Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#74552 - iptables-nft not compatible with virt-manager (libvirt)
Attached to Project:
Arch Linux
Opened by gudvinr (gudvinr) - Monday, 25 April 2022, 00:06 GMT
Last edited by Toolybird (Toolybird) - Tuesday, 18 October 2022, 05:09 GMT
Opened by gudvinr (gudvinr) - Monday, 25 April 2022, 00:06 GMT
Last edited by Toolybird (Toolybird) - Tuesday, 18 October 2022, 05:09 GMT
|
DetailsDescription:
iptables-nft shipped with archlinux is not fully replaces iptables. Which leads to virt-manager/libvirt not be able using its network capabilities. Additional info: core/iptables-nft 1:1.8.7-1 community/virt-manager 4.0.0-1 XML of default network configuration: <network> <name>default</name> <uuid>0f702a9c-fb1d-4747-9e56-03497621e660</uuid> <forward mode="nat"/> <bridge name="virbr0" stp="on" delay="0"/> <mac address="52:54:00:9e:34:24"/> <ip address="192.168.122.1" netmask="255.255.255.0"> <dhcp> <range start="192.168.122.2" end="192.168.122.254"/> </dhcp> </ip> </network> According to this libvirt issue iptables and iptables-nft both should work just fine in fedora: https://www.spinics.net/linux/fedora/libvir/msg212287.html This makes me think there's something wrong with iptables-nft in archlinux. Steps to reproduce: Try creating virtual machine (QEMU/KVM) with default network (NAT). Get an error: Could not start virtual network 'default': internal error: Failed to apply firewall rules /usr/bin/iptables -w --table filter --list-rules: iptables v1.8.7 (nf_tables): table `filter' is incompatible, use 'nft' tool. Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/device/netlist.py", line 208, in _check_network_is_running netobj.start() File "/usr/share/virt-manager/virtManager/object/libvirtobject.py", line 57, in newfn ret = fn(self, *args, **kwargs) File "/usr/share/virt-manager/virtManager/object/network.py", line 69, in start self._backend.create() File "/usr/lib/python3.10/site-packages/libvirt.py", line 3474, in create raise libvirtError('virNetworkCreate() failed') libvirt.libvirtError: internal error: Failed to apply firewall rules /usr/bin/iptables -w --table filter --list-rules: iptables v1.8.7 (nf_tables): table `filter' is incompatible, use 'nft' tool. |
This task depends upon
Closed by Toolybird (Toolybird)
Tuesday, 18 October 2022, 05:09 GMT
Reason for closing: Works for me
Tuesday, 18 October 2022, 05:09 GMT
Reason for closing: Works for me
We packages the latest iptables-nft, so there is not much I can do on the packaging side.
[1] https://wiki.archlinux.org/title/Libvirt