It looks like as iptables is multiplying its rules at OVZ7+CentOS8
Steps bellow:
First, we confirm that there are no references to chain TEST
# iptables-save | grep -c TEST
# Warning: iptables-legacy tables present, use iptables-legacy-save to see them
0
Next, we create a chain TEST, a basic rule and at the end we count the number of references to it
# iptables -N TEST ; iptables -A TEST -j ACCEPT ; iptables-save | grep -c TEST
# Warning: iptables-legacy tables present, use iptables-legacy-save to see them
31
31 referentes. Shouldn't there be just 2? (chain creation + rule?)
Let's check which references are those:
# iptables-save
# Generated by iptables-save v1.8.4 on Wed Jul 8 22:11:17 2020
*filter
:INPUT ACCEPT [3859:241253]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [830:110277]
:TEST - [0:0]
-A TEST -j ACCEPT
-A TEST -j ACCEPT
-A TEST -j ACCEPT
-A TEST -j ACCEPT
COMMIT
# Completed on Wed Jul 8 22:11:17 2020
# Generated by iptables-save v1.8.4 on Wed Jul 8 22:11:17 2020
*raw
:PREROUTING ACCEPT [117105:12625485]
:OUTPUT ACCEPT [120335:94805945]
-A TEST -j ACCEPT
-A TEST -j ACCEPT
COMMIT
# Completed on Wed Jul 8 22:11:17 2020
# Generated by iptables-save v1.8.4 on Wed Jul 8 22:11:17 2020
*mangle
:PREROUTING ACCEPT [117100:12624568]
:INPUT ACCEPT [117100:12624568]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [120331:94804518]
:POSTROUTING ACCEPT [120331:94804518]
-A TEST -j ACCEPT
-A TEST -j ACCEPT
-A TEST -j ACCEPT
-A TEST -j ACCEPT
-A TEST -j ACCEPT
COMMIT
# Completed on Wed Jul 8 22:11:17 2020
# Generated by iptables-save v1.8.4 on Wed Jul 8 22:11:17 2020
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A TEST -j ACCEPT
-A TEST -j ACCEPT
-A TEST -j ACCEPT
-A TEST -j ACCEPT
COMMIT
# Completed on Wed Jul 8 22:11:17 2020
# Warning: iptables-legacy tables present, use iptables-legacy-save to see them
OpenVZ Forum
Members
Search
Help
Register
Login
Home
