I've had an init script for many years that configures iptables for me and it has worked like a champ until now. After upgrading from 10.04 to 12.04 I started having firewall problems where the rulesets were being corrupted. After some playing around I discovered that something is setting the following rules:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 state RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
even when I've completely disabled my own firewall script. My first thought was ufw was somehow active – but it isn't:
# ufw status
Status: inactive
It may or may not be related, but I've only seen this problem on machines I am running kvm on.
Does anyone have pointers to what could be doing this and how to disable whatever is adding these unwanted rules?
Edit for people looking for this in the future: I finally located a source that definitively links these mystery iptables rules to libvirt: http://libvirt.org/firewall.html
Best Answer
Is it a multi-homed machine? What's on the 192.168.122.0/24 CIDR? Is there an interface listening on one of the IPs from within that range? I'd probably try to look at the output of:
to find out if there's any configuration related to it and also check cron entries in /etc/cron*