[Pkg-libvirt-maintainers] Bug#913633: libvirt-daemon: libvirt NAT firewall rules broken when firewalld runs (with FirewallBackend=nftables)

Tue Nov 13 09:21:39 GMT 2018

Package: libvirt-daemon
Version: 4.7.0-1+b1
Severity: normal
Tags: upstream

Dear Maintainer,

when both firewalld and libvirt are installed, libvirt guests using NAT do not
have internet access.  The problem is that libvirt is not compatible (yet) with
firewalld's new nftables backend.

Also see <https://github.com/firewalld/firewalld/issues/397> and
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909574>.

Kind regards,
Ralf

-- System Information:
Debian Release: buster/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable-debug'), (500, 'testing-debug'), (100, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.18.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libvirt-daemon depends on:
ii  libacl1             2.2.52-3+b1
ii  libapparmor1        2.13.1-3+b1
ii  libaudit1           1:2.8.4-2
ii  libavahi-client3    0.7-4+b1
ii  libavahi-common3    0.7-4+b1
ii  libblkid1           2.32.1-0.1
ii  libc6               2.27-8
ii  libcap-ng0          0.7.9-1
ii  libcurl3-gnutls     7.61.0-1
ii  libdbus-1-3         1.12.10-1
ii  libdevmapper1.02.1  2:1.02.145-4.1
ii  libfuse2            2.9.8-2
ii  libgcc1             1:8.2.0-9
ii  libgnutls30         3.5.19-1+b1
ii  libnetcf1           1:0.2.8-1+b2
ii  libnl-3-200         3.4.0-1
ii  libnl-route-3-200   3.4.0-1
ii  libnuma1            2.0.12-1
ii  libparted2          3.2-23
ii  libpcap0.8          1.8.1-6
ii  libpciaccess0       0.14-1
ii  libsasl2-2          2.1.27~rc8-1
ii  libselinux1         2.8-1+b1
ii  libssh2-1           1.8.0-2
ii  libudev1            239-11
ii  libvirt0            4.7.0-1+b1
ii  libxenmisc4.11      4.11.1~pre.20180911.5acdd26fdc+dfsg-5
ii  libxenstore3.0      4.11.1~pre.20180911.5acdd26fdc+dfsg-5
ii  libxentoollog1      4.11.1~pre.20180911.5acdd26fdc+dfsg-5
ii  libxml2             2.9.4+dfsg1-7+b1
ii  libyajl2            2.1.0-3

Versions of packages libvirt-daemon recommends:
ii  libxml2-utils   2.9.4+dfsg1-7+b1
ii  netcat-openbsd  1.195-1
ii  qemu-kvm        1:2.12+dfsg-3+b1

Versions of packages libvirt-daemon suggests:
pn  libvirt-daemon-driver-storage-gluster   <none>
pn  libvirt-daemon-driver-storage-rbd       <none>
pn  libvirt-daemon-driver-storage-sheepdog  <none>
pn  libvirt-daemon-driver-storage-zfs       <none>
ii  libvirt-daemon-system                   4.7.0-1+b1
pn  numad                                   <none>

-- no debconf information