Why are my network connections being rejected?

linux centos networking firewall libvirt

347

Well, I figured it out. And it's a doozy.

CentOS 8 uses nftables, which by itself isn't surprising. It ships with the nft version of the iptables commands, which means when you use the iptables command it actually maintains a set of compatibility tables in nftables.

However...

Firewalld -- which is installed by default -- has native support for nftables, so it doesn't make use of the iptables compatibility layer.

So while iptables -S INPUT shows you:

# iptables -S INPUT
-P INPUT ACCEPT

What you actually have is:

        chain filter_INPUT {
                type filter hook input priority 10; policy accept;
                ct state established,related accept
                iifname "lo" accept
                jump filter_INPUT_ZONES_SOURCE
                jump filter_INPUT_ZONES
                ct state invalid drop
                reject with icmpx type admin-prohibited  <-- HEY LOOK AT THAT!
        }

The solution here (and honestly probably good advice in general) is:

systemctl disable --now firewalld

With firewalld out of the way, the iptables rules visible with iptables -S will behave as expected.

347

Author by

Артур Олмос

Updated on September 18, 2022

Comments

Артур Олмос almost 2 years
I've found a lot of Room tutorials, but none of them explains this.

How can I run a query returning one object, not a LiveData?

I have this method in my Room Dao:
```
@Dao
public interface TrainingDao {
    ....

    Query("SELECT * FROM " + TABLE_TRAININGS + " WHERE name =:name AND open =:open")
    Training fetchTrainingByName(String name, int open);

    ...
}
```
If I run this method on main thread, app crashes with error "Cannot access database on the main thread since...".

So, how can I run this query inside an AsyncTask returning one Training object?