Re: iptables support for Debian 11 PV domu's

[Mathias Dufresne <mathias.dufresne@xxxxxxxxx>]

Hey,

As nft seems to me mainly coming from modules (and because seems to be installed), I would check the kernel of guests: which one is loaded, how, does it comes with nft modules....

Cheers,

mathias

Le lun. 4 oct. 2021 à 03:25, TMC <tmciolek@xxxxxxxxx> a écrit :

did you install iptables in your debian 11 VM?

On Mon, 4 Oct 2021 at 11:09, Chris Myers <chrismyers81@xxxxxxxxx> wrote:

I'm working on upgrading my Xen environments from Debian 10 to 11. Today I tried one of my dom0's and that seemed to go fine, so I tried a couple of domu's. That didn't go quite so well; when they started up the networking wouldn't start.

Doing some checks, the error message was that it was in the pre-up scripts, which I've only got one thing - restoring the iptables rulesets.

Trying to do a generic iptables -V gives the generic message

iptables/1.8.7 Failed to initialize nft: Protocol not supported

I ran the same command on the dom0 and it worked correctly.

I'm restoring my domu snapshots to revert them back to Debian 10, but was curious - is there a way to get the regular iptables-nft stuff to work in a Debian 11 pv domu, or do I need to start migrating over all of my firewall rules (hundreds of them, with some really complex stuff set up that I'm not ready to have break and try to fix...) before I can upgrade my VMs?

Chris

--

--
GPG key fingerprint: 07DF B95B DB58 57B6 9656  682E 830A D092 288E F017
GPG public key available on pgp(dot)net key server