System monitoring with cockpit

General support questions
Post Reply
Ashwin456
Posts: 1
Joined: 2021/06/01 14:04:46

System monitoring with cockpit

Post by Ashwin456 » 2021/06/01 14:20:06

Hi Team,

I can see the below errors in firewalld status after installing cockpit and start/enable the services.

Though the status is active, logs are writing as warning.

Please help me to understand and resolve this Issue.


~]# systemctl status -l firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2021-06-01 13:48:49 IST; 5h 37min ago
Docs: man:firewalld(1)
Main PID: 804 (firewalld)
CGroup: /system.slice/firewalld.service
└─804 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid

Jun 01 19:24:52 K2K firewalld[804]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -w --table filter --delete FORWARD --destination 192.168.122.0/24 --out-interface virbr0 --match conntrack --ctstate ESTABLISHED,RELATED --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Jun 01 19:24:52 K2K firewalld[804]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -w --table filter --delete FORWARD --source 192.168.122.0/24 --in-interface virbr0 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Jun 01 19:24:52 K2K firewalld[804]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -w --table filter --delete FORWARD --in-interface virbr0 --out-interface virbr0 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Jun 01 19:24:52 K2K firewalld[804]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -w --table filter --delete FORWARD --out-interface virbr0 --jump REJECT' failed: iptables: No chain/target/match by that name.
Jun 01 19:24:52 K2K firewalld[804]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -w --table filter --delete FORWARD --in-interface virbr0 --jump REJECT' failed: iptables: No chain/target/match by that name.
Jun 01 19:24:52 K2K firewalld[804]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -w --table filter --delete INPUT --in-interface virbr0 --protocol udp --destination-port 53 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Jun 01 19:24:52 K2K firewalld[804]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -w --table filter --delete INPUT --in-interface virbr0 --protocol tcp --destination-port 53 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Jun 01 19:24:52 K2K firewalld[804]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -w --table filter --delete OUTPUT --out-interface virbr0 --protocol udp --destination-port 68 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Jun 01 19:24:52 K2K firewalld[804]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -w --table filter --delete INPUT --in-interface virbr0 --protocol udp --destination-port 67 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Jun 01 19:24:52 K2K firewalld[804]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -w --table filter --delete INPUT --in-interface virbr0 --protocol tcp --destination-port 67 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: System monitoring with cockpit

Post by jlehtone » 2021/06/01 19:25:59

All those warnings are that command 'iptables --delete' failed. These commands would remove rules.
The problem in each case is that such rules do not exists. There is nothing to remove.

The question is what thinks that there are such rules and that they should be removed?

All those (non-existent) rules are such what libvirtd.service would add when it starts a virtual network.

Post Reply