Hi,
IOW, libvirt should "just work" with both iptables-legacy
and
iptables-nft - that's certainly the case on Fedora/RHEL, so I
wonder what's broken on Debian to cause this error message.
I see, thank you! Based on the error message I wrongly assumed that
this was an intentionally forced transition from iptables to nft...
I confirmed that the same invocation works fine on my Kali machine, so
it certainly looks like a Debian specific bug. Out of curiosity, I
built the same version that I tried on Kali (v1.8.5) directly from the
Netfilter git repo which gives me the same error. But it is linked to
the same libnftnl library, so a wild guess would be that there's a bug
in the Debian Testing version of libnftnl.
Anyway, that is clearly off-topic for this list, I will file a bug
report for the Debian package.
Thanks again,
Aljoscha