I’ve been running a couple VPS with debian 12 / bookworm + zabbly kernal + incus for a couple years. All has been wonderful, thank you!
I discovered the incus containers were not not running after the update from 6.2.3 to 7.0.0.
Turns out it’s failing to consume my nftables.conf files now. Stripping the firewall to a bare boiler plate and incus 7.0.0 seems to hum along fine.
My firewalls are somewhat complex (~35KB) and I have not dug into them yet to figure out what incus 7.0.0 fails on.
The log shows:
time=“2026-05-08T00:01:08Z” level=error msg=“Failed initializing network” err=“Failed starting: Failed clearing firewall: Failed clearing nftables rules for network "incusbr0": unexpected EOF” network=incusbr0 project=default
time=“2026-05-08T14:32:46Z” level=warning msg=“Firewall detected "nftables" incompatibility (some features may not work as expected): Failed parsing nftables existing ruleset: unexpected EOF”
..tried a few basic things:
- started a container w/boilerplate .nft and started the container
- reloaded my nftables file that incus has trouble with
- restarted incus, container running fine with my rules (lacks “table inet incus” however)
- stop container, restart presents the error again
I found the trouble.
Incus 7.0.0 isn’t able to handle the “comment” keyword. Not a problem in 6.2.3 for whatever reason.
EG:
table inet com-ment {
comment "just chill - Container Server" # boo
flags dormant
}
work-around – add a leading hash/comment the “comment” line (works with other tables I have but the above example I needed to hash/comment the “flags dormant” also for incus 7.0.0)
FYI: the comment keyword is a nice feature to allow adding notes, etc. for view when using “nft list ruleset”