Hi, > IOW, libvirt should "just work" with both iptables-legacy and > iptables-nft - that's certainly the case on Fedora/RHEL, so I > wonder what's broken on Debian to cause this error message. I see, thank you! Based on the error message I wrongly assumed that this was an intentionally forced transition from iptables to nft... I confirmed that the same invocation works fine on my Kali machine, so it certainly looks like a Debian specific bug. Out of curiosity, I built the same version that I tried on Kali (v1.8.5) directly from the Netfilter git repo which gives me the same error. But it is linked to the same libnftnl library, so a wild guess would be that there's a bug in the Debian Testing version of libnftnl. Anyway, that is clearly off-topic for this list, I will file a bug report for the Debian package. Thanks again, Aljoscha
