Public bug reported:

I use the firewalld package to manage my firewall configuration. I just
installed the libvirt-daemon set of packages (see below) and libvirtd
registers this error in the journal:

libvirtd[1063]: internal error: firewalld is set to use the nftables
backend, but the required firewalld 'libvirt' zone is missing. Either
set the firewalld backend to 'iptables', or ensure that firewalld has a
'libvirt' zone by upgrading firewalld to a version supporting rule
priorities (0.7.0+) and/or rebuilding libvirt with --with-firewalld-zone

Looking at the firewalld status there is indeed no 'libvirt' zone so the
problem reported is real.

As I understand it, the 'iptables' firewalld backend has been deprecated
a couple of years ago in favor of the 'nftables' backend, so setting the
backend to a deprecated one isn't a good solution.

In the libvirt package's debian/rules I see:

WITH_FIREWALLD            = -Dfirewalld=disabled

So firewalld support is indeed disabled in Ubuntu.

Could you please enable it?

This is on Ubuntu 21.04.

Relevant package versions:

firewalld                                        0.9.3-2ubuntu1
libvirt-daemon                                   7.0.0-2ubuntu2
libvirt-daemon-config-network                    7.0.0-2ubuntu2
libvirt-daemon-config-nwfilter                   7.0.0-2ubuntu2
libvirt-daemon-driver-qemu                       7.0.0-2ubuntu2
libvirt-daemon-system                            7.0.0-2ubuntu2
libvirt-daemon-system-systemd                    7.0.0-2ubuntu2

** Affects: libvirt (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1928113

Title:
  Please enable firewalld support in libvirtd

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1928113/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to