chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 04:39:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'production' into next

Browse Source
This commit is contained in:
陈浩南
2025-05-12 11:34:15 +08:00
parent 3973b407ae dd95b9b282
commit c39bf8ed0a
9 changed files with 583 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
devices/srv3/default.nix
View File

@@ -63,7 +63,12 @@ inputs:
{
owner = "chn";
hardware = { memoryMB = 512; cpus = 1; };
network = { address = 4; vnc.openFirewall = false; portForward.web = [ "example.chn.moe" ]; };
network =
{
address = 4;
vnc.openFirewall = false;
portForward = { tcp = [{ host = 5693; guest = 22; }]; web = [ "example.chn.moe" ]; };
};
};
};
rsshub = {};

38
modules/services/btrbk.nix
View File

@@ -16,28 +16,30 @@ inputs:
services.btrbk =
{
ioSchedulingClass = "idle";
instances.btrbk =
{
onCalendar = "*-*-* 4:00:00";
settings =
instances = builtins.listToAttrs (builtins.map
(host:
{
timestamp_format = "short";
snapshot_dir = "/nix/btrbk/snapshot";
snapshot_preserve_min = "1w";
target_preserve_min = "1m";
ssh_user = "btrbk";
ssh_identity = inputs.config.sops.secrets.btrbk.path;
volume = builtins.listToAttrs (builtins.map
(host:
name = host;
value =
{
onCalendar = "*-*-* 4:00:00";
settings =
{
name = "ssh://wg1.${host}.chn.moe/nix";
value = { subvolume.persistent= {}; target = "/nix/btrbk/${host}"; };
})
btrbk);
};
};
timestamp_format = "short";
snapshot_dir = "/nix/btrbk/snapshot";
snapshot_preserve_min = "1w";
target_preserve_min = "1m";
ssh_user = "btrbk";
ssh_identity = inputs.config.sops.secrets.btrbk.path;
volume."ssh://wg1.${host}.chn.moe/nix" = { subvolume.persistent= {}; target = "/nix/btrbk/${host}"; };
};
};
})
btrbk);
};
sops.secrets.btrbk.owner = "btrbk";
systemd.timers = builtins.listToAttrs (builtins.map
(host: { name = "btrbk-${host}"; value.timerConfig.RandomizedDelaySec = 7200; }) btrbk);
})
];
}

18
modules/services/nixvirt.nix
View File

@@ -192,7 +192,7 @@ inputs:
nftRules = builtins.concatLists (builtins.concatLists (builtins.map
(vm: builtins.map
(protocol: builtins.map
(port: "${protocol} dport ${builtins.toString port.host} "
(port: "${protocol} dport ${builtins.toString port.host} fib daddr type local "
+ "counter dnat ip to 192.168.122.${builtins.toString vm.network.address}"
+ ":${builtins.toString port.guest}")
vm.network.portForward.${protocol})
@@ -208,20 +208,8 @@ inputs:
}
}
'';
# libvirt use iptables to reject forward-input packages.
# packages accept in nftables but reject in iptables will finally be rejected.
# So we need to add a rule in iptables to accept these packages.
iptables = "${inputs.pkgs.iptables}/bin/iptables";
start = inputs.pkgs.writeShellScript "nixvirt.start"
''
${nft} -f ${nftConfigFile}
${iptables} -t filter -I LIBVIRT_FWI -d 192.168.122.0/24 -j ACCEPT -w
'';
stop = inputs.pkgs.writeShellScript "nixvirt.stop"
''
${nft} delete table inet nixvirt
${iptables} -t filter -D LIBVIRT_FWI -d 192.168.122.0/24 -j ACCEPT -w
'';
start = inputs.pkgs.writeShellScript "nixvirt.start" "${nft} -f ${nftConfigFile}";
stop = inputs.pkgs.writeShellScript "nixvirt.stop" "${nft} delete table inet nixvirt";
in
{
description = "nixvirt port forward";

19
modules/system/fileSystems/default.nix
View File

@@ -75,15 +75,16 @@ inputs:
# swap
{ swapDevices = builtins.map (device: { device = device; }) fileSystems.swap; }
# resume
(inputs.lib.mkIf (fileSystems.resume != null) { boot =
(
if builtins.typeOf fileSystems.resume == "string" then { resumeDevice = fileSystems.resume; }
else
{
resumeDevice = fileSystems.resume.device;
kernelParams = [ "resume_offset=${builtins.toString fileSystems.resume.offset}" ];
}
);})
(inputs.lib.mkIf (fileSystems.resume != null)
{
boot = inputs.localLib.mkConditional (builtins.typeOf fileSystems.resume == "string")
{ resumeDevice = fileSystems.resume; }
{
resumeDevice = fileSystems.resume.device;
kernelParams = [ "resume_offset=${builtins.toString fileSystems.resume.offset}" ];
};
nixos.system.kernel.patches = [ "hibernate-progress" ];
})
# rollingRootfs
(inputs.lib.mkIf (fileSystems.rollingRootfs != null)
{

16
modules/system/kernel.nix → modules/system/kernel/default.nix
View File

@@ -50,13 +50,25 @@ inputs:
cachyos = inputs.pkgs.linuxPackages_cachyos;
cachyos-lts = inputs.pkgs.linuxPackages_cachyos_lts;
}.${kernel.variant};
kernelPatches = let patches = {}; in builtins.concatLists (builtins.map (name: patches.${name}) kernel.patches);
kernelPatches =
let
patches =
{
hibernate-progress =
[{
name = "hibernate-progress";
patch =
let version = inputs.lib.versions.majorMinor inputs.config.boot.kernelPackages.kernel.version;
in ./hibernate-progress-${version}.patch;
}];
};
in builtins.concatLists (builtins.map (name: patches.${name}) kernel.patches);
};
}
# enable scx when using cachyos
(
inputs.lib.mkIf (builtins.elem kernel.variant [ "cachyos" "cachyos-lts" ])
{ services.scx = { enable = true; scheduler = "scx_bpfland"; }; }
{ services.scx = { enable = true; scheduler = "scx_rustland"; }; }
)
];
}

128
modules/system/kernel/hibernate-progress-6.12.patch Normal file
View File

@@ -0,0 +1,128 @@
diff --git a/kernel/power/swap.c b/kernel/power/swap.c
index 5bc04bfe2db1..6e7b17b97de7 100644
--- a/kernel/power/swap.c
+++ b/kernel/power/swap.c
@@ -563,7 +563,7 @@ static int save_image(struct swap_map_handle *handle,
hib_init_batch(&hb);
- pr_info("Saving image data pages (%u pages)...\n",
+ pr_err("Saving image data pages (%u pages)...\n",
nr_to_write);
m = nr_to_write / 10;
if (!m)
@@ -578,7 +578,7 @@ static int save_image(struct swap_map_handle *handle,
if (ret)
break;
if (!(nr_pages % m))
- pr_info("Image saving progress: %3d%%\n",
+ pr_err("Image saving progress: %3d%%\n",
nr_pages / m * 10);
nr_pages++;
}
@@ -588,7 +588,7 @@ static int save_image(struct swap_map_handle *handle,
if (!ret)
ret = err2;
if (!ret)
- pr_info("Image saving done\n");
+ pr_err("Image saving done\n");
swsusp_show_speed(start, stop, nr_to_write, "Wrote");
return ret;
}
@@ -795,8 +795,8 @@ static int save_compressed_image(struct swap_map_handle *handle,
*/
handle->reqd_free_pages = reqd_free_pages();
- pr_info("Using %u thread(s) for %s compression\n", nr_threads, hib_comp_algo);
- pr_info("Compressing and saving image data (%u pages)...\n",
+ pr_err("Using %u thread(s) for %s compression\n", nr_threads, hib_comp_algo);
+ pr_err("Compressing and saving image data (%u pages)...\n",
nr_to_write);
m = nr_to_write / 10;
if (!m)
@@ -817,7 +817,7 @@ static int save_compressed_image(struct swap_map_handle *handle,
data_of(*snapshot), PAGE_SIZE);
if (!(nr_pages % m))
- pr_info("Image saving progress: %3d%%\n",
+ pr_err("Image saving progress: %3d%%\n",
nr_pages / m * 10);
nr_pages++;
}
@@ -888,9 +888,9 @@ static int save_compressed_image(struct swap_map_handle *handle,
if (!ret)
ret = err2;
if (!ret)
- pr_info("Image saving done\n");
+ pr_err("Image saving done\n");
swsusp_show_speed(start, stop, nr_to_write, "Wrote");
- pr_info("Image size after compression: %d kbytes\n",
+ pr_err("Image size after compression: %d kbytes\n",
(atomic_read(&compressed_size) / 1024));
out_clean:
@@ -1105,7 +1105,7 @@ static int load_image(struct swap_map_handle *handle,
hib_init_batch(&hb);
clean_pages_on_read = true;
- pr_info("Loading image data pages (%u pages)...\n", nr_to_read);
+ pr_err("Loading image data pages (%u pages)...\n", nr_to_read);
m = nr_to_read / 10;
if (!m)
m = 1;
@@ -1123,7 +1123,7 @@ static int load_image(struct swap_map_handle *handle,
if (ret)
break;
if (!(nr_pages % m))
- pr_info("Image loading progress: %3d%%\n",
+ pr_err("Image loading progress: %3d%%\n",
nr_pages / m * 10);
nr_pages++;
}
@@ -1133,7 +1133,7 @@ static int load_image(struct swap_map_handle *handle,
if (!ret)
ret = err2;
if (!ret) {
- pr_info("Image loading done\n");
+ pr_err("Image loading done\n");
ret = snapshot_write_finalize(snapshot);
if (!ret && !snapshot_image_loaded(snapshot))
ret = -ENODATA;
@@ -1328,8 +1328,8 @@ static int load_compressed_image(struct swap_map_handle *handle,
}
want = ring_size = i;
- pr_info("Using %u thread(s) for %s decompression\n", nr_threads, hib_comp_algo);
- pr_info("Loading and decompressing image data (%u pages)...\n",
+ pr_err("Using %u thread(s) for %s decompression\n", nr_threads, hib_comp_algo);
+ pr_err("Loading and decompressing image data (%u pages)...\n",
nr_to_read);
m = nr_to_read / 10;
if (!m)
@@ -1459,7 +1459,7 @@ static int load_compressed_image(struct swap_map_handle *handle,
data[thr].unc + off, PAGE_SIZE);
if (!(nr_pages % m))
- pr_info("Image loading progress: %3d%%\n",
+ pr_err("Image loading progress: %3d%%\n",
nr_pages / m * 10);
nr_pages++;
@@ -1485,7 +1485,7 @@ static int load_compressed_image(struct swap_map_handle *handle,
}
stop = ktime_get();
if (!ret) {
- pr_info("Image loading done\n");
+ pr_err("Image loading done\n");
ret = snapshot_write_finalize(snapshot);
if (!ret && !snapshot_image_loaded(snapshot))
ret = -ENODATA;
@@ -1593,7 +1593,7 @@ int swsusp_check(bool exclusive)
}
if (!error && swsusp_header->flags & SF_HW_SIG &&
swsusp_header->hw_sig != swsusp_hardware_signature) {
- pr_info("Suspend image hardware signature mismatch (%08x now %08x); aborting resume.\n",
+ pr_err("Suspend image hardware signature mismatch (%08x now %08x); aborting resume.\n",
swsusp_header->hw_sig, swsusp_hardware_signature);
error = -EINVAL;
}

116
modules/system/kernel/hibernate-progress-6.6.patch Normal file
View File

@@ -0,0 +1,116 @@
diff --git a/kernel/power/swap.c b/kernel/power/swap.c
index d44f5937f1e5..8905c0438b64 100644
--- a/kernel/power/swap.c
+++ b/kernel/power/swap.c
@@ -552,7 +552,7 @@ static int save_image(struct swap_map_handle *handle,
hib_init_batch(&hb);
- pr_info("Saving image data pages (%u pages)...\n",
+ pr_err("Saving image data pages (%u pages)...\n",
nr_to_write);
m = nr_to_write / 10;
if (!m)
@@ -567,7 +567,7 @@ static int save_image(struct swap_map_handle *handle,
if (ret)
break;
if (!(nr_pages % m))
- pr_info("Image saving progress: %3d%%\n",
+ pr_err("Image saving progress: %3d%%\n",
nr_pages / m * 10);
nr_pages++;
}
@@ -577,7 +577,7 @@ static int save_image(struct swap_map_handle *handle,
if (!ret)
ret = err2;
if (!ret)
- pr_info("Image saving done\n");
+ pr_err("Image saving done\n");
swsusp_show_speed(start, stop, nr_to_write, "Wrote");
return ret;
}
@@ -767,8 +767,8 @@ static int save_image_lzo(struct swap_map_handle *handle,
*/
handle->reqd_free_pages = reqd_free_pages();
- pr_info("Using %u thread(s) for compression\n", nr_threads);
- pr_info("Compressing and saving image data (%u pages)...\n",
+ pr_err("Using %u thread(s) for compression\n", nr_threads);
+ pr_err("Compressing and saving image data (%u pages)...\n",
nr_to_write);
m = nr_to_write / 10;
if (!m)
@@ -789,7 +789,7 @@ static int save_image_lzo(struct swap_map_handle *handle,
data_of(*snapshot), PAGE_SIZE);
if (!(nr_pages % m))
- pr_info("Image saving progress: %3d%%\n",
+ pr_err("Image saving progress: %3d%%\n",
nr_pages / m * 10);
nr_pages++;
}
@@ -860,7 +860,7 @@ static int save_image_lzo(struct swap_map_handle *handle,
if (!ret)
ret = err2;
if (!ret)
- pr_info("Image saving done\n");
+ pr_err("Image saving done\n");
swsusp_show_speed(start, stop, nr_to_write, "Wrote");
out_clean:
hib_finish_batch(&hb);
@@ -1071,7 +1071,7 @@ static int load_image(struct swap_map_handle *handle,
hib_init_batch(&hb);
clean_pages_on_read = true;
- pr_info("Loading image data pages (%u pages)...\n", nr_to_read);
+ pr_err("Loading image data pages (%u pages)...\n", nr_to_read);
m = nr_to_read / 10;
if (!m)
m = 1;
@@ -1089,7 +1089,7 @@ static int load_image(struct swap_map_handle *handle,
if (ret)
break;
if (!(nr_pages % m))
- pr_info("Image loading progress: %3d%%\n",
+ pr_err("Image loading progress: %3d%%\n",
nr_pages / m * 10);
nr_pages++;
}
@@ -1099,7 +1099,7 @@ static int load_image(struct swap_map_handle *handle,
if (!ret)
ret = err2;
if (!ret) {
- pr_info("Image loading done\n");
+ pr_err("Image loading done\n");
snapshot_write_finalize(snapshot);
if (!snapshot_image_loaded(snapshot))
ret = -ENODATA;
@@ -1283,8 +1283,8 @@ static int load_image_lzo(struct swap_map_handle *handle,
}
want = ring_size = i;
- pr_info("Using %u thread(s) for decompression\n", nr_threads);
- pr_info("Loading and decompressing image data (%u pages)...\n",
+ pr_err("Using %u thread(s) for decompression\n", nr_threads);
+ pr_err("Loading and decompressing image data (%u pages)...\n",
nr_to_read);
m = nr_to_read / 10;
if (!m)
@@ -1414,7 +1414,7 @@ static int load_image_lzo(struct swap_map_handle *handle,
data[thr].unc + off, PAGE_SIZE);
if (!(nr_pages % m))
- pr_info("Image loading progress: %3d%%\n",
+ pr_err("Image loading progress: %3d%%\n",
nr_pages / m * 10);
nr_pages++;
@@ -1440,7 +1440,7 @@ static int load_image_lzo(struct swap_map_handle *handle,
}
stop = ktime_get();
if (!ret) {
- pr_info("Image loading done\n");
+ pr_err("Image loading done\n");
snapshot_write_finalize(snapshot);
if (!snapshot_image_loaded(snapshot))
ret = -ENODATA;

5
modules/system/nixpkgs/buildNixpkgsConfig.nix
View File

@@ -58,9 +58,10 @@ in platformConfig //
inherit genericPackages;
telegram-desktop = prev.telegram-desktop.override
{
unwrapped = prev.telegram-desktop.unwrapped.overrideAttrs (prev:
{ patches = prev.patches or [] ++ [ ./telegram.patch ]; });
unwrapped = prev.telegram-desktop.unwrapped.overrideAttrs
(prev: { patches = prev.patches or [] ++ [ ./telegram.patch ]; });
};
libvirt = prev.libvirt.overrideAttrs (prev: { patches = prev.patches or [] ++ [ ./libvirt.patch ]; });
}
// (
let

283
modules/system/nixpkgs/libvirt.patch Normal file
View File

@@ -0,0 +1,283 @@
diff --git a/src/network/network_iptables.c b/src/network/network_iptables.c
index e8da15426e..7b5080ae5f 100644
--- a/src/network/network_iptables.c
+++ b/src/network/network_iptables.c
@@ -744,13 +744,6 @@ iptablesForwardRejectIn(virFirewall *fw,
const char *iface,
iptablesAction action)
{
- virFirewallAddCmd(fw, layer,
- "--table", "filter",
- iptablesActionTypeToString(action),
- VIR_IPTABLES_FWD_IN_CHAIN,
- "--out-interface", iface,
- "--jump", "REJECT",
- NULL);
}
/**
diff --git a/tests/networkxml2firewalldata/forward-dev-linux.iptables b/tests/networkxml2firewalldata/forward-dev-linux.iptables
index bc483c4512..98be4b76ad 100644
--- a/tests/networkxml2firewalldata/forward-dev-linux.iptables
+++ b/tests/networkxml2firewalldata/forward-dev-linux.iptables
@@ -71,12 +71,6 @@ iptables \
iptables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-iptables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
diff --git a/tests/networkxml2firewalldata/isolated-linux.iptables b/tests/networkxml2firewalldata/isolated-linux.iptables
index 135189ce41..d2d29933aa 100644
--- a/tests/networkxml2firewalldata/isolated-linux.iptables
+++ b/tests/networkxml2firewalldata/isolated-linux.iptables
@@ -71,12 +71,6 @@ iptables \
iptables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-iptables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
@@ -90,12 +84,6 @@ ip6tables \
ip6tables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-ip6tables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
diff --git a/tests/networkxml2firewalldata/nat-default-linux.iptables b/tests/networkxml2firewalldata/nat-default-linux.iptables
index 3cfa61333c..5f401194ed 100644
--- a/tests/networkxml2firewalldata/nat-default-linux.iptables
+++ b/tests/networkxml2firewalldata/nat-default-linux.iptables
@@ -71,12 +71,6 @@ iptables \
iptables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-iptables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
diff --git a/tests/networkxml2firewalldata/nat-ipv6-linux.iptables b/tests/networkxml2firewalldata/nat-ipv6-linux.iptables
index ce295cbc6d..127ed35826 100644
--- a/tests/networkxml2firewalldata/nat-ipv6-linux.iptables
+++ b/tests/networkxml2firewalldata/nat-ipv6-linux.iptables
@@ -71,12 +71,6 @@ iptables \
iptables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-iptables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
@@ -90,12 +84,6 @@ ip6tables \
ip6tables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-ip6tables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
diff --git a/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.iptables b/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.iptables
index d78537dc5c..a87fe47480 100644
--- a/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.iptables
+++ b/tests/networkxml2firewalldata/nat-ipv6-masquerade-linux.iptables
@@ -71,12 +71,6 @@ iptables \
iptables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-iptables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
@@ -90,12 +84,6 @@ ip6tables \
ip6tables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-ip6tables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
diff --git a/tests/networkxml2firewalldata/nat-many-ips-linux.iptables b/tests/networkxml2firewalldata/nat-many-ips-linux.iptables
index ba7f234b82..9244705322 100644
--- a/tests/networkxml2firewalldata/nat-many-ips-linux.iptables
+++ b/tests/networkxml2firewalldata/nat-many-ips-linux.iptables
@@ -71,12 +71,6 @@ iptables \
iptables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-iptables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
diff --git a/tests/networkxml2firewalldata/nat-no-dhcp-linux.iptables b/tests/networkxml2firewalldata/nat-no-dhcp-linux.iptables
index 1e5aa05231..b4f86a256f 100644
--- a/tests/networkxml2firewalldata/nat-no-dhcp-linux.iptables
+++ b/tests/networkxml2firewalldata/nat-no-dhcp-linux.iptables
@@ -71,12 +71,6 @@ iptables \
iptables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-iptables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
@@ -90,12 +84,6 @@ ip6tables \
ip6tables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-ip6tables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
diff --git a/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.iptables b/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.iptables
index c2e845cc4f..139110d068 100644
--- a/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.iptables
+++ b/tests/networkxml2firewalldata/nat-port-range-ipv6-linux.iptables
@@ -71,12 +71,6 @@ iptables \
iptables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-iptables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
@@ -90,12 +84,6 @@ ip6tables \
ip6tables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-ip6tables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
diff --git a/tests/networkxml2firewalldata/nat-port-range-linux.iptables b/tests/networkxml2firewalldata/nat-port-range-linux.iptables
index 8e5c2c8193..0e7686359d 100644
--- a/tests/networkxml2firewalldata/nat-port-range-linux.iptables
+++ b/tests/networkxml2firewalldata/nat-port-range-linux.iptables
@@ -71,12 +71,6 @@ iptables \
iptables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-iptables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
@@ -90,12 +84,6 @@ ip6tables \
ip6tables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-ip6tables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
diff --git a/tests/networkxml2firewalldata/nat-tftp-linux.iptables b/tests/networkxml2firewalldata/nat-tftp-linux.iptables
index 565fff737c..3f2d1ccf5a 100644
--- a/tests/networkxml2firewalldata/nat-tftp-linux.iptables
+++ b/tests/networkxml2firewalldata/nat-tftp-linux.iptables
@@ -87,12 +87,6 @@ iptables \
iptables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-iptables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \
diff --git a/tests/networkxml2firewalldata/route-default-linux.iptables b/tests/networkxml2firewalldata/route-default-linux.iptables
index a7b969c077..866d65014e 100644
--- a/tests/networkxml2firewalldata/route-default-linux.iptables
+++ b/tests/networkxml2firewalldata/route-default-linux.iptables
@@ -71,12 +71,6 @@ iptables \
iptables \
-w \
--table filter \
---insert LIBVIRT_FWI \
---out-interface virbr0 \
---jump REJECT
-iptables \
--w \
---table filter \
--insert LIBVIRT_FWX \
--in-interface virbr0 \
--out-interface virbr0 \