(In reply to Thomas Blume from comment #15) > (In reply to Markos Chandras from comment #14) > > Actually, what firewalld version are you using? in 0.6.2 there should be no > > BROUTING table anymore and the other ebtables failure you are seeing should > > also be fixed in that version. > > I've just used the one shipped with tumbleweed: > > https://download.opensuse.org/tumbleweed/repo/oss/noarch/firewalld-0.6.1-4.1. > noarch.rpm > > I saw version 0.6.2 in obs. > Will give it a try. Unfortunately still the same behaviour with firewalld-0.6.2-1.1. But now I get an output with ip6tables: --> > kvm133:~ # ip6tables -L -v > Chain INPUT (policy ACCEPT 0 packets, 0 bytes) > pkts bytes target prot opt in out source destination > 35 2760 ACCEPT all any any anywhere anywhere ctstate RELATED,ESTABLISHED > 0 0 ACCEPT all lo any anywhere anywhere > 0 0 INPUT_direct all any any anywhere anywhere > 0 0 INPUT_ZONES_SOURCE all any any anywhere anywhere > 0 0 INPUT_ZONES all any any anywhere anywhere > 0 0 LOG all any any anywhere anywhere ctstate INVALID LOG level warning prefix "STATE_INVALID_DROP: " > 0 0 DROP all any any anywhere anywhere ctstate INVALID > 0 0 LOG all any any anywhere anywhere LOG level warning prefix "FINAL_REJECT: " > 0 0 REJECT all any any anywhere anywhere reject-with icmp6-adm-prohibited > > Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) > pkts bytes target prot opt in out source destination > 0 0 ACCEPT all any any anywhere anywhere ctstate RELATED,ESTABLISHED > 0 0 ACCEPT all lo any anywhere anywhere > 0 0 FORWARD_direct all any any anywhere anywhere > 0 0 FORWARD_IN_ZONES_SOURCE all any any anywhere anywhere > 0 0 FORWARD_IN_ZONES all any any anywhere anywhere > 0 0 FORWARD_OUT_ZONES_SOURCE all any any anywhere anywhere > 0 0 FORWARD_OUT_ZONES all any any anywhere anywhere > 0 0 LOG all any any anywhere anywhere ctstate INVALID LOG level warning prefix "STATE_INVALID_DROP: " > 0 0 DROP all any any anywhere anywhere ctstate INVALID > 0 0 LOG all any any anywhere anywhere LOG level warning prefix "FINAL_REJECT: " > 0 0 REJECT all any any anywhere anywhere reject-with icmp6-adm-prohibited > > Chain OUTPUT (policy ACCEPT 7 packets, 792 bytes) > pkts bytes target prot opt in out source destination > 45 77496 OUTPUT_direct all any any anywhere anywhere > > Chain FORWARD_IN_ZONES (1 references) > pkts bytes target prot opt in out source destination > 0 0 FWDI_public all ibft1 any anywhere anywhere [goto] > 0 0 FWDI_public all ibft0 any anywhere anywhere [goto] > 0 0 FWDI_public all + any anywhere anywhere [goto] > > Chain FORWARD_IN_ZONES_SOURCE (1 references) > pkts bytes target prot opt in out source destination > > Chain FORWARD_OUT_ZONES (1 references) > pkts bytes target prot opt in out source destination > 0 0 FWDO_public all any ibft1 anywhere anywhere [goto] > 0 0 FWDO_public all any ibft0 anywhere anywhere [goto] > 0 0 FWDO_public all any + anywhere anywhere [goto] > > Chain FORWARD_OUT_ZONES_SOURCE (1 references) > pkts bytes target prot opt in out source destination > > Chain FORWARD_direct (1 references) > pkts bytes target prot opt in out source destination > > Chain FWDI_public (3 references) > pkts bytes target prot opt in out source destination > 0 0 FWDI_public_log all any any anywhere anywhere > 0 0 FWDI_public_deny all any any anywhere anywhere > 0 0 FWDI_public_allow all any any anywhere anywhere > 0 0 ACCEPT ipv6-icmp any any anywhere anywhere > > Chain FWDI_public_allow (1 references) > pkts bytes target prot opt in out source destination > > Chain FWDI_public_deny (1 references) > pkts bytes target prot opt in out source destination > > Chain FWDI_public_log (1 references) > pkts bytes target prot opt in out source destination > > Chain FWDO_public (3 references) > pkts bytes target prot opt in out source destination > 0 0 FWDO_public_log all any any anywhere anywhere > 0 0 FWDO_public_deny all any any anywhere anywhere > 0 0 FWDO_public_allow all any any anywhere anywhere > > Chain FWDO_public_allow (1 references) > pkts bytes target prot opt in out source destination > > Chain FWDO_public_deny (1 references) > pkts bytes target prot opt in out source destination > > Chain FWDO_public_log (1 references) > pkts bytes target prot opt in out source destination > > Chain INPUT_ZONES (1 references) > pkts bytes target prot opt in out source destination > 0 0 IN_public all ibft1 any anywhere anywhere [goto] > 0 0 IN_public all ibft0 any anywhere anywhere [goto] > 0 0 IN_public all + any anywhere anywhere [goto] > > Chain INPUT_ZONES_SOURCE (1 references) > pkts bytes target prot opt in out source destination > > Chain INPUT_direct (1 references) > pkts bytes target prot opt in out source destination > > Chain IN_public (3 references) > pkts bytes target prot opt in out source destination > 0 0 IN_public_log all any any anywhere anywhere > 0 0 IN_public_deny all any any anywhere anywhere > 0 0 IN_public_allow all any any anywhere anywhere > 0 0 ACCEPT ipv6-icmp any any anywhere anywhere > > Chain IN_public_allow (1 references) > pkts bytes target prot opt in out source destination > 0 0 ACCEPT tcp any any anywhere anywhere tcp dpt:ssh ctstate NEW,UNTRACKED > 0 0 ACCEPT udp any any anywhere fe80::/64 udp dpt:dhcpv6-client ctstate NEW,UNTRACKED > 0 0 ACCEPT tcp any any anywhere anywhere tcp dpt:iscsi-target ctstate NEW,UNTRACKED > 0 0 ACCEPT udp any any anywhere anywhere udp dpt:iscsi-target ctstate NEW,UNTRACKED > > Chain IN_public_deny (1 references) > pkts bytes target prot opt in out source destination > > Chain IN_public_log (1 references) > pkts bytes target prot opt in out source destination > > Chain OUTPUT_direct (1 references) > pkts bytes target prot opt in out source destination --<