On 1/11/21 1:55 PM, Aljoscha Lautenbach wrote:
Hi,
sorry for the noise, I just want to follow up with the solution in
case someone else runs into this problem and finds this thread.
It turns out this is not a bug, but intended behaviour by iptables: If
you have used nft to create the same tables that iptables uses,
iptables-nft refuses to work with those. At some point I converted my
iptables rules to nft rules using "iptables-translate", which ends up
using the same namespace. In other words, the solution was to rename
the tables in my firewall rules.
Interesting! Thanks so much for taking the often-forgotten step of
getting back to us with the new information! It will make it much easier
to deal with the next time someone reports the same problem.
Once again, thanks for your work on libvir! :)
Best regards,
Aljoscha