I’m trying to use pretty much the default installation of libvirt / kvm on Fedora 32.
After installing libvirt, I’m trying to start up the
virsh net-start default.
But for some reason, there’s a number of chains which are missing, so it fails. For example the new rules which libvirt tries to load start with:
-A IN_libvirt_allow -p udp --dport 67 -m conntrack --ctstate NEW,UNTRACKED -j ACCEPT
But there’s no
I do have some libvirt related chains like
LIBVIRT_OUT, but I’m not sure which ones belong to libvirt and which ones to firewalld and how they’re supposed to work together.
What piece of setup am I missing?
Fedora 32 is the first Fedora release to switch to nftables. Libvirtd currently creates a mix of firewall rules by writing (legacy) iptables rules directly and asking firewalld to create the rules it needs. You (currently) must be using firewalld for libvirtd to work correctly on this distro.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.