[Pkg-libvirt-maintainers] Bug#1090355: libvirt-daemon-driver-network: Switch of firewall backend to nftables breaks NAT for guest machines

NoisyCoil noisycoil at tutanota.com
Fri Dec 20 09:28:32 GMT 2024


Package: libvirt-daemon-driver-network
Version: 10.10.0-3
Followup-For: Bug #1090355
X-Debbugs-Cc: noisycoil at tutanota.com

> This too is a known issue:
>
> https://fedoraproject.org/wiki/Changes/LibvirtVirtualNetworkNFTables#Known_issue:_non-firewalld_firewall_mgmt_tools

Confirmed. DHCP not working is how I first learned about this issue, and the
behavior I see is that described in [1]. With respect to distros, one of the
libvirt maintainers says:

> The immediate workaround is for anyone who uses UFW to tell libvirt to switch
> back to its iptables backend again. If UFW is Arch's default firewall tool,
> then Arch builds of libvirt should be made to set iptables as the default.

Debian has no default firewall, but ufw's popcon is 20990 vs firewalld's 5010.


[1] https://gitlab.com/libvirt/libvirt/-/issues/644



More information about the Pkg-libvirt-maintainers mailing list