[Users] default packet filtering rules on openvz7
Dmitry Konstantinov
barmaley at barmaley.net
Mon Mar 9 16:12:28 MSK 2020
Hello,
I've noticed that after a fresh install I have few filtering rules that
I do not need and would like to get rid of:
[root at localhost ~]# iptables -n -L -v
Chain INPUT (policy ACCEPT 2353 packets, 161K bytes) pkts bytes
target prot opt in out source destination
0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT all -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT 1547 packets, 356K bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT udp -- * virbr0 0.0.0.0/0 0.0.0.0/0 udp dpt:68
[root at localhost ~]#
I failed to find anything that adds these rules. Is it hardcoded? If
not, how do I disable them without writing a script to flush iptables?
Thank you.
More information about the Users
mailing list