Hi,
I have last week discussed breakage in nwfilter usage on IRC
<filterref filter='clean-traffic'>
<parameter name='CTRL_IP_LEARNING' value='dhcp'/>
</filterref>
virsh start <guest>
error: Failed to start domain <guest>
error: internal error: applyDHCPOnlyRules failed - spoofing not protect
With debug in the logs enabled I got confirmation by Daniel (thanks!)
that the command sequence libvirt issued looked kind of "normal".
Hereby I wanted to let you know that some further debugging identified
a part of the sequence that libvirt issues as being broken in recent
ebtables versions.
# ebtables --concurrent -t nat -N testrule3
# ebtables --concurrent -t nat -E testrule3 testrule3-renamed
ebtables v1.8.6 (nf_tables): Chain 'testrule3' doesn't exists
This led to upstream ebtables bug [1] - for now just FYI in case you
want/need to subscribe for your own tracking.
[1]: https://bugzilla.netfilter.org/show_bug.cgi?id=1481
--
Christian Ehrhardt
Staff Engineer, Ubuntu Server
Canonical Ltd
