OpenVZ Forum


Today's Messages (on)  | Unanswered Messages (off)

Forum: Support
 Topic: BUG? OVZ 7 + CentOS 8 + iptables v1.8.4 (nf_tables)
BUG? OVZ 7 + CentOS 8 + iptables v1.8.4 (nf_tables) [message #53659] Thu, 09 July 2020 01:19
andre is currently offline  andre
Messages: 33
Registered: January 2008
Member
From: *virtua.com.br
It looks like as iptables is multiplying its rules at OVZ7+CentOS8

Steps bellow:

First, we confirm that there are no references to chain TEST
# iptables-save | grep -c TEST
# Warning: iptables-legacy tables present, use iptables-legacy-save to see them
0



Next, we create a chain TEST, a basic rule and at the end we count the number of references to it
# iptables -N TEST ; iptables -A TEST -j ACCEPT ; iptables-save | grep -c TEST
# Warning: iptables-legacy tables present, use iptables-legacy-save to see them
31


31 referentes. Shouldn't there be just 2? (chain creation + rule?)

Let's check which references are those:
# iptables-save
# Generated by iptables-save v1.8.4 on Wed Jul  8 22:11:17 2020
*filter
:INPUT ACCEPT [3859:241253]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [830:110277]
:TEST - [0:0]
-A TEST -j ACCEPT
-A TEST -j ACCEPT
-A TEST -j ACCEPT
-A TEST -j ACCEPT
COMMIT
# Completed on Wed Jul  8 22:11:17 2020
# Generated by iptables-save v1.8.4 on Wed Jul  8 22:11:17 2020
*raw
:PREROUTING ACCEPT [117105:12625485]
:OUTPUT ACCEPT [120335:94805945]
-A TEST -j ACCEPT
-A TEST -j ACCEPT
COMMIT
# Completed on Wed Jul  8 22:11:17 2020
# Generated by iptables-save v1.8.4 on Wed Jul  8 22:11:17 2020
*mangle
:PREROUTING ACCEPT [117100:12624568]
:INPUT ACCEPT [117100:12624568]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [120331:94804518]
:POSTROUTING ACCEPT [120331:94804518]
-A TEST -j ACCEPT
-A TEST -j ACCEPT
-A TEST -j ACCEPT
-A TEST -j ACCEPT
-A TEST -j ACCEPT
COMMIT
# Completed on Wed Jul  8 22:11:17 2020
# Generated by iptables-save v1.8.4 on Wed Jul  8 22:11:17 2020
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A TEST -j ACCEPT
-A TEST -j ACCEPT
-A TEST -j ACCEPT
-A TEST -j ACCEPT
COMMIT
# Completed on Wed Jul  8 22:11:17 2020
# Warning: iptables-legacy tables present, use iptables-legacy-save to see them







Current Time: Thu Jul 09 07:44:33 GMT 2020