On 1/11/21 1:55 PM, Aljoscha Lautenbach wrote:
Hi, sorry for the noise, I just want to follow up with the solution in case someone else runs into this problem and finds this thread. It turns out this is not a bug, but intended behaviour by iptables: If you have used nft to create the same tables that iptables uses, iptables-nft refuses to work with those. At some point I converted my iptables rules to nft rules using "iptables-translate", which ends up using the same namespace. In other words, the solution was to rename the tables in my firewall rules.
Interesting! Thanks so much for taking the often-forgotten step of getting back to us with the new information! It will make it much easier to deal with the next time someone reports the same problem.
Once again, thanks for your work on libvir! :) Best regards, Aljoscha
