FORWARD -d 192.168.8.0/24 -o virbr2 -j ACCEPT -A FORWARD -s 192.168.8.0/24 -i virbr2 -j ACCEPT I've tried creating direct rules in firewalld for the FORWARD_direct chain. Firewalld happily creates those rules, but they are never reached, because they fall AFTER the libvirt rules. I've also tried creating an IP address on the virbr2 interface in the 8/24 network, but that doesn't work either. How can I get this done? Thanks!! -JK

Hi I would like to add rules into the iptables of the Hosted Engine VM in Ovirt. the version is oVirt Engine Version: 4.1.1.8-1.el7.centos I have tried using the normal process for iptables (iptables-save etc), but it seems that the file /etc/sysconfig/iptables this is ignored in the Ovirt Engine VM. How can I add permanent rules into the Engine VM? Kind regards Andrew

...hain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 FORWARD_direct all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FORWARD_IN_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FORWARD_IN_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FORWARD_OUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0...

Hello Julien, Am Tue, 15 Jan 2019 09:30:23 +0100 schrieb Julien dupont <marcelvierzon at gmail.com>: > In that case I see: > IP 172.16.0.3 > 192.168.1.1: ICMP echo request, id2135, seq1, length 64 > IP 172.16.0.3 > 192.168.1.1: ICMP echo request, id2135, seq2, length 64 > IP 172.16.0.3 > 192.168.1.1: ICMP echo request, id2135, seq3, length 64 > > Packet goes

...dresses > in > the 8/24 network. So I would like libvirt to also create the > following rules in iptables: > > -A FORWARD -d 192.168.8.0/24 -o virbr2 -j ACCEPT > -A FORWARD -s 192.168.8.0/24 -i virbr2 -j ACCEPT > > I've tried creating direct rules in firewalld for the FORWARD_direct > chain. Firewalld happily creates those rules, but they are never > reached, because they fall AFTER the libvirt rules. I've also tried > creating an IP address on the virbr2 interface in the 8/24 network, > but that doesn't work either. How can I get this done? > > T...

...le 0 0 REJECT all -- virbr1 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 0 0 FORWARD_direct all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FORWARD_IN_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FORWARD_IN_ZONES all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 FORWARD_OUT_ZONES_SOURCE all -- * * 0.0.0.0/0 0.0.0.0/0...

...all -- virbr1 * 0.0.0.0/0 >0.0.0.0/0 reject-with icmp-port-unreachable > 0 0 ACCEPT all -- * * 0.0.0.0/0 >0.0.0.0/0 ctstate RELATED,ESTABLISHED > 0 0 ACCEPT all -- lo * 0.0.0.0/0 >0.0.0.0/0 > 0 0 FORWARD_direct all -- * * 0.0.0.0/0 >0.0.0.0/0 > 0 0 FORWARD_IN_ZONES_SOURCE all -- * * 0.0.0.0/0 > 0.0.0.0/0 > 0 0 FORWARD_IN_ZONES all -- * * 0.0.0.0/0 >0.0.0.0/0 > 0 0 FORWARD_OUT_ZONES_SOURCE all -- * * 0.0.0....