On Wed, Jan 29, 2025 at 12:24:47PM -0500, Laine Stump wrote: > On 1/29/25 8:39 AM, oza.4h07@xxxxxxxxx wrote: > (BTW, if your distro has libvirt 10.4.0 or newer, you can tell it to use > nftables rules rather than iptables - just add: > > firewall_backend = "nftables" > > to /etc/libvirt/network.conf) Debian 12 doesn't come with a new enough libvirt version anyway, but FYI a few months back I switched the default backend in Debian to nftables (matching Fedora) only to walk back the decision after getting several reports of it breaking software that's just too popular to ignore. See [1] for more details. I don't expect that Debian will be able to move off the iptables backend any time soon, at least when it comes to the default. Changing the backend on a per-system basis is of course totally possible, as long as you understand the caveats. [1] https://bugs.debian.org/1090355 -- Andrea Bolognani / Red Hat / Virtualization
