Bug 1958301

Summary: cannot restart default network and firewalld: iptables: No chain/target/match by that name. [rhel-8.4.0.z]
Product: Red Hat Enterprise Linux 8 Reporter: RHEL Program Management Team <pgm-rhel-tools>
Component: libvirtAssignee: Laine Stump <laine>
Status: CLOSED ERRATA QA Contact: yalzhang <yalzhang>
Severity: high Docs Contact:
Priority: high    
Version: 8.4CC: agedosier, berrange, clalancette, ehadley, extras-qa, hunter86_bg, itamar, jdenemar, jfehlig, jforbes, jsuchane, laine, libvirt-maint, mpitt, rjones, veillard, virt-maint, virt-maint, yalzhang, ymankad
Target Milestone: betaKeywords: Triaged, ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libvirt-6.0.0-35.1.el8 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1942805 Environment:
Last Closed: 2021-08-10 13:50:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1942805    
Bug Blocks:    

Comment 5 yalzhang@redhat.com 2021-06-16 14:23:38 UTC 
reproduce the bug on libvirt-6.0.0-35.module+el8.4.0+10230+7a9b21e4.x86_64

[root@localhost ~]# systemctl restart libvirtd 
[root@localhost ~]# systemctl restart firewalld; systemctl restart libvirtd 

[root@localhost ~]# virsh net-destroy default; systemctl stop firewalld
Network default destroyed

[root@localhost ~]# virsh net-list --all; firewall-cmd --get-active-zones
 Name      State      Autostart   Persistent
----------------------------------------------
 default   inactive   yes         yes

FirewallD is not running
[root@localhost ~]# systemctl start firewalld; virsh net-start default
error: Failed to start network default
error: internal error: Failed to apply firewall rules /usr/sbin/iptables -w --table filter --insert LIBVIRT_INP --in-interface virbr0 --protocol tcp --destination-port 67 --jump ACCEPT: iptables: No chain/target/match by that name.

Test on libvirt-6.0.0-35.1.module+el8.4.0+11273+64eb94ef.x86_64 with the same steps, the network can start successfully. And try start network after restart firewalld, network can start successfully as well.
Comment 13 errata-xmlrpc 2021-08-10 13:50:35 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: virt:rhel and virt-devel:rhel security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2021:3061