Comment # 16
on bug 1109302
from Thomas Blume
(In reply to Thomas Blume from comment #15)
> (In reply to Markos Chandras from comment #14)
> > Actually, what firewalld version are you using? in 0.6.2 there should be no
> > BROUTING table anymore and the other ebtables failure you are seeing should
> > also be fixed in that version.
>
> I've just used the one shipped with tumbleweed:
>
> https://download.opensuse.org/tumbleweed/repo/oss/noarch/firewalld-0.6.1-4.1.
> noarch.rpm
>
> I saw version 0.6.2 in obs.
> Will give it a try.
Unfortunately still the same behaviour with firewalld-0.6.2-1.1.
But now I get an output with ip6tables:
-->
> kvm133:~ # ip6tables -L -v
> Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
> pkts bytes target prot opt in out source destination
> 35 2760 ACCEPT all any any anywhere anywhere ctstate RELATED,ESTABLISHED
> 0 0 ACCEPT all lo any anywhere anywhere
> 0 0 INPUT_direct all any any anywhere anywhere
> 0 0 INPUT_ZONES_SOURCE all any any anywhere anywhere
> 0 0 INPUT_ZONES all any any anywhere anywhere
> 0 0 LOG all any any anywhere anywhere ctstate INVALID LOG level warning prefix "STATE_INVALID_DROP: "
> 0 0 DROP all any any anywhere anywhere ctstate INVALID
> 0 0 LOG all any any anywhere anywhere LOG level warning prefix "FINAL_REJECT: "
> 0 0 REJECT all any any anywhere anywhere reject-with icmp6-adm-prohibited
>
> Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
> pkts bytes target prot opt in out source destination
> 0 0 ACCEPT all any any anywhere anywhere ctstate RELATED,ESTABLISHED
> 0 0 ACCEPT all lo any anywhere anywhere
> 0 0 FORWARD_direct all any any anywhere anywhere
> 0 0 FORWARD_IN_ZONES_SOURCE all any any anywhere anywhere
> 0 0 FORWARD_IN_ZONES all any any anywhere anywhere
> 0 0 FORWARD_OUT_ZONES_SOURCE all any any anywhere anywhere
> 0 0 FORWARD_OUT_ZONES all any any anywhere anywhere
> 0 0 LOG all any any anywhere anywhere ctstate INVALID LOG level warning prefix "STATE_INVALID_DROP: "
> 0 0 DROP all any any anywhere anywhere ctstate INVALID
> 0 0 LOG all any any anywhere anywhere LOG level warning prefix "FINAL_REJECT: "
> 0 0 REJECT all any any anywhere anywhere reject-with icmp6-adm-prohibited
>
> Chain OUTPUT (policy ACCEPT 7 packets, 792 bytes)
> pkts bytes target prot opt in out source destination
> 45 77496 OUTPUT_direct all any any anywhere anywhere
>
> Chain FORWARD_IN_ZONES (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 FWDI_public all ibft1 any anywhere anywhere [goto]
> 0 0 FWDI_public all ibft0 any anywhere anywhere [goto]
> 0 0 FWDI_public all + any anywhere anywhere [goto]
>
> Chain FORWARD_IN_ZONES_SOURCE (1 references)
> pkts bytes target prot opt in out source destination
>
> Chain FORWARD_OUT_ZONES (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 FWDO_public all any ibft1 anywhere anywhere [goto]
> 0 0 FWDO_public all any ibft0 anywhere anywhere [goto]
> 0 0 FWDO_public all any + anywhere anywhere [goto]
>
> Chain FORWARD_OUT_ZONES_SOURCE (1 references)
> pkts bytes target prot opt in out source destination
>
> Chain FORWARD_direct (1 references)
> pkts bytes target prot opt in out source destination
>
> Chain FWDI_public (3 references)
> pkts bytes target prot opt in out source destination
> 0 0 FWDI_public_log all any any anywhere anywhere
> 0 0 FWDI_public_deny all any any anywhere anywhere
> 0 0 FWDI_public_allow all any any anywhere anywhere
> 0 0 ACCEPT ipv6-icmp any any anywhere anywhere
>
> Chain FWDI_public_allow (1 references)
> pkts bytes target prot opt in out source destination
>
> Chain FWDI_public_deny (1 references)
> pkts bytes target prot opt in out source destination
>
> Chain FWDI_public_log (1 references)
> pkts bytes target prot opt in out source destination
>
> Chain FWDO_public (3 references)
> pkts bytes target prot opt in out source destination
> 0 0 FWDO_public_log all any any anywhere anywhere
> 0 0 FWDO_public_deny all any any anywhere anywhere
> 0 0 FWDO_public_allow all any any anywhere anywhere
>
> Chain FWDO_public_allow (1 references)
> pkts bytes target prot opt in out source destination
>
> Chain FWDO_public_deny (1 references)
> pkts bytes target prot opt in out source destination
>
> Chain FWDO_public_log (1 references)
> pkts bytes target prot opt in out source destination
>
> Chain INPUT_ZONES (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 IN_public all ibft1 any anywhere anywhere [goto]
> 0 0 IN_public all ibft0 any anywhere anywhere [goto]
> 0 0 IN_public all + any anywhere anywhere [goto]
>
> Chain INPUT_ZONES_SOURCE (1 references)
> pkts bytes target prot opt in out source destination
>
> Chain INPUT_direct (1 references)
> pkts bytes target prot opt in out source destination
>
> Chain IN_public (3 references)
> pkts bytes target prot opt in out source destination
> 0 0 IN_public_log all any any anywhere anywhere
> 0 0 IN_public_deny all any any anywhere anywhere
> 0 0 IN_public_allow all any any anywhere anywhere
> 0 0 ACCEPT ipv6-icmp any any anywhere anywhere
>
> Chain IN_public_allow (1 references)
> pkts bytes target prot opt in out source destination
> 0 0 ACCEPT tcp any any anywhere anywhere tcp dpt:ssh ctstate NEW,UNTRACKED
> 0 0 ACCEPT udp any any anywhere fe80::/64 udp dpt:dhcpv6-client ctstate NEW,UNTRACKED
> 0 0 ACCEPT tcp any any anywhere anywhere tcp dpt:iscsi-target ctstate NEW,UNTRACKED
> 0 0 ACCEPT udp any any anywhere anywhere udp dpt:iscsi-target ctstate NEW,UNTRACKED
>
> Chain IN_public_deny (1 references)
> pkts bytes target prot opt in out source destination
>
> Chain IN_public_log (1 references)
> pkts bytes target prot opt in out source destination
>
> Chain OUTPUT_direct (1 references)
> pkts bytes target prot opt in out source destination
--<