Right, I've sent a tweak to LXD upstream to detect such kernel setup and fallback to xtables, but that's obviously not a situation we'd like to rely on.
nftables is the current supported way of doing firewalling and is what Ubuntu uses by default (through shim packages) as of 20.04, so we need to ensure that all our kernels support it. Easy fix would be to align CONFIG_NFT* to what we have in generic. If that increases size too much, then I guess we can look at trimming things a bit to only include the usually bits we need (ipv4, ipv6, nat, mangling, mac filtering, ...). -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux-kvm in Ubuntu. https://bugs.launchpad.net/bugs/1881346 Title: linux-kvm should support nftables Status in linux-kvm package in Ubuntu: New Bug description: LXD can't use nftables on the latest linux-kvm kernels for eoan, focal, and groovy: - groovy: 5.4.0.1009.9 - focal: 5.4.0-1011.11 - eoan: 5.3.0.1017.19 LXD detects that nft tools are available, and nft tables can be listed; however, trying to create a new table or rule fails. Because of this, LXD has to fall back on xtables, which is a legacy package. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux-kvm/+bug/1881346/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
