Sorry if my question is stupid, I not sure the following is relevant, but just want to help in case it is.
I am running debian bookworm, and face the issue where after removing iptables (wanted to use only nftables) I got my VMs not working anymore, as virtual network could not start with the following error :
Code: Select all
$ sudo virsh net-start default
erreur :Impossible de démarrer le réseau default
erreur :internal error: Failed to apply firewall rules /usr/sbin/iptables -w --table filter --list-rules: libvirt: erreur : cannot execute binary /usr/sbin/iptables: Aucun fichier ou dossier de ce type
My question is about dependency and ability to remove iptables without any warning about libvirt.
If I look at libvirt-daemon-system depedency :
Code: Select all
Depends: adduser, gettext-base, iptables | firewalld, libvirt-clients (= 8.5.0-1), libvirt-daemon (= 8.5.0-1), libvirt-daemon-config-network (= 8.5.0-1), libvirt-daemon-config-nwfilter (= 8.5.0-1), libvirt-daemon-system-systemd (= 8.5.0-1) | libvirt-daemon-system-sysv (= 8.5.0-1), logrotate, policykit-1, debconf (>= 0.5) | debconf-2.0
It says "iptables] OR firewalld" ...
So I don't know if this is relevant to create a bug : When removing iptables, a warning should be raised if libvirt-daemon-system is installed on the system. More than this (but may be related), the dependency displayed should be not be "iptables | firewalld" as "iptables" is clearly required to create netfilter rules.
Hope that helps.