$ps r -A
PID TTY STAT TIME COMMAND
2131 ? D 0:00 /usr/sbin/iptables -w --table filter --insert FORWARD --destination 192.168.122.0/24 --out-interface virbr0
49444 pts/0 R+ 0:00 ps r -A
#brctl show
bridge name bridge id STP enabled interfaces
virbr0 8000.5254001f480c yes virbr0-nic
检查启动dmesg显示
[ 21.328152] ip6_tables: (C) 2000-2006 Netfilter Core Team
[ 21.342781] Ebtables v2.0 registered
[ 21.463834] bridge: automatic filtering via arp/ip/ip6tables has been deprecated. Update your scripts to load br_netfilter if you need this.
Jun 21 21:52:33 server.example.com dbus[1232]: [system] Activating via systemd: service name='org.freedesktop.PolicyKit1' unit='polkit.service'
Jun 21 21:52:33 server.example.com dbus-daemon[1232]: dbus[1232]: [system] Activating via systemd: service name='org.freedesktop.PolicyKit1' unit='polkit.service'
Jun 21 21:52:33 server.example.com systemd[1]: Starting Authorization Manager...
Jun 21 21:52:33 server.example.com polkitd[11378]: Started polkitd version 0.112
Jun 21 21:52:33 server.example.com polkitd[11378]: Loading rules from directory /etc/polkit-1/rules.d
Jun 21 21:52:33 server.example.com polkitd[11378]: Loading rules from directory /usr/share/polkit-1/rules.d
Jun 21 21:52:33 server.example.com polkitd[11378]: Finished loading, compiling and executing 3 rules
Jun 21 21:52:33 server.example.com dbus[1232]: [system] Successfully activated service 'org.freedesktop.PolicyKit1'
Jun 21 21:52:33 server.example.com dbus-daemon[1232]: dbus[1232]: [system] Successfully activated service 'org.freedesktop.PolicyKit1'
Jun 21 21:52:33 server.example.com systemd[1]: Started Authorization Manager.
Jun 21 21:52:33 server.example.com polkitd[11378]: Acquired the name org.freedesktop.PolicyKit1 on the system bus
Jun 21 21:52:33 server.example.com polkitd[11378]: Registered Authentication Agent for unix-process:11373:12356 (system bus name :1.105 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Jun 21 21:52:33 server.example.com systemd[1]: Listening on Virtual machine log manager socket.
Jun 21 21:52:33 server.example.com systemd[1]: Starting Virtual machine log manager socket.
Jun 21 21:52:33 server.example.com systemd[1]: Starting Virtualization daemon...
Jun 21 21:52:33 server.example.com systemd[1]: Started Virtualization daemon.
Jun 21 21:52:33 server.example.com polkitd[11378]: Unregistered Authentication Agent for unix-process:11373:12356 (system bus name :1.105, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Jun 21 21:52:33 server.example.com admin[11411]: alicmd:root:systemctl start libvirtd:admin pts/0 2017-06-21 21:50 (10.101.76.56)
Jun 21 21:52:33 server.example.com kernel: ip6_tables: (C) 2000-2006 Netfilter Core Team
Jun 21 21:52:33 server.example.com kernel: Ebtables v2.0 registered
Jun 21 21:52:33 server.example.com kernel: bridge: automatic filtering via arp/ip/ip6tables has been deprecated. Update your scripts to load br_netfilter if you need this.
Jun 21 21:52:33 server.example.com kernel: tun: Universal TUN/TAP device driver, 1.6
Jun 21 21:52:33 server.example.com kernel: tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
Jun 21 21:52:33 server.example.com kernel: device virbr0-nic entered promiscuous mode
Jun 21 21:52:33 server.example.com kernel: nf_conntrack version 0.5.0 (65536 buckets, 262144 max)
bridge: automatic filtering via arp/ip/ip6tables has been deprecated.
Update your scripts to load br_netfilter if you need this.
则需要先加载br_netfilter模块
# ls /proc/sys/net/bridge
ls: cannot access /proc/sys/net/bridge: No such file or directory
# modprobe br_netfilter
# ls /proc/sys/net/bridge
bridge-nf-call-arptables bridge-nf-filter-pppoe-tagged
bridge-nf-call-ip6tables bridge-nf-filter-vlan-tagged
bridge-nf-call-iptables bridge-nf-pass-vlan-input-dev