libvirt: don't use iptables-nftables #109722
Conversation
|
I have found out what caused the problem. See #109332 (comment) |
|
@pmeiyu Thanks for digging into the problem more. Based on that, I think this pr (reverting back from iptables-nftables to iptables-legacy for now) seems right. You should be able to test it locally on nixos with something like: nixpkgs.overlays = [
(super: self: { libvirt = (import (builtins.fetchTarball "https://github.com/NixOS/nixpkgs/archive/066676b839a217f6b1b5d8ab05842604d33b7258.tar.gz") {}).libvirt; })
];in |
I have tested this code snippet and can confirm libvirt's firewall is back to normal. Thank you. @euank |
|
This is a semi-automatic executed nixpkgs-review which is checked by a human on a best effort basis and does not build all packages (e.g. lumo, tensorflow or pytorch). Result of 1 package built:
The following issues got detected with the above build packages. libvirt: Please consider this feature to be alpha. A substituteInPlace with an unused --replace got detected: Please check the offending substituteInPlace for typos or changes in source. |
euank
force-pushed
the
libvirt-ebtables-iptables
branch
from
066676b
to
690de2e
Compare
|
Thanks for running that / catching that issue, @SuperSandro2000; I updated the replace to match upstream quoting changes. |
I have hoped to catch such issues with that feature and the time I invested was already worth it! |
|
This is a semi-automatic executed nixpkgs-review which is checked by a human on a best effort basis and does not build all packages (e.g. lumo, tensorflow or pytorch). Result of 1 package failed to build and already failed to build on hydra master:
30 packages built:
|
|
In case you still want the extra data points: I had the same problem and this fixes it for me too. |
euank
force-pushed
the
libvirt-ebtables-iptables
branch
from
690de2e
to
67d7400
Compare
|
Rebased due to a merge conflict; the rebase was trivial, but I didn't rebuild the package yet since master right now has changes that basically require rebuilding the whole world, so I'll wait on hydra. |
|
@euank The changes got reverted I think. |
Per a comment on the PR that made this change, it turns out to cause issues in some cases: NixOS#109332 (comment) For now, let's revert back. Presumably the issues derive from the system iptables not matching libvirt's iptables. In the future, NixOS#81172 should move us back into the future, and I'm perfectly fine waiting for that PR to handle this separately.
euank
force-pushed
the
libvirt-ebtables-iptables
branch
from
67d7400
to
f0b1cdb
Compare
|
Ah, yup, thanks for the heads up @mohe2015! |
Motivation for this change
Per a comment on the PR that made this change, it turns out to cause
issues in some cases: #109332 (comment)
For now, let's revert back. Presumably the issues derive from the system
iptables not matching libvirt's iptables.
In the future, #81172 should move us back into the future, and I'm
perfectly fine waiting for that PR to handle this separately.
I'm marking this as a draft until I confirm this fixes the reporter's issue.
Things done
sandboxinnix.confon non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"./result/bin/)nix path-info -Sbefore and after)