[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
nwfilter issue with new ebtables
- From: Christian Ehrhardt <christian ehrhardt canonical com>
- To: "Daniel P. Berrange" <berrange redhat com>, Libvirt Devel <libvir-list redhat com>
- Subject: nwfilter issue with new ebtables
- Date: Mon, 16 Nov 2020 08:01:21 +0100
Hi,
I have last week discussed breakage in nwfilter usage on IRC
<filterref filter='clean-traffic'>
<parameter name='CTRL_IP_LEARNING' value='dhcp'/>
</filterref>
virsh start <guest>
error: Failed to start domain <guest>
error: internal error: applyDHCPOnlyRules failed - spoofing not protect
With debug in the logs enabled I got confirmation by Daniel (thanks!)
that the command sequence libvirt issued looked kind of "normal".
Hereby I wanted to let you know that some further debugging identified
a part of the sequence that libvirt issues as being broken in recent
ebtables versions.
# ebtables --concurrent -t nat -N testrule3
# ebtables --concurrent -t nat -E testrule3 testrule3-renamed
ebtables v1.8.6 (nf_tables): Chain 'testrule3' doesn't exists
This led to upstream ebtables bug [1] - for now just FYI in case you
want/need to subscribe for your own tracking.
[1]: https://bugzilla.netfilter.org/show_bug.cgi?id=1481
--
Christian Ehrhardt
Staff Engineer, Ubuntu Server
Canonical Ltd
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]