FS#62249 - firewalld] 0.6.3-3 backend breaks libvirt NAT
Attached to Project:
Community Packages
Opened by ILMostro (ILMostro) - Saturday, 06 April 2019, 01:10 GMT
Last edited by freswa (frederik) - Wednesday, 06 May 2020, 17:10 GMT
Opened by ILMostro (ILMostro) - Saturday, 06 April 2019, 01:10 GMT
Last edited by freswa (frederik) - Wednesday, 06 May 2020, 17:10 GMT
|
Details
Description:
the new nftables default backend breaks libvirt NAT The workaround is to set "FirewallBackend=iptables" in "/etc/firewalld/firewall.conf". Upstream bug report https://bugzilla.redhat.com/show_bug.cgi?id=1638342 Additional info: * package version(s) * config and/or log files etc. * link to upstream bug report, if any Steps to reproduce: |
This task depends upon
Closed by freswa (frederik)
Wednesday, 06 May 2020, 17:10 GMT
Reason for closing: Fixed
Additional comments about closing: libvirt 5.3.0-1
Wednesday, 06 May 2020, 17:10 GMT
Reason for closing: Fixed
Additional comments about closing: libvirt 5.3.0-1
The default setting in firewalld results in the following error in libvirtd (version 5.2.0).
libvirtd[15824]: internal error: firewalld is set to use the nftables backend, but the required firewalld 'libvirt' zone is missing. Either set the firewalld backend to 'iptables', or ensure that firewalld has a 'libvirt' zone by upgrading
firewalld to a version supporting rule priorities (0.7.0+) and/or rebuilding libvirt with --with-firewalld-zone
Whereas the firewalld service reports
firewalld[18344]: ERROR: Failed to load zone file '/usr/lib/firewalld/zones/libvirt.xml': PARSE_ERROR: rule: Unexpected attribute priority
FS#62219FS#64803is actioned.