CentO 8 And Nftables Default Policy
Hi list,
I’m studying nftables. I’m using CentOS 8.1 (Gnome) and I disabled firewalld. I noticed that a default policy is created with tables and chains probably for firewalld.
So I created a .nft script where I stored my rules with a flush for previous ruleset, then saved on /etc/sysconfig/nftables.conf and the enabled nftables service.
Running the script with nft -f script.nft all work as expected but when rebooting, running nft list ruleset I find my rules and the default policy (chains and tables) that I would not have in my configuration.
My nftables.conf contains only my ruleset.
For example, running nft list tables I found several default tables like:
table ip filter table ip6 filter table bridge filter table ip nat table ip mangle
So probably there is something that is applying its policy but I ignore what is.
Can someone point me in the right direction?
Thank you in advance.
3 thoughts on - CentO 8 And Nftables Default Policy
Il 17/04/20 11:01, Alessandro Baggi ha scritto:
Hi have not received any replies but I tried to investigate. After checking configuration files in my system I supposed that this could caused by a daemon, so I found that libvirtd push some rules.
running virsh nwfilter-list I get:
I had the same problem.
If you are not using virtual machines then
# systemctl disable libvirtd
works and is easily reversible.
Alan
Hi,
the problem is that I’m using libvirtd for my vms. I think currently the best solution is remove this policies from .xml files.
Il 18/04/20 22:22, Alan McRae via CentOS ha scritto: