Firewalld is a new service on RHEL7 which you can use instead of iptables. Firewalld has a new userland interface and also has a real time firewall service that you can change config without stopping current connections. There are so many benefits and new added feature that we can talk about but not at this post.
Problem: Even though you disabled “iptables” and “firewalld” service , still displays some iptables rules after every reboot .
If you install a RHEL7 server on virtulization platform you’ll get on interface which named “virbr0” . This insterface was created with the service “libvirtd”. Libvirt is an API that you can use it for managing virtulization platforms and interface by some GUI tools and also CLI(virsh).The communication between the virtulization solutions like KVM, Xen, LXC and the libvirt API is managed by Libvirtd service. When you start this service it will attempt to create some firewall rules that you can check them “iptables”. So our problem started at this point.
Step 1: Check libvirtd Service
# systemctl status libvirtd â— libvirtd.service - Virtualization daemon Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; vendor preset: enabled) Docs: man:libvirtd(8) http://libvirt.org Main PID: 991 (libvirtd) CGroup: /system.slice/libvirtd.service â”œâ”€ 991 /usr/sbin/libvirtd â”œâ”€2011 /sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper â””â”€2014 /sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper
Step 2: Check Interface virbr0
# virsh net-list Name State Autostart Persistent ---------------------------------------------------------- default active yes yes #ip a
Step 3: Destroy Net config libvirtd
#virsh net-destroy default#virsh net-undefine default
Step 4: Disable Services
#systemctl stop libvirtd #systemctl stop iptables #systemctl stop firewalld #systemctl disable libvirtd #systemctl disable iptables #systemctl disable firewalld
Step 5: Check Iptables and Net Interface and Restart Server