Docker Firewalld/iptables WARNING: COMMAND_FAILED

fedora iptables firewall docker
9,756

This is more like a warning that these rules already exists. Because the error message is missing it is not a real error.

See https://github.com/moby/moby/issues/16137

Share:
9,756
BigGold1310
Author by

BigGold1310

Updated on September 18, 2022

Comments

  • BigGold1310
    BigGold1310 over 1 year

    Problem

    I got a fresh installed Fedora 27 installation. I installed docker-ce-17.12.0 on it.

    Now if I'm trying to start a container like the following:

    docker run -d -p 10.1.1.56:80:8080 --restart always --volume /docker/magic_mirror/config:/opt/magic_mirror/config --volume /docker/magic_mirror/modules:/opt/magic_mirror/modules --name magic_mirror bastilimbach/docker-magicmirror

    If I'm looking at the firewalld I see the following errors:

    ● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2018-01-09 19:51:07 CET; 1min 41s ago
     Docs: man:firewalld(1)
 Main PID: 1227 (firewalld)
    Tasks: 2 (limit: 4915)
   Memory: 40.2M
      CPU: 952ms
   CGroup: /system.slice/firewalld.service
           └─1227 /usr/bin/python3 -Es /usr/sbin/firewalld --nofork --nopid

Jan 09 19:51:19 fedora.naef.home firewalld[1227]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT' failed:
Jan 09 19:51:19 fedora.naef.home firewalld[1227]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -n -L DOCKER-USER' failed:
Jan 09 19:51:19 fedora.naef.home firewalld[1227]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C DOCKER-USER -j RETURN' failed:
Jan 09 19:51:19 fedora.naef.home firewalld[1227]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C FORWARD -j DOCKER-USER' failed:
Jan 09 19:51:19 fedora.naef.home firewalld[1227]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C DOCKER -p tcp -d 10.1.1.56 --dport 80 -j DNAT --to-destination 172.17.0.2:8080 ! -i docker0' failed:
Jan 09 19:51:19 fedora.naef.home firewalld[1227]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C DOCKER ! -i docker0 -o docker0 -p tcp -d 172.17.0.2 --dport 8080 -j ACCEPT' failed:
Jan 09 19:51:19 fedora.naef.home firewalld[1227]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C POSTROUTING -p tcp -s 172.17.0.2 -d 172.17.0.2 --dport 8080 -j MASQUERADE' failed:
Jan 09 19:52:39 fedora.naef.home firewalld[1227]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C DOCKER -p tcp -d 10.1.1.56 --dport 80 -j DNAT --to-destination 172.17.0.2:8080 ! -i docker0' failed:
Jan 09 19:52:39 fedora.naef.home firewalld[1227]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C DOCKER ! -i docker0 -o docker0 -p tcp -d 172.17.0.2 --dport 8080 -j ACCEPT' failed:
Jan 09 19:52:39 fedora.naef.home firewalld[1227]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C POSTROUTING -p tcp -s 172.17.0.2 -d 172.17.0.2 --dport 8080 -j MASQUERADE' failed:

    General Infos

    docker info

    Docker Info:
Containers: 1
 Running: 1
 Paused: 0
 Stopped: 0
Images: 1
Server Version: 17.12.0-ce
Storage Driver: devicemapper
 Pool Name: docker-thinpool
 Pool Blocksize: 524.3kB
 Base Device Size: 10.74GB
 Backing Filesystem: xfs
 Udev Sync Supported: true
 Data Space Used: 1.561GB
 Data Space Total: 102GB
 Data Space Available: 100.4GB
 Metadata Space Used: 700.4kB
 Metadata Space Total: 1.07GB
 Metadata Space Available: 1.069GB
 Thin Pool Minimum Free Space: 10.2GB
 Deferred Removal Enabled: true
 Deferred Deletion Enabled: true
 Deferred Deleted Device Count: 0
 Library Version: 1.02.144 (2017-10-06)
Logging Driver: json-file
Cgroup Driver: cgroupfs
Plugins:
 Volume: local
 Network: bridge host macvlan null overlay
 Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog
Swarm: inactive
Runtimes: runc
Default Runtime: runc
Init Binary: docker-init
containerd version: 89623f28b87a6004d4b785663257362d1658a729
runc version: b2567b37d7b75eb4cf325b77297b140ea686ce8f
init version: 949e6fa
Security Options:
 seccomp
  Profile: default
Kernel Version: 4.14.11-300.fc27.x86_64
Operating System: Fedora 27 (Workstation Edition)
OSType: linux
Architecture: x86_64
CPUs: 16
Total Memory: 31.41GiB
Name: fedora.naef.home
ID: R5N6:WND3:PZI5:HJNF:BCUY:IX7A:VTF3:AQGU:EJ3R:E6JP:WYQ3:Y4UU
Docker Root Dir: /var/lib/docker
Debug Mode (client): false
Debug Mode (server): false
Registry: https://index.docker.io/v1/
Labels:
Experimental: false
Insecure Registries:
 127.0.0.0/8
Live Restore Enabled: false

    Docker version

    Client:
 Version:   17.12.0-ce
 API version:   1.35
 Go version:    go1.9.2
 Git commit:    c97c6d6
 Built: Wed Dec 27 20:12:17 2017
 OS/Arch:   linux/amd64

Server:
 Engine:
  Version:  17.12.0-ce
  API version:  1.35 (minimum version 1.12)
  Go version:   go1.9.2
  Git commit:   c97c6d6
  Built:    Wed Dec 27 20:14:50 2017
  OS/Arch:  linux/amd64
  Experimental: false

    cat /etc/sysconfig/network-scripts/ifcfg-docker0

    DEVICE=docker0
STP=no
TYPE=Bridge
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
IPADDR=172.17.0.1
PREFIX=16
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV4_DNS_PRIORITY=100
IPV6INIT=yes
IPV6_AUTOCONF=no
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
IPV6_DNS_PRIORITY=100
NAME=docker0
UUID=0957d0b2-3ed7-418f-9399-e7b335bd2c3e
ONBOOT=no
ZONE=trusted

    cat /etc/firewalld/zones/trusted.xml

    <?xml version="1.0" encoding="utf-8"?>
<zone target="ACCEPT">
  <short>Trusted</short>
  <description>All network connections are accepted.</description>
  <interface name="docker0"/>
</zone>

    journalctl -f

    Jan 09 20:25:06 fedora.naef.home dockerd[1952]: time="2018-01-09T20:25:06.179211912+01:00" level=info msg="Container 94c6657d6c7f47f20a29ab7f82e5ebad929144de319db79317872bcc00960928 failed to exit within 10 seconds of signal 15 - using the force"
Jan 09 20:25:06 fedora.naef.home dockerd[1952]: time="2018-01-09T20:25:06.220316777+01:00" level=warning msg="unknown container" container=94c6657d6c7f47f20a29ab7f82e5ebad929144de319db79317872bcc00960928 module=libcontainerd namespace=plugins.moby
Jan 09 20:25:06 fedora.naef.home dockerd[1952]: time="2018-01-09T20:25:06+01:00" level=info msg="shim reaped" id=94c6657d6c7f47f20a29ab7f82e5ebad929144de319db79317872bcc00960928 module="containerd/tasks"
Jan 09 20:25:06 fedora.naef.home dockerd[1952]: time="2018-01-09T20:25:06.257560260+01:00" level=info msg="ignoring event" module=libcontainerd namespace=moby topic=/tasks/delete type="*events.TaskDelete"
Jan 09 20:25:06 fedora.naef.home dockerd[1952]: time="2018-01-09T20:25:06.257571381+01:00" level=info msg="ignoring event" module=libcontainerd namespace=plugins.moby topic=/tasks/delete type="*events.TaskDelete"
Jan 09 20:25:06 fedora.naef.home audit: NETFILTER_CFG table=nat family=2 entries=84
Jan 09 20:25:06 fedora.naef.home audit: NETFILTER_CFG table=nat family=2 entries=84
Jan 09 20:25:06 fedora.naef.home audit: NETFILTER_CFG table=filter family=2 entries=140
Jan 09 20:25:06 fedora.naef.home audit: NETFILTER_CFG table=nat family=2 entries=83
Jan 09 20:25:06 fedora.naef.home audit: NETFILTER_CFG table=nat family=2 entries=83
Jan 09 20:25:06 fedora.naef.home kernel: docker0: port 1(veth1efe87b) entered disabled state
Jan 09 20:25:06 fedora.naef.home kernel: vethc9528bb: renamed from eth0
Jan 09 20:25:06 fedora.naef.home NetworkManager[1638]: <info>  [1515525906.3229] manager: (vethc9528bb): new Veth device (/org/freedesktop/NetworkManager/Devices/12)
Jan 09 20:25:06 fedora.naef.home systemd-udevd[6272]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
Jan 09 20:25:06 fedora.naef.home avahi-daemon[1249]: Interface veth1efe87b.IPv6 no longer relevant for mDNS.
Jan 09 20:25:06 fedora.naef.home kernel: docker0: port 1(veth1efe87b) entered disabled state
Jan 09 20:25:06 fedora.naef.home avahi-daemon[1249]: Leaving mDNS multicast group on interface veth1efe87b.IPv6 with address fe80::c830:5dff:fe33:cd5a.
Jan 09 20:25:06 fedora.naef.home audit: ANOM_PROMISCUOUS dev=veth1efe87b prom=0 old_prom=256 auid=4294967295 uid=0 gid=0 ses=4294967295
Jan 09 20:25:06 fedora.naef.home kernel: device veth1efe87b left promiscuous mode
Jan 09 20:25:06 fedora.naef.home kernel: docker0: port 1(veth1efe87b) entered disabled state
Jan 09 20:25:06 fedora.naef.home libvirtd[1951]: 2018-01-09 19:25:06.328+0000: 1951: error : virFileReadAll:1390 : Failed to open file '/sys/class/net/vethc9528bb/operstate': No such file or directory
Jan 09 20:25:06 fedora.naef.home libvirtd[1951]: 2018-01-09 19:25:06.329+0000: 1951: error : virNetDevGetLinkInfo:2504 : unable to read: /sys/class/net/vethc9528bb/operstate: No such file or directory
Jan 09 20:25:06 fedora.naef.home avahi-daemon[1249]: Withdrawing address record for fe80::c830:5dff:fe33:cd5a on veth1efe87b.
Jan 09 20:25:06 fedora.naef.home NetworkManager[1638]: <info>  [1515525906.3395] device (veth1efe87b): released from master device docker0
Jan 09 20:25:06 fedora.naef.home gnome-shell[2756]: async_got_type: could not read properties for /org/freedesktop/NetworkManager/Devices/12: No such interface 'org.freedesktop.DBus.Properties' on object at path /org/freedesktop/NetworkManager/Devices/12
Jan 09 20:25:06 fedora.naef.home gnome-shell[2756]: async_got_type: could not read properties for /org/freedesktop/NetworkManager/Devices/12: No such interface 'org.freedesktop.DBus.Properties' on object at path /org/freedesktop/NetworkManager/Devices/12
Jan 09 20:25:06 fedora.naef.home kernel: XFS (dm-10): Unmounting Filesystem
Jan 09 20:25:06 fedora.naef.home dockerd[1952]: time="2018-01-09T20:25:06.638002427+01:00" level=info msg="ignoring event" module=libcontainerd namespace=moby topic=/containers/delete type="*events.ContainerDelete"
Jan 09 20:25:06 fedora.naef.home kernel: XFS (dm-10): Mounting V5 Filesystem
Jan 09 20:25:06 fedora.naef.home kernel: XFS (dm-10): Ending clean mount
Jan 09 20:25:06 fedora.naef.home kernel: XFS (dm-10): Unmounting Filesystem
Jan 09 20:25:06 fedora.naef.home kernel: XFS (dm-10): Mounting V5 Filesystem
Jan 09 20:25:06 fedora.naef.home kernel: XFS (dm-10): Ending clean mount
Jan 09 20:25:07 fedora.naef.home kernel: XFS (dm-10): Unmounting Filesystem
Jan 09 20:25:07 fedora.naef.home kernel: XFS (dm-10): Mounting V5 Filesystem
Jan 09 20:25:07 fedora.naef.home kernel: XFS (dm-10): Ending clean mount
Jan 09 20:25:07 fedora.naef.home audit: ANOM_PROMISCUOUS dev=veth48f92ff prom=256 old_prom=0 auid=4294967295 uid=0 gid=0 ses=4294967295
Jan 09 20:25:07 fedora.naef.home kernel: docker0: port 1(veth48f92ff) entered blocking state
Jan 09 20:25:07 fedora.naef.home kernel: docker0: port 1(veth48f92ff) entered disabled state
Jan 09 20:25:07 fedora.naef.home kernel: device veth48f92ff entered promiscuous mode
Jan 09 20:25:07 fedora.naef.home kernel: IPv6: ADDRCONF(NETDEV_UP): veth48f92ff: link is not ready
Jan 09 20:25:07 fedora.naef.home kernel: docker0: port 1(veth48f92ff) entered blocking state
Jan 09 20:25:07 fedora.naef.home kernel: docker0: port 1(veth48f92ff) entered forwarding state
Jan 09 20:25:07 fedora.naef.home systemd-udevd[6354]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
Jan 09 20:25:07 fedora.naef.home systemd-udevd[6355]: link_config: autonegotiation is unset or enabled, the speed and duplex are not writable.
Jan 09 20:25:07 fedora.naef.home NetworkManager[1638]: <info>  [1515525907.1143] manager: (vethb62fe93): new Veth device (/org/freedesktop/NetworkManager/Devices/13)
Jan 09 20:25:07 fedora.naef.home systemd-udevd[6355]: Could not generate persistent MAC address for veth48f92ff: No such file or directory
Jan 09 20:25:07 fedora.naef.home systemd-udevd[6354]: Could not generate persistent MAC address for vethb62fe93: No such file or directory
Jan 09 20:25:07 fedora.naef.home NetworkManager[1638]: <info>  [1515525907.1168] manager: (veth48f92ff): new Veth device (/org/freedesktop/NetworkManager/Devices/14)
Jan 09 20:25:07 fedora.naef.home firewalld[1227]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C DOCKER -p tcp -d 10.1.1.56 --dport 80 -j DNAT --to-destination 172.17.0.2:8080 ! -i docker0' failed:
Jan 09 20:25:07 fedora.naef.home audit: NETFILTER_CFG table=nat family=2 entries=82
Jan 09 20:25:07 fedora.naef.home firewalld[1227]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t filter -C DOCKER ! -i docker0 -o docker0 -p tcp -d 172.17.0.2 --dport 8080 -j ACCEPT' failed:
Jan 09 20:25:07 fedora.naef.home audit: NETFILTER_CFG table=filter family=2 entries=139
Jan 09 20:25:07 fedora.naef.home firewalld[1227]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -t nat -C POSTROUTING -p tcp -s 172.17.0.2 -d 172.17.0.2 --dport 8080 -j MASQUERADE' failed:
Jan 09 20:25:07 fedora.naef.home audit: NETFILTER_CFG table=nat family=2 entries=83
Jan 09 20:25:07 fedora.naef.home dockerd[1952]: time="2018-01-09T20:25:07.177440952+01:00" level=info msg="ignoring event" module=libcontainerd namespace=moby topic=/containers/create type="*events.ContainerCreate"
Jan 09 20:25:07 fedora.naef.home dockerd[1952]: time="2018-01-09T20:25:07+01:00" level=info msg="shim docker-containerd-shim started" address="/containerd-shim/moby/f41833e372d588f38d6889be51fb1fd45d82eda1465a6f24b840e7f26948cbdd/shim.sock" debug=false module="containerd/tasks" pid=6371
Jan 09 20:25:07 fedora.naef.home kernel: docker0: port 1(veth48f92ff) entered disabled state
Jan 09 20:25:07 fedora.naef.home kernel: eth0: renamed from vethb62fe93
Jan 09 20:25:07 fedora.naef.home kernel: IPv6: ADDRCONF(NETDEV_CHANGE): veth48f92ff: link becomes ready
Jan 09 20:25:07 fedora.naef.home kernel: docker0: port 1(veth48f92ff) entered blocking state
Jan 09 20:25:07 fedora.naef.home kernel: docker0: port 1(veth48f92ff) entered forwarding state
Jan 09 20:25:07 fedora.naef.home NetworkManager[1638]: <info>  [1515525907.3819] device (veth48f92ff): link connected
Jan 09 20:25:07 fedora.naef.home NetworkManager[1638]: <info>  [1515525907.3821] device (docker0): link connected
Jan 09 20:25:07 fedora.naef.home dockerd[1952]: time="2018-01-09T20:25:07.440555022+01:00" level=warning msg="unknown container" container=f41833e372d588f38d6889be51fb1fd45d82eda1465a6f24b840e7f26948cbdd module=libcontainerd namespace=plugins.moby
Jan 09 20:25:07 fedora.naef.home dockerd[1952]: time="2018-01-09T20:25:07.458195638+01:00" level=warning msg="unknown container" container=f41833e372d588f38d6889be51fb1fd45d82eda1465a6f24b840e7f26948cbdd module=libcontainerd namespace=plugins.moby
Jan 09 20:25:09 fedora.naef.home avahi-daemon[1249]: Joining mDNS multicast group on interface veth48f92ff.IPv6 with address fe80::1867:1eff:fea3:4277.
Jan 09 20:25:09 fedora.naef.home avahi-daemon[1249]: New relevant interface veth48f92ff.IPv6 for mDNS.
Jan 09 20:25:09 fedora.naef.home avahi-daemon[1249]: Registering new address record for fe80::1867:1eff:fea3:4277 on veth48f92ff.*.

    Updated

    iptables -S

    -P INPUT ACCEPT
-P FORWARD DROP
-P OUTPUT ACCEPT
-N DOCKER
-N DOCKER-ISOLATION
-N DOCKER-USER
-N FORWARD_IN_ZONES
-N FORWARD_IN_ZONES_SOURCE
-N FORWARD_OUT_ZONES
-N FORWARD_OUT_ZONES_SOURCE
-N FORWARD_direct
-N FWDI_FedoraWorkstation
-N FWDI_FedoraWorkstation_allow
-N FWDI_FedoraWorkstation_deny
-N FWDI_FedoraWorkstation_log
-N FWDI_trusted
-N FWDI_trusted_allow
-N FWDI_trusted_deny
-N FWDI_trusted_log
-N FWDO_FedoraWorkstation
-N FWDO_FedoraWorkstation_allow
-N FWDO_FedoraWorkstation_deny
-N FWDO_FedoraWorkstation_log
-N FWDO_trusted
-N FWDO_trusted_allow
-N FWDO_trusted_deny
-N FWDO_trusted_log
-N INPUT_ZONES
-N INPUT_ZONES_SOURCE
-N INPUT_direct
-N IN_FedoraWorkstation
-N IN_FedoraWorkstation_allow
-N IN_FedoraWorkstation_deny
-N IN_FedoraWorkstation_log
-N IN_trusted
-N IN_trusted_allow
-N IN_trusted_deny
-N IN_trusted_log
-N OUTPUT_direct
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j INPUT_direct
-A INPUT -j INPUT_ZONES_SOURCE
-A INPUT -j INPUT_ZONES
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -j FORWARD_direct
-A FORWARD -j FORWARD_IN_ZONES_SOURCE
-A FORWARD -j FORWARD_IN_ZONES
-A FORWARD -j FORWARD_OUT_ZONES_SOURCE
-A FORWARD -j FORWARD_OUT_ZONES
-A FORWARD -m conntrack --ctstate INVALID -j DROP
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -j OUTPUT_direct
-A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 8080 -j ACCEPT
-A DOCKER-ISOLATION -j RETURN
-A DOCKER-USER -j RETURN
-A FORWARD_IN_ZONES -i enp5s0 -g FWDI_FedoraWorkstation
-A FORWARD_IN_ZONES -i docker0 -j FWDI_trusted
-A FORWARD_IN_ZONES -g FWDI_FedoraWorkstation
-A FORWARD_OUT_ZONES -o enp5s0 -g FWDO_FedoraWorkstation
-A FORWARD_OUT_ZONES -o docker0 -j FWDO_trusted
-A FORWARD_OUT_ZONES -g FWDO_FedoraWorkstation
-A FWDI_FedoraWorkstation -j FWDI_FedoraWorkstation_log
-A FWDI_FedoraWorkstation -j FWDI_FedoraWorkstation_deny
-A FWDI_FedoraWorkstation -j FWDI_FedoraWorkstation_allow
-A FWDI_FedoraWorkstation -p icmp -j ACCEPT
-A FWDI_trusted -j FWDI_trusted_log
-A FWDI_trusted -j FWDI_trusted_deny
-A FWDI_trusted -j FWDI_trusted_allow
-A FWDI_trusted -j ACCEPT
-A FWDO_FedoraWorkstation -j FWDO_FedoraWorkstation_log
-A FWDO_FedoraWorkstation -j FWDO_FedoraWorkstation_deny
-A FWDO_FedoraWorkstation -j FWDO_FedoraWorkstation_allow
-A FWDO_trusted -j FWDO_trusted_log
-A FWDO_trusted -j FWDO_trusted_deny
-A FWDO_trusted -j FWDO_trusted_allow
-A FWDO_trusted -j ACCEPT
-A INPUT_ZONES -i enp5s0 -g IN_FedoraWorkstation
-A INPUT_ZONES -i docker0 -j IN_trusted
-A INPUT_ZONES -g IN_FedoraWorkstation
-A IN_FedoraWorkstation -j IN_FedoraWorkstation_log
-A IN_FedoraWorkstation -j IN_FedoraWorkstation_deny
-A IN_FedoraWorkstation -j IN_FedoraWorkstation_allow
-A IN_FedoraWorkstation -p icmp -j ACCEPT
-A IN_FedoraWorkstation_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
-A IN_FedoraWorkstation_allow -p udp -m udp --dport 137 -m conntrack --ctstate NEW -j ACCEPT
-A IN_FedoraWorkstation_allow -p udp -m udp --dport 138 -m conntrack --ctstate NEW -j ACCEPT
-A IN_FedoraWorkstation_allow -d 224.0.0.251/32 -p udp -m udp --dport 5353 -m conntrack --ctstate NEW -j ACCEPT
-A IN_FedoraWorkstation_allow -p udp -m udp --dport 1025:65535 -m conntrack --ctstate NEW -j ACCEPT
-A IN_FedoraWorkstation_allow -p tcp -m tcp --dport 1025:65535 -m conntrack --ctstate NEW -j ACCEPT
-A IN_trusted -j IN_trusted_log
-A IN_trusted -j IN_trusted_deny
-A IN_trusted -j IN_trusted_allow
-A IN_trusted -j ACCEPT

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Problems setting up TigerVNC and firewall
How to properly log and view nftables activity?
Drop packets with PREROUTING in iptables
How to prevent iptables and nftables rules from running simultaneously?
What is the best practice of docker + ufw under Ubuntu
Restrict Docker exposed port from only specific IP adresses
What causes transport: "dial unix /var/run/docker/containerd/docker-containerd.sock: connect: connection refused"?
add rule to firewalld in Centos7 to allow all traffic from a server
How can I redirect a single port in a docker container to the container's host?
ubuntu iptables NAT & Router & Port Forwarding