Hi,
your step 1 installs firewalld and it already lists ipv4-dhcp as not present.
Then you hit the issue you described.
Just to confirm if you'd have neither firewalld nor ufw installed at the
host it would just work as it usually does right? I took a fresh clean
host and it worked fine for me, please confirm that on your side.
Or did you run into the bug first and then installed firewall-cmd to
unblock dhcp in your case?
A default installed firewall-cmd (universe only BTW) starts with all blocked
but dhcpv6 and ssh:
$ apt install friewalld
$ sudo firewall-cmd --list-all
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
It is part of its design to block-all-but-whitelist.
I can reproduce the issue you mention just fine:
1. install firewalld
2. use libvirt to run a guest
TL;DR:
- once you install firewalld all but a small whitelists gets shut off
- you then need to enable the services you need (e.g. dhcp in your example)
- that IMHO is by design in firewalld and not a bug in any other component
** Changed in: qemu (Ubuntu)
Status: New => Invalid
** Changed in: firewalld (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1806593
Title:
Firewall blocks dhcp hand shakes of guest through virbr0 and guest
fails to get IP address,
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1806593/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
