Hi Using 3.17.1 and setting up firewalls with nftables breaks networking when nft -f <somefile> is run in an systemd-nspawn instance. Please take a look at: https://bugs.freedesktop.org/show_bug.cgi?id=85464 The network gets setup correctly either by systemd-nspawn or manually via ip netns and all is okay until you try to load a firewall in the spawned instance with nftables. At this point the host's bridge interface stop responding. Load a nftable in the spawned client should NOT affect the host's networking. I like nftables and find them easier to use than iptables (or ipchains which dates me). Please fix this problem or stop nft from loading tables when not it the root namespace. I am willing to test fixes. Thanks, Ed Tomlinson -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
