On 2020-06-16 11:43, Ed Greshko wrote:
On 2020-06-16 07:24, Kenneth Porter wrote:
--On Tuesday, June 16, 2020 8:17 AM +0800 Ed Greshko <ed.greshko@greshko.com> wrote:

For RHEL/CentOS, I start by listing the back end rules.

What would be the command to list those?

This looks like a good starting point:


The other thing I found odd is that I did

firewall-cmd --set-log-denied=all

And saw no journal entries showing the reject.  I used wireshark. and I do see.> Transmission Control Protocol, Src Port: 44870, Dst Port: 22, Seq: 0, Len: 0
and immediately after>  Internet Control Message Protocol (Port unreachable)

I should have tried this earlier.  But it seems the issues aren't confined to the libvirt zone.
And the symptoms seem odder.

enp2s0 on the "middle (meimei)" host is  From the "right (acer2)" host I can ping
meimei and ssh to meimei with the firewall active.

However, to a different host

[egreshko@acer ~]$ ping -c 1 -q
PING ( 56(84) bytes of data.

--- ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms


[egreshko@acer ~]$ ssh
ssh: connect to host port 22: No route to host

The key to getting good answers is to ask good questions.