While libvirtd is running, Firewalld reports ERROR messages during firewalld service restart

Solution Verified - Updated -

Issue

Why firewalld error messages reported during firewalld restart when libvirtd is running?


Oct 22 10:50:57 rhel71 kernel: ip_tables: (C) 2000-2006 Netfilter Core Team
Oct 22 10:50:57 rhel71 kernel: nf_conntrack version 0.5.0 (7940 buckets, 31760 max)
Oct 22 10:50:57 rhel71 kernel: ip6_tables: (C) 2000-2006 Netfilter Core Team
Oct 22 10:50:57 rhel71 kernel: Ebtables v2.0 registered
Oct 22 10:50:57 rhel71 systemd: Started firewalld - dynamic firewall daemon.
Oct 22 10:50:58 rhel71 firewalld: 2015-10-22 10:50:58 ERROR: COMMAND_FAILED: '/sbin/iptables --table mangle --delete POSTROUTING --out-interface virbr0 --protocol udp --destination-port 68 --jump CHECKSUM --checksum-fill' failed: iptables: No chain/target/match by that name.
Oct 22 10:50:58 rhel71 firewalld: 2015-10-22 10:50:58 ERROR: COMMAND_FAILED: '/sbin/iptables --table nat --delete POSTROUTING --source 192.168.122.0/24 --destination 224.0.0.0/24 --jump RETURN' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Oct 22 10:50:58 rhel71 firewalld: 2015-10-22 10:50:58 ERROR: COMMAND_FAILED: '/sbin/iptables --table nat --delete POSTROUTING --source 192.168.122.0/24 --destination 255.255.255.255/32 --jump RETURN' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Oct 22 10:50:58 rhel71 firewalld: 2015-10-22 10:50:58 ERROR: COMMAND_FAILED: '/sbin/iptables --table nat --delete POSTROUTING --source 192.168.122.0/24 -p tcp ! --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535' failed: iptables: No chain/target/match by that name.
Oct 22 10:50:58 rhel71 firewalld: 2015-10-22 10:50:58 ERROR: COMMAND_FAILED: '/sbin/iptables --table nat --delete POSTROUTING --source 192.168.122.0/24 -p udp ! --destination 192.168.122.0/24 --jump MASQUERADE --to-ports 1024-65535' failed: iptables: No chain/target/match by that name.
Oct 22 10:50:58 rhel71 firewalld: 2015-10-22 10:50:58 ERROR: COMMAND_FAILED: '/sbin/iptables --table nat --delete POSTROUTING --source 192.168.122.0/24 ! --destination 192.168.122.0/24 --jump MASQUERADE' failed: iptables: No chain/target/match by that name.
Oct 22 10:50:58 rhel71 firewalld: 2015-10-22 10:50:58 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete FORWARD --destination 192.168.122.0/24 --out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Oct 22 10:50:58 rhel71 firewalld: 2015-10-22 10:50:58 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete FORWARD --source 192.168.122.0/24 --in-interface virbr0 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Oct 22 10:50:58 rhel71 firewalld: 2015-10-22 10:50:58 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete FORWARD --in-interface virbr0 --out-interface virbr0 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Oct 22 10:50:58 rhel71 firewalld: 2015-10-22 10:50:58 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete FORWARD --out-interface virbr0 --jump REJECT' failed: iptables: No chain/target/match by that name.
Oct 22 10:50:58 rhel71 firewalld: 2015-10-22 10:50:58 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete FORWARD --in-interface virbr0 --jump REJECT' failed: iptables: No chain/target/match by that name.
Oct 22 10:50:58 rhel71 firewalld: 2015-10-22 10:50:58 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete INPUT --in-interface virbr0 --protocol udp --destination-port 53 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Oct 22 10:50:58 rhel71 firewalld: 2015-10-22 10:50:58 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete INPUT --in-interface virbr0 --protocol tcp --destination-port 53 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Oct 22 10:50:58 rhel71 firewalld: 2015-10-22 10:50:58 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete OUTPUT --out-interface virbr0 --protocol udp --destination-port 68 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Oct 22 10:50:58 rhel71 firewalld: 2015-10-22 10:50:58 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete INPUT --in-interface virbr0 --protocol udp --destination-port 67 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Oct 22 10:50:58 rhel71 firewalld: 2015-10-22 10:50:58 ERROR: COMMAND_FAILED: '/sbin/iptables --table filter --delete INPUT --in-interface virbr0 --protocol tcp --destination-port 67 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).

Environment

  • Red Hat Enterprise Linux 7 (RHEL 7).
  • firewalld-0.3.9-11.el7.noarch
  • libvirt-1.2.8-16.el7.x86_64

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.