On Fri, Feb 07, 2025 at 08:28:47AM -0800, Andrea Bolognani wrote: > On Fri, Feb 07, 2025 at 03:48:00PM +0000, Daniel P. Berrangé wrote: > > On Fri, Feb 07, 2025 at 07:44:02AM -0800, Andrea Bolognani wrote: > > > I'm not sure what Docker does either, but I can tell you for sure > > > that, at least on Debian, switching libvirt to the nftables backend > > > when Docker is installed makes guest connectivity break completely. > > > > > > Even if that turned out to be Docker's fault for not playing nice, > > > the fact would remain that we can't default to a configuration that > > > doesn't work when paired with such popular software. > > > > Would be interesting to know what docker was doing to break it, as > > it might be something silly that's overlooked & easily fixed. > > I wouldn't even know where to start to figure that out, but for > anyone interested reproducing the problem should be as easy as > installing Debian testing, installing docker, and changing the > libvirt network backend to nftables. I normally debug by inserting "-j LOG" rules at random places until I find the rule that's blocking the traffic. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
