(In reply to Markos Chandras from comment #7) > Could you post the iptables and nftables rules from that system? Also what > is the default zone (firewall-cmd --get-default-zone). Wicked does not seem > to do anything disrupting. If ibft0/1 managed by a wicked ifcfg file? If > yes, what's the ZONE attribute in it? Here you go: --> kvm133:~ # iptables -L -n Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 INPUT_direct all -- 0.0.0.0/0 0.0.0.0/0 INPUT_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0 INPUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_direct all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_IN_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_IN_ZONES all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_OUT_ZONES_SOURCE all -- 0.0.0.0/0 0.0.0.0/0 FORWARD_OUT_ZONES all -- 0.0.0.0/0 0.0.0.0/0 DROP all -- 0.0.0.0/0 0.0.0.0/0 ctstate INVALID REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination OUTPUT_direct all -- 0.0.0.0/0 0.0.0.0/0 Chain FORWARD_IN_ZONES (1 references) target prot opt source destination FWDI_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] FWDI_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] FWDI_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] Chain FORWARD_IN_ZONES_SOURCE (1 references) target prot opt source destination Chain FORWARD_OUT_ZONES (1 references) target prot opt source destination FWDO_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] FWDO_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] FWDO_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] Chain FORWARD_OUT_ZONES_SOURCE (1 references) target prot opt source destination Chain FORWARD_direct (1 references) target prot opt source destination Chain FWDI_public (3 references) target prot opt source destination FWDI_public_log all -- 0.0.0.0/0 0.0.0.0/0 FWDI_public_deny all -- 0.0.0.0/0 0.0.0.0/0 FWDI_public_allow all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 Chain FWDI_public_allow (1 references) target prot opt source destination Chain FWDI_public_deny (1 references) target prot opt source destination Chain FWDI_public_log (1 references) target prot opt source destination Chain FWDO_public (3 references) target prot opt source destination FWDO_public_log all -- 0.0.0.0/0 0.0.0.0/0 FWDO_public_deny all -- 0.0.0.0/0 0.0.0.0/0 FWDO_public_allow all -- 0.0.0.0/0 0.0.0.0/0 Chain FWDO_public_allow (1 references) target prot opt source destination Chain FWDO_public_deny (1 references) target prot opt source destination Chain FWDO_public_log (1 references) target prot opt source destination Chain INPUT_ZONES (1 references) target prot opt source destination IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] IN_public all -- 0.0.0.0/0 0.0.0.0/0 [goto] Chain INPUT_ZONES_SOURCE (1 references) target prot opt source destination Chain INPUT_direct (1 references) target prot opt source destination Chain IN_public (3 references) target prot opt source destination IN_public_log all -- 0.0.0.0/0 0.0.0.0/0 IN_public_deny all -- 0.0.0.0/0 0.0.0.0/0 IN_public_allow all -- 0.0.0.0/0 0.0.0.0/0 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 Chain IN_public_allow (1 references) target prot opt source destination ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 ctstate NEW ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3260 ctstate NEW ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:3260 ctstate NEW Chain IN_public_deny (1 references) target prot opt source destination Chain IN_public_log (1 references) target prot opt source destination Chain OUTPUT_direct (1 references) target prot opt source destination --< --> kvm133:~ # nft list ruleset kvm133:~ # --< --> kvm133:~ # firewall-cmd --get-default-zone public --< My network devices are: --> kvm133:~ # ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 52:54:00:97:81:9e brd ff:ff:ff:ff:ff:ff inet 192.168.57.133/24 brd 192.168.57.255 scope global ens3 valid_lft forever preferred_lft forever inet6 fe80::5054:ff:fe97:819e/64 scope link valid_lft forever preferred_lft forever 3: ibft0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 52:54:00:be:37:42 brd ff:ff:ff:ff:ff:ff inet6 2620:113:80c0:8080:10:160:68:246/64 scope global dynamic valid_lft 10363sec preferred_lft 10363sec inet6 2620:113:80c0:8080:35a3:8667:afe0:652e/64 scope global temporary dynamic valid_lft 3234sec preferred_lft 1434sec inet6 2620:113:80c0:8080:5054:ff:febe:3742/64 scope global dynamic mngtmpaddr valid_lft 3234sec preferred_lft 1434sec inet6 fe80::5054:ff:febe:3742/64 scope link valid_lft forever preferred_lft forever 4: ibft1: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 52:54:00:dd:ca:2c brd ff:ff:ff:ff:ff:ff inet6 2620:113:80c0:8000:c::7ea/64 scope global dynamic valid_lft 13963sec preferred_lft 8563sec inet6 fe80::5054:ff:fedd:ca2c/64 scope link valid_lft forever preferred_lft forever --< There are no config files for the ibft devices: --> kvm133:~ # ls -l /etc/sysconfig/network/ insgesamt 60 drwxr-xr-x 1 root root 60 18. Sep 14:47 bck -rw-r--r-- 1 root root 9692 17. Sep 17:29 config -rw-r--r-- 1 root root 13381 17. Sep 17:29 dhcp -rw-r--r-- 1 root root 179 19. Sep 14:55 ifcfg-ens3 -rw------- 1 root root 147 17. Sep 17:29 ifcfg-lo -rw-r--r-- 1 root root 21738 9. Jun 08:26 ifcfg.template drwxr-xr-x 1 root root 40 17. Sep 17:27 if-down.d drwxr-xr-x 1 root root 40 17. Sep 17:27 if-up.d drwx------ 1 root root 0 25. Mai 22:22 providers drwxr-xr-x 1 root root 164 17. Sep 17:27 scripts --<