RHEL 7 Iptables and Firewalld Problem for Virtulization Server

Linux / October 24, 2019 / By:

Firewalld  is a new  service on RHEL7 which you can use instead  of  iptables. Firewalld  has  a new  userland  interface and also has  a real time  firewall service that  you can  change  config without stopping current connections. There are so  many  benefits and new added  feature  that  we can talk about  but not at  this  post.

Problem: Even though you disabled  “iptables” and  “firewalld” service , still displays  some  iptables  rules after every reboot .

If you install a RHEL7  server  on  virtulization platform  you’ll get  on  interface  which named  “virbr0” .  This  insterface was created  with the service  “libvirtd”.  Libvirt  is  an  API that you can  use  it for managing  virtulization platforms and  interface by some  GUI  tools and  also CLI(virsh).The communication between  the  virtulization solutions  like  KVM, Xen, LXC and  the  libvirt API  is  managed  by Libvirtd service. When you start this service  it will attempt  to create some  firewall rules that you can check them “iptables”. So  our problem started at this point.

Step 1: Check  libvirtd Service 

# systemctl status libvirtd

● libvirtd.service - Virtualization daemon

Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; vendor preset: enabled)

Docs: man:libvirtd(8)

http://libvirt.org

Main PID: 991 (libvirtd)

CGroup: /system.slice/libvirtd.service

├─ 991 /usr/sbin/libvirtd

├─2011 /sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper

└─2014 /sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper

 

Step 2: Check  Interface virbr0

# virsh net-list

Name State Autostart Persistent

----------------------------------------------------------

default active yes yes



#ip a

 

Step 3: Destroy  Net config  libvirtd

#virsh net-destroy default#virsh net-undefine default

 

Step 4: Disable  Services

#systemctl stop libvirtd



#systemctl stop iptables



#systemctl stop firewalld



#systemctl disable libvirtd



#systemctl disable iptables



#systemctl disable firewalld

 

Step 5: Check  Iptables and  Net Interface and Restart Server

Tagged In:

I'm a IT Infrastructure and Operations Architect with extensive experience and administration skills and works for Turk Telekom. I provide hardware and software support for the IT Infrastructure and Operations tasks.

205 Total Posts
Follow Me