Setting up a bridge network via `lxc network create <name>` adds firewall rules to ensure full functionality. It uses xtables if nftables isn't compatible or isn't in use already, otherwise it uses nftables.[1] To detect if nftables it parses the ruleset via `nft --json -nn list ruleset` and looks for existing rules.[2] Grepping through the project, the two backends seem to be interchangeable. I suggest adding a conditional expression to RDEPEND: `nftables? ( net-firewall/nftables[json] ) !nftables? ( net-firewall/ebtables net-firewall/ebtables ) `. [1] lxd/firewall/firewall_load.go [2] lxd/firewall/drivers/drivers_nftables.go Reproducible: Always
Sounds good. I assume so, but is this a problem with 5x series? the 4.0lts is only provided as a bridge to migrate to latest 5x series.
(In reply to Joonas Niilola from comment #1) > Sounds good. I assume so, but is this a problem with 5x series? the 4.0lts > is only provided as a bridge to migrate to latest 5x series. Sorry for the late reply. Yes, this is a problem in versions 5x.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=34661ada368076b6dfa3904d47102bad870b5595 commit 34661ada368076b6dfa3904d47102bad870b5595 Author: Lucio Sauer <watermanpaint@posteo.net> AuthorDate: 2023-10-16 11:44:40 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2023-10-16 13:22:18 +0000 app-containers/lxd: add missing nftables dependency At least one functional firewall implementation has to be present at runtime to setup a bridge network. Closes: https://bugs.gentoo.org/915650 Signed-off-by: Lucio Sauer <watermanpaint@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/33355 Signed-off-by: Joonas Niilola <juippis@gentoo.org> app-containers/lxd/lxd-4.0.9-r4.ebuild | 9 +++++++-- app-containers/lxd/lxd-5.0.2-r3.ebuild | 9 +++++++-- app-containers/lxd/lxd-5.17.ebuild | 9 +++++++-- app-containers/lxd/lxd-5.18.ebuild | 9 +++++++-- 4 files changed, 28 insertions(+), 8 deletions(-)
