Hi, sorry for the noise, I just want to follow up with the solution in case someone else runs into this problem and finds this thread. It turns out this is not a bug, but intended behaviour by iptables: If you have used nft to create the same tables that iptables uses, iptables-nft refuses to work with those. At some point I converted my iptables rules to nft rules using "iptables-translate", which ends up using the same namespace. In other words, the solution was to rename the tables in my firewall rules. Once again, thanks for your work on libvir! :) Best regards, Aljoscha
