Adding an nftables backend in addition to iptables?
Aljoscha Lautenbach
aljoscha.lautenbach at gmail.com
Sat Nov 28 15:39:26 UTC 2020
Hi!
First of all, thanks for your work on libvirt, it is highly appreciated!
When I wanted to create a new VM using virt-manager on my Debian
Testing machine yesterday, I ran into the following problem:
~# virsh net-list --all
Name State Autostart Persistent
----------------------------------------------
default inactive yes yes
~# virsh net-start default
error: Failed to start network default
error: internal error: Failed to apply firewall rules
/usr/sbin/iptables --table filter --list-rules: iptables v1.8.6
(nf_tables): table `filter' is incompatible, use 'nft' tool.
It turns out the Debian package for iptables includes two versions of
iptables: iptables-nft and iptables-legacy. It looks like iptables-nft
has been the default in Debian for a while, which led to the error
above.
After setting iptables-legacy to be the default and restarting the
libvirtd service, everything worked as expected.
But it did make me wonder, are there any plans to add a backend for nftables?
Thanks,
Aljoscha
More information about the libvir-list
mailing list