[Users] default packet filtering rules on openvz7
Konstantin Khorenko
khorenko at virtuozzo.com
Wed Mar 11 17:22:03 MSK 2020
On 03/09/2020 04:12 PM, Dmitry Konstantinov wrote:
> Hello,
>
> I've noticed that after a fresh install I have few filtering rules that
> I do not need and would like to get rid of:
>
>
> [root at localhost ~]# iptables -n -L -v
> Chain INPUT (policy ACCEPT 2353 packets, 161K bytes) pkts bytes
> target prot opt in out source destination
> 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
> 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
> 0 0 ACCEPT udp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
> 0 0 ACCEPT tcp -- virbr0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
>
> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
> pkts bytes target prot opt in out source
> destination
> 0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0
> 0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
> 0 0 REJECT all -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
>
> Chain OUTPUT (policy ACCEPT 1547 packets, 356K bytes)
> pkts bytes target prot opt in out source
> destination
> 0 0 ACCEPT udp -- * virbr0 0.0.0.0/0 0.0.0.0/0 udp dpt:68
> [root at localhost ~]#
>
> I failed to find anything that adds these rules. Is it hardcoded? If
> not, how do I disable them without writing a script to flush iptables?
Hi,
i guess rules are created upon firewalld configuration.
> not, how do I disable them without writing a script to flush iptables?
may be just disable firewalld service.
--
Best regards,
Konstantin Khorenko,
Virtuozzo Linux Kernel Team
More information about the Users
mailing list