Incus and network

Bahman · April 17, 2024, 8:25am

Today was en incus update on ubuntu 22. after update, missing network. it’s not possible to get ip to incus. i don’t now what update was? HELP

Bahman · April 17, 2024, 8:30am

it was that one : Upgrade: incus-client:amd64 (6.0-202404040310-ubuntu22.04, 1:6.0-202404162314-ubuntu22.04), incus:amd64 (6.0-202404040310-ubuntu22.04, 1:6.0-202404162314-ubuntu22.04), incus-base:amd64 (6.0-202404040310-ubuntu22.04, 1:6.0-202404162314-ubuntu22.04)
End-Date: 2024-04-17 08:43:50

Bahman · April 17, 2024, 8:59am

here is my incus network.
config:
ipv4.address: 10.9.71.1/24
ipv4.nat: “true”
description: “”
name: incusbr0
type: bridge
used_by:

/1.0/profiles/default
/1.0/profiles/windows
/1.0/instances/zabbix
/1.0/instances/graylog
/1.0/instances/graylog2
/1.0/instances/min11
/1.0/instances/ubuntu22
managed: true
status: Created
locations:
none

stgraber · April 17, 2024, 2:05pm

Do you have Docker installed on your system?

Bahman · April 17, 2024, 2:07pm

no.

stgraber · April 17, 2024, 2:10pm

Okay, please show:

sudo iptables -L -n -v
sudo ip6tables -L -n -v
sudo nft list ruleset
cat /var/log/incus/incusd.log

Bahman · April 17, 2024, 2:17pm

sudo iptables -L -n -v
Chain INPUT (policy DROP 7 packets, 2224 bytes)
pkts bytes target prot opt in out source destination
301K 449M ufw-before-logging-input all – * * 0.0.0.0/0 0.0.0.0/0
301K 449M ufw-before-input all – * * 0.0.0.0/0 0.0.0.0/0
563 97502 ufw-after-input all – * * 0.0.0.0/0 0.0.0.0/0
23 3408 ufw-after-logging-input all – * * 0.0.0.0/0 0.0.0.0/0
23 3408 ufw-reject-input all – * * 0.0.0.0/0 0.0.0.0/0
23 3408 ufw-track-input all – * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ufw-before-logging-forward all – * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-before-forward all – * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-after-forward all – * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-after-logging-forward all – * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-reject-forward all – * * 0.0.0.0/0 0.0.0.0/0
0 0 ufw-track-forward all – * * 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 122 packets, 6660 bytes)
pkts bytes target prot opt in out source destination
224K 86M ufw-before-logging-output all – * * 0.0.0.0/0 0.0.0.0/0
224K 86M ufw-before-output all – * * 0.0.0.0/0 0.0.0.0/0
17814 3704K ufw-after-output all – * * 0.0.0.0/0 0.0.0.0/0
17814 3704K ufw-after-logging-output all – * * 0.0.0.0/0 0.0.0.0/0
17814 3704K ufw-reject-output all – * * 0.0.0.0/0 0.0.0.0/0
17814 3704K ufw-track-output all – * * 0.0.0.0/0 0.0.0.0/0

Chain ufw-after-forward (1 references)
pkts bytes target prot opt in out source destination

Chain ufw-after-input (1 references)
pkts bytes target prot opt in out source destination
265 24054 ufw-skip-to-policy-input udp – * * 0.0.0.0/0 0.0.0.0/0 udp dpt:137
225 54951 ufw-skip-to-policy-input udp – * * 0.0.0.0/0 0.0.0.0/0 udp dpt:138
0 0 ufw-skip-to-policy-input tcp – * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:139
0 0 ufw-skip-to-policy-input tcp – * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:445
45 14276 ufw-skip-to-policy-input udp – * * 0.0.0.0/0 0.0.0.0/0 udp dpt:67
0 0 ufw-skip-to-policy-input udp – * * 0.0.0.0/0 0.0.0.0/0 udp dpt:68
5 813 ufw-skip-to-policy-input all – * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all – * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-input (1 references)
pkts bytes target prot opt in out source destination
7 2224 LOG all – * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-after-logging-output (1 references)
pkts bytes target prot opt in out source destination

Chain ufw-after-output (1 references)
pkts bytes target prot opt in out source destination

Chain ufw-before-forward (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all – * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT icmp – * * 0.0.0.0/0 0.0.0.0/0 icmptype 3
0 0 ACCEPT icmp – * * 0.0.0.0/0 0.0.0.0/0 icmptype 11
0 0 ACCEPT icmp – * * 0.0.0.0/0 0.0.0.0/0 icmptype 12
0 0 ACCEPT icmp – * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
0 0 ufw-user-forward all – * * 0.0.0.0/0 0.0.0.0/0

Chain ufw-before-input (1 references)
pkts bytes target prot opt in out source destination
33486 17M ACCEPT all – lo * 0.0.0.0/0 0.0.0.0/0
265K 431M ACCEPT all – * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
1348 1210K ufw-logging-deny all – * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
1348 1210K DROP all – * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID
0 0 ACCEPT icmp – * * 0.0.0.0/0 0.0.0.0/0 icmptype 3
0 0 ACCEPT icmp – * * 0.0.0.0/0 0.0.0.0/0 icmptype 11
0 0 ACCEPT icmp – * * 0.0.0.0/0 0.0.0.0/0 icmptype 12
0 0 ACCEPT icmp – * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
0 0 ACCEPT udp – * * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
1319 189K ufw-not-local all – * * 0.0.0.0/0 0.0.0.0/0
763 91052 ACCEPT udp – * * 0.0.0.0/0 224.0.0.251 udp dpt:5353
9 1944 ACCEPT udp – * * 0.0.0.0/0 239.255.255.250 udp dpt:1900
547 96318 ufw-user-input all – * * 0.0.0.0/0 0.0.0.0/0

Chain ufw-before-logging-forward (1 references)
pkts bytes target prot opt in out source destination

Chain ufw-before-logging-input (1 references)
pkts bytes target prot opt in out source destination

Chain ufw-before-logging-output (1 references)
pkts bytes target prot opt in out source destination

Chain ufw-before-output (1 references)
pkts bytes target prot opt in out source destination
33490 17M ACCEPT all – * lo 0.0.0.0/0 0.0.0.0/0
173K 65M ACCEPT all – * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
17797 3703K ufw-user-output all – * * 0.0.0.0/0 0.0.0.0/0

Chain ufw-logging-allow (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all – * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "

Chain ufw-logging-deny (2 references)
pkts bytes target prot opt in out source destination
736 663K RETURN all – * * 0.0.0.0/0 0.0.0.0/0 ctstate INVALID limit: avg 3/min burst 10
292 264K LOG all – * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references)
pkts bytes target prot opt in out source destination
6 2188 RETURN all – * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type LOCAL
773 93032 RETURN all – * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type MULTICAST
540 94094 RETURN all – * * 0.0.0.0/0 0.0.0.0/0 ADDRTYPE match dst-type BROADCAST
0 0 ufw-logging-deny all – * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 10
0 0 DROP all – * * 0.0.0.0/0 0.0.0.0/0

Chain ufw-reject-forward (1 references)
pkts bytes target prot opt in out source destination

Chain ufw-reject-input (1 references)
pkts bytes target prot opt in out source destination

Chain ufw-reject-output (1 references)
pkts bytes target prot opt in out source destination

Chain ufw-skip-to-policy-forward (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all – * * 0.0.0.0/0 0.0.0.0/0

Chain ufw-skip-to-policy-input (7 references)
pkts bytes target prot opt in out source destination
540 94094 DROP all – * * 0.0.0.0/0 0.0.0.0/0

Chain ufw-skip-to-policy-output (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all – * * 0.0.0.0/0 0.0.0.0/0

Chain ufw-track-forward (1 references)
pkts bytes target prot opt in out source destination

Chain ufw-track-input (1 references)
pkts bytes target prot opt in out source destination

Chain ufw-track-output (1 references)
pkts bytes target prot opt in out source destination
4544 273K ACCEPT tcp – * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW
13135 3424K ACCEPT udp – * * 0.0.0.0/0 0.0.0.0/0 ctstate NEW

Chain ufw-user-forward (1 references)
pkts bytes target prot opt in out source destination

Chain ufw-user-input (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp – * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5140
0 0 ACCEPT udp – * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5140

Chain ufw-user-limit (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all – * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
0 0 REJECT all – * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all – * * 0.0.0.0/0 0.0.0.0/0

Chain ufw-user-logging-forward (0 references)
pkts bytes target prot opt in out source destination

Chain ufw-user-logging-input (0 references)
pkts bytes target prot opt in out source destination

Chain ufw-user-logging-output (0 references)
pkts bytes target prot opt in out source destination

Chain ufw-user-output (1 references)
pkts bytes target prot opt in out source destination

sudo ip6tables -L -n -v
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
86 12491 ufw6-before-logging-input all * * ::/0 ::/0
86 12491 ufw6-before-input all * * ::/0 ::/0
0 0 ufw6-after-input all * * ::/0 ::/0
0 0 ufw6-after-logging-input all * * ::/0 ::/0
0 0 ufw6-reject-input all * * ::/0 ::/0
0 0 ufw6-track-input all * * ::/0 ::/0

Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ufw6-before-logging-forward all * * ::/0 ::/0
0 0 ufw6-before-forward all * * ::/0 ::/0
0 0 ufw6-after-forward all * * ::/0 ::/0
0 0 ufw6-after-logging-forward all * * ::/0 ::/0
0 0 ufw6-reject-forward all * * ::/0 ::/0
0 0 ufw6-track-forward all * * ::/0 ::/0

Chain OUTPUT (policy ACCEPT 20 packets, 2060 bytes)
pkts bytes target prot opt in out source destination
118 16509 ufw6-before-logging-output all * * ::/0 ::/0
118 16509 ufw6-before-output all * * ::/0 ::/0
108 15861 ufw6-after-output all * * ::/0 ::/0
108 15861 ufw6-after-logging-output all * * ::/0 ::/0
108 15861 ufw6-reject-output all * * ::/0 ::/0
108 15861 ufw6-track-output all * * ::/0 ::/0

Chain ufw6-after-forward (1 references)
pkts bytes target prot opt in out source destination

Chain ufw6-after-input (1 references)
pkts bytes target prot opt in out source destination
0 0 ufw6-skip-to-policy-input udp * * ::/0 ::/0 udp dpt:137
0 0 ufw6-skip-to-policy-input udp * * ::/0 ::/0 udp dpt:138
0 0 ufw6-skip-to-policy-input tcp * * ::/0 ::/0 tcp dpt:139
0 0 ufw6-skip-to-policy-input tcp * * ::/0 ::/0 tcp dpt:445
0 0 ufw6-skip-to-policy-input udp * * ::/0 ::/0 udp dpt:546
0 0 ufw6-skip-to-policy-input udp * * ::/0 ::/0 udp dpt:547

Chain ufw6-after-logging-forward (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all * * ::/0 ::/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw6-after-logging-input (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all * * ::/0 ::/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw6-after-logging-output (1 references)
pkts bytes target prot opt in out source destination

Chain ufw6-after-output (1 references)
pkts bytes target prot opt in out source destination

Chain ufw6-before-forward (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all * * ::/0 ::/0 rt type:0
0 0 ACCEPT all * * ::/0 ::/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 1
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 2
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 3
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 4
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 128
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 129
0 0 ufw6-user-forward all * * ::/0 ::/0

Chain ufw6-before-input pkts bytes target 0 0 ACCEPT all 0 0 DROP all 0 0 ACCEPT all 0 0 ACCEPT icmpv6 * 0 0 ufw6-logging-deny all 0 0 DROP all 0 0 ACCEPT icmpv6 * 0 0 ACCEPT icmpv6 * 0 0 ACCEPT icmpv6 * 0 0 ACCEPT icmpv6 * 0 0 ACCEPT icmpv6 * 0 0 ACCEPT icmpv6 * 0 0 ACCEPT icmpv6 * 0 0 ACCEPT icmpv6 * 0 0 ACCEPT icmpv6 * 0 0 ACCEPT icmpv6 * 0 0 ACCEPT icmpv6 * 0 0 ACCEPT icmpv6 * 0 0 ACCEPT icmpv6 * 0 0 ACCEPT icmpv6 * 0 0 ACCEPT icmpv6 * 0 0 ACCEPT icmpv6 * 0 0 ACCEPT icmpv6 * 0 0 ACCEPT icmpv6 * 0 0 ACCEPT icmpv6 * 0 0 ACCEPT icmpv6 * 0 0 ACCEPT icmpv6 * 0 0 ACCEPT icmpv6 * 0 0 ACCEPT icmpv6 * 0 0 ACCEPT icmpv6 * 0 0 ACCEPT udp 86 12491 ACCEPT udp 0 0 ACCEPT udp 0 0 ufw6-user-input all (1 references)
prot opt in out source destination
lo * ::/0 ::/0
* * ::/0 ::/0 rt type:0
* * ::/0 ::/0 ctstate RELATED,ESTABLISHED
* ::/0 ::/0 ipv6-icmptype 129
* * ::/0 ::/0 ctstate INVALID
* * ::/0 ::/0 ctstate INVALID
* ::/0 ::/0 ipv6-icmptype 1
* ::/0 ::/0 ipv6-icmptype 2
* ::/0 ::/0 ipv6-icmptype 3
* ::/0 ::/0 ipv6-icmptype 4
* ::/0 ::/0 ipv6-icmptype 128
* ::/0 ::/0 ipv6-icmptype 133 HL match HL == 255
* ::/0 ::/0 ipv6-icmptype 134 HL match HL == 255
* ::/0 ::/0 ipv6-icmptype 135 HL match HL == 255
* ::/0 ::/0 ipv6-icmptype 136 HL match HL == 255
* ::/0 ::/0 ipv6-icmptype 141 HL match HL == 255
* ::/0 ::/0 ipv6-icmptype 142 HL match HL == 255
* fe80::/10 ::/0 ipv6-icmptype 130
* fe80::/10 ::/0 ipv6-icmptype 131
* fe80::/10 ::/0 ipv6-icmptype 132
* fe80::/10 ::/0 ipv6-icmptype 143
* ::/0 ::/0 ipv6-icmptype 148 HL match HL == 255
* ::/0 ::/0 ipv6-icmptype 149 HL match HL == 255
* fe80::/10 ::/0 ipv6-icmptype 151 HL match HL == 1
* fe80::/10 ::/0 ipv6-icmptype 152 HL match HL == 1
* fe80::/10 ::/0 ipv6-icmptype 153 HL match HL == 1
* ::/0 ::/0 ipv6-icmptype 144
* ::/0 ::/0 ipv6-icmptype 145
* ::/0 ::/0 ipv6-icmptype 146
* ::/0 ::/0 ipv6-icmptype 147
* * fe80::/10 fe80::/10 udp spt:547 dpt:546
* * ::/0 ff02::fb udp dpt:5353
* * ::/0 ff02::f udp dpt:1900
* * ::/0 ::/0

Chain ufw6-before-logging-forward (1 references)
pkts bytes target prot opt in out source destination

Chain ufw6-before-logging-input (1 references)
pkts bytes target prot opt in out source destination

Chain ufw6-before-logging-output (1 references)
pkts bytes target prot opt in out source destination

Chain ufw6-before-output (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all * lo ::/0 ::/0
0 0 DROP all * * ::/0 ::/0 rt type:0
0 0 ACCEPT all * * ::/0 ::/0 ctstate RELATED,ESTABLISHED
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 1
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 2
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 3
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 4
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 128
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 129
6 288 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 133 HL match HL == 255
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 136 HL match HL == 255
1 72 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 135 HL match HL == 255
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 134 HL match HL == 255
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 141 HL match HL == 255
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 142 HL match HL == 255
0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 130
0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 131
0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 132
3 288 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 143
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 148 HL match HL == 255
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 149 HL match HL == 255
0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 151 HL match HL == 1
0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 152 HL match HL == 1
0 0 ACCEPT icmpv6 * * fe80::/10 ::/0 ipv6-icmptype 153 HL match HL == 1
108 15861 ufw6-user-output all * * ::/0 ::/0

Chain ufw6-logging-allow (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all * * ::/0 ::/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW ALLOW] "

Chain ufw6-logging-deny (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all * * ::/0 ::/0 ctstate INVALID limit: avg 3/min burst 10
0 0 LOG all * * ::/0 ::/0 limit: avg 3/min burst 10 LOG flags 0 level 4 prefix "[UFW BLOCK] "

Chain ufw6-reject-forward (1 references)
pkts bytes target prot opt in out source destination

Chain ufw6-reject-input (1 references)
pkts bytes target prot opt in out source destination

Chain ufw6-reject-output (1 references)
pkts bytes target prot opt in out source destination

Chain ufw6-skip-to-policy-forward (0 references)
pkts bytes target prot opt in out source destination
0 0 DROP all * * ::/0 ::/0

Chain ufw6-skip-to-policy-input (6 references)
pkts bytes target prot opt in out source destination
0 0 DROP all * * ::/0 ::/0

Chain ufw6-skip-to-policy-output (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all * * ::/0 ::/0

Chain ufw6-track-forward (1 references)
pkts bytes target prot opt in out source destination

Chain ufw6-track-input (1 references)
pkts bytes target prot opt in out source destination

Chain ufw6-track-output (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp * * ::/0 ::/0 ctstate NEW
88 13801 ACCEPT udp * * ::/0 ::/0 ctstate NEW

Chain ufw6-user-forward (1 references)
pkts bytes target prot opt in out source destination

Chain ufw6-user-input (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp * * ::/0 ::/0 tcp dpt:5140
0 0 ACCEPT udp * * ::/0 ::/0 udp dpt:5140

Chain ufw6-user-limit (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all * * ::/0 ::/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix "[UFW LIMIT BLOCK] "
0 0 REJECT all * * ::/0 ::/0 reject-with icmp6-port-unreachable

Chain ufw6-user-limit-accept (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all * * ::/0 ::/0

Chain ufw6-user-logging-forward (0 references)
pkts bytes target prot opt in out source destination

Chain ufw6-user-logging-input (0 references)
pkts bytes target prot opt in out source destination

Chain ufw6-user-logging-output (0 references)
pkts bytes target prot opt in out source destination

Chain ufw6-user-output (1 references)
pkts bytes target prot opt in out source destination

sudo nft list ruleset
table ip filter {
chain ufw-before-logging-input {
}

chain ufw-before-logging-output {
}

chain ufw-before-logging-forward {
}

chain ufw-before-input {
	iifname "lo" counter packets 33689 bytes 17600426 accept
	ct state related,established counter packets 269716 bytes 440144604 accept
	ct state invalid counter packets 1355 bytes 1216498 jump ufw-logging-deny
	ct state invalid counter packets 1355 bytes 1216498 drop
	meta l4proto icmp icmp type destination-unreachable counter packets 0 bytes 0 accept
	meta l4proto icmp icmp type time-exceeded counter packets 0 bytes 0 accept
	meta l4proto icmp icmp type parameter-problem counter packets 0 bytes 0 accept
	meta l4proto icmp icmp type echo-request counter packets 0 bytes 0 accept
	meta l4proto udp udp sport 67 udp dport 68 counter packets 0 bytes 0 accept
	counter packets 1321 bytes 189811 jump ufw-not-local
	meta l4proto udp ip daddr 224.0.0.251 udp dport 5353 counter packets 763 bytes 91052 accept
	meta l4proto udp ip daddr 239.255.255.250 udp dport 1900 counter packets 9 bytes 1944 accept
	counter packets 549 bytes 96815 jump ufw-user-input
}

chain ufw-before-output {
	oifname "lo" counter packets 33693 bytes 17600574 accept
	ct state related,established counter packets 177074 bytes 65485095 accept
	counter packets 17880 bytes 3721985 jump ufw-user-output
}

chain ufw-before-forward {
	ct state related,established counter packets 0 bytes 0 accept
	meta l4proto icmp icmp type destination-unreachable counter packets 0 bytes 0 accept
	meta l4proto icmp icmp type time-exceeded counter packets 0 bytes 0 accept
	meta l4proto icmp icmp type parameter-problem counter packets 0 bytes 0 accept
	meta l4proto icmp icmp type echo-request counter packets 0 bytes 0 accept
	counter packets 0 bytes 0 jump ufw-user-forward
}

chain ufw-after-input {
	meta l4proto udp udp dport 137 counter packets 265 bytes 24054 jump ufw-skip-to-policy-input
	meta l4proto udp udp dport 138 counter packets 227 bytes 55448 jump ufw-skip-to-policy-input
	meta l4proto tcp tcp dport 139 counter packets 0 bytes 0 jump ufw-skip-to-policy-input
	meta l4proto tcp tcp dport 445 counter packets 0 bytes 0 jump ufw-skip-to-policy-input
	meta l4proto udp udp dport 67 counter packets 45 bytes 14276 jump ufw-skip-to-policy-input
	meta l4proto udp udp dport 68 counter packets 0 bytes 0 jump ufw-skip-to-policy-input
	fib daddr type broadcast counter packets 5 bytes 813 jump ufw-skip-to-policy-input
}

chain ufw-after-output {
}

chain ufw-after-forward {
}

chain ufw-after-logging-input {
	limit rate 3/minute burst 10 packets counter packets 7 bytes 2224 log prefix "[UFW BLOCK] "
}

chain ufw-after-logging-output {
}

chain ufw-after-logging-forward {
	limit rate 3/minute burst 10 packets counter packets 0 bytes 0 log prefix "[UFW BLOCK] "
}

chain ufw-reject-input {
}

chain ufw-reject-output {
}

chain ufw-reject-forward {
}

chain ufw-track-input {
}

chain ufw-track-output {
	meta l4proto tcp ct state new counter packets 4562 bytes 273720 accept
	meta l4proto udp ct state new counter packets 13200 bytes 3441901 accept
}

chain ufw-track-forward {
}

chain INPUT {
	type filter hook input priority filter; policy drop;
	counter packets 306097 bytes 459152523 jump ufw-before-logging-input
	counter packets 306097 bytes 459152523 jump ufw-before-input
	counter packets 565 bytes 97999 jump ufw-after-input
	counter packets 23 bytes 3408 jump ufw-after-logging-input
	counter packets 23 bytes 3408 jump ufw-reject-input
	counter packets 23 bytes 3408 jump ufw-track-input
}

chain OUTPUT {
	type filter hook output priority filter; policy accept;
	counter packets 228664 bytes 86808878 jump ufw-before-logging-output
	counter packets 228664 bytes 86808878 jump ufw-before-output
	counter packets 17897 bytes 3723209 jump ufw-after-output
	counter packets 17897 bytes 3723209 jump ufw-after-logging-output
	counter packets 17897 bytes 3723209 jump ufw-reject-output
	counter packets 17897 bytes 3723209 jump ufw-track-output
}

chain FORWARD {
	type filter hook forward priority filter; policy drop;
	counter packets 0 bytes 0 jump ufw-before-logging-forward
	counter packets 0 bytes 0 jump ufw-before-forward
	counter packets 0 bytes 0 jump ufw-after-forward
	counter packets 0 bytes 0 jump ufw-after-logging-forward
	counter packets 0 bytes 0 jump ufw-reject-forward
	counter packets 0 bytes 0 jump ufw-track-forward
}

chain ufw-logging-deny {
	ct state invalid limit rate 3/minute burst 10 packets counter packets 743 bytes 669334 return
	limit rate 3/minute burst 10 packets counter packets 292 bytes 263854 log prefix "[UFW BLOCK] "
}

chain ufw-logging-allow {
	limit rate 3/minute burst 10 packets counter packets 0 bytes 0 log prefix "[UFW ALLOW] "
}

chain ufw-skip-to-policy-input {
	counter packets 542 bytes 94591 drop
}

chain ufw-skip-to-policy-output {
	counter packets 0 bytes 0 accept
}

chain ufw-skip-to-policy-forward {
	counter packets 0 bytes 0 drop
}

chain ufw-not-local {
	fib daddr type local counter packets 6 bytes 2188 return
	fib daddr type multicast counter packets 773 bytes 93032 return
	fib daddr type broadcast counter packets 542 bytes 94591 return
	limit rate 3/minute burst 10 packets counter packets 0 bytes 0 jump ufw-logging-deny
	counter packets 0 bytes 0 drop
}

chain ufw-user-input {
	meta l4proto tcp tcp dport 5140 counter packets 0 bytes 0 accept
	meta l4proto udp udp dport 5140 counter packets 0 bytes 0 accept
}

chain ufw-user-output {
}

chain ufw-user-forward {
}

chain ufw-user-logging-input {
}

chain ufw-user-logging-output {
}

chain ufw-user-logging-forward {
}

chain ufw-user-limit {
	limit rate 3/minute counter packets 0 bytes 0 log prefix "[UFW LIMIT BLOCK] "
	counter packets 0 bytes 0 reject
}

chain ufw-user-limit-accept {
	counter packets 0 bytes 0 accept
}

}
table ip6 filter {
chain ufw6-before-logging-input {
}

chain ufw6-before-logging-output {
}

chain ufw6-before-logging-forward {
}

chain ufw6-before-input {
	iifname "lo" counter packets 0 bytes 0 accept
	rt type 0 counter packets 0 bytes 0 drop
	ct state related,established counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type echo-reply counter packets 0 bytes 0 accept
	ct state invalid counter packets 0 bytes 0 jump ufw6-logging-deny
	ct state invalid counter packets 0 bytes 0 drop
	meta l4proto ipv6-icmp icmpv6 type destination-unreachable counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type packet-too-big counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type time-exceeded counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type parameter-problem counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type echo-request counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type nd-router-solicit ip6 hoplimit 255 counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type nd-router-advert ip6 hoplimit 255 counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type nd-neighbor-solicit ip6 hoplimit 255 counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type nd-neighbor-advert ip6 hoplimit 255 counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type  ip6 hoplimit 255 counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type  ip6 hoplimit 255 counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp ip6 saddr fe80::/10 icmpv6 type  counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp ip6 saddr fe80::/10 icmpv6 type  counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp ip6 saddr fe80::/10 icmpv6 type  counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp ip6 saddr fe80::/10 icmpv6 type  counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type  ip6 hoplimit 255 counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type  ip6 hoplimit 255 counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp ip6 saddr fe80::/10 icmpv6 type  ip6 hoplimit 1 counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp ip6 saddr fe80::/10 icmpv6 type  ip6 hoplimit 1 counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp ip6 saddr fe80::/10 icmpv6 type  ip6 hoplimit 1 counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type  counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type  counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type  counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type  counter packets 0 bytes 0 accept
	meta l4proto udp ip6 saddr fe80::/10 ip6 daddr fe80::/10 udp sport 547 udp dport 546 counter packets 0 bytes 0 accept
	meta l4proto udp ip6 daddr ff02::fb udp dport 5353 counter packets 86 bytes 12491 accept
	meta l4proto udp ip6 daddr ff02::f udp dport 1900 counter packets 0 bytes 0 accept
	counter packets 0 bytes 0 jump ufw6-user-input
}

chain ufw6-before-output {
	oifname "lo" counter packets 0 bytes 0 accept
	rt type 0 counter packets 0 bytes 0 drop
	ct state related,established counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type destination-unreachable counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type packet-too-big counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type time-exceeded counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type parameter-problem counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type echo-request counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type echo-reply counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type nd-router-solicit ip6 hoplimit 255 counter packets 6 bytes 288 accept
	meta l4proto ipv6-icmp icmpv6 type nd-neighbor-advert ip6 hoplimit 255 counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type nd-neighbor-solicit ip6 hoplimit 255 counter packets 1 bytes 72 accept
	meta l4proto ipv6-icmp icmpv6 type nd-router-advert ip6 hoplimit 255 counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type  ip6 hoplimit 255 counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type  ip6 hoplimit 255 counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp ip6 saddr fe80::/10 icmpv6 type  counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp ip6 saddr fe80::/10 icmpv6 type  counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp ip6 saddr fe80::/10 icmpv6 type  counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp ip6 saddr fe80::/10 icmpv6 type  counter packets 3 bytes 288 accept
	meta l4proto ipv6-icmp icmpv6 type  ip6 hoplimit 255 counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type  ip6 hoplimit 255 counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp ip6 saddr fe80::/10 icmpv6 type  ip6 hoplimit 1 counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp ip6 saddr fe80::/10 icmpv6 type  ip6 hoplimit 1 counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp ip6 saddr fe80::/10 icmpv6 type  ip6 hoplimit 1 counter packets 0 bytes 0 accept
	counter packets 108 bytes 15861 jump ufw6-user-output
}

chain ufw6-before-forward {
	rt type 0 counter packets 0 bytes 0 drop
	ct state related,established counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type destination-unreachable counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type packet-too-big counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type time-exceeded counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type parameter-problem counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type echo-request counter packets 0 bytes 0 accept
	meta l4proto ipv6-icmp icmpv6 type echo-reply counter packets 0 bytes 0 accept
	counter packets 0 bytes 0 jump ufw6-user-forward
}

chain ufw6-after-input {
	meta l4proto udp udp dport 137 counter packets 0 bytes 0 jump ufw6-skip-to-policy-input
	meta l4proto udp udp dport 138 counter packets 0 bytes 0 jump ufw6-skip-to-policy-input
	meta l4proto tcp tcp dport 139 counter packets 0 bytes 0 jump ufw6-skip-to-policy-input
	meta l4proto tcp tcp dport 445 counter packets 0 bytes 0 jump ufw6-skip-to-policy-input
	meta l4proto udp udp dport 546 counter packets 0 bytes 0 jump ufw6-skip-to-policy-input
	meta l4proto udp udp dport 547 counter packets 0 bytes 0 jump ufw6-skip-to-policy-input
}

chain ufw6-after-output {
}

chain ufw6-after-forward {
}

chain ufw6-after-logging-input {
	limit rate 3/minute burst 10 packets counter packets 0 bytes 0 log prefix "[UFW BLOCK] "
}

chain ufw6-after-logging-output {
}

chain ufw6-after-logging-forward {
	limit rate 3/minute burst 10 packets counter packets 0 bytes 0 log prefix "[UFW BLOCK] "
}

chain ufw6-reject-input {
}

chain ufw6-reject-output {
}

chain ufw6-reject-forward {
}

chain ufw6-track-input {
}

chain ufw6-track-output {
	meta l4proto tcp ct state new counter packets 0 bytes 0 accept
	meta l4proto udp ct state new counter packets 88 bytes 13801 accept
}

chain ufw6-track-forward {
}

chain INPUT {
	type filter hook input priority filter; policy drop;
	counter packets 86 bytes 12491 jump ufw6-before-logging-input
	counter packets 86 bytes 12491 jump ufw6-before-input
	counter packets 0 bytes 0 jump ufw6-after-input
	counter packets 0 bytes 0 jump ufw6-after-logging-input
	counter packets 0 bytes 0 jump ufw6-reject-input
	counter packets 0 bytes 0 jump ufw6-track-input
}

chain OUTPUT {
	type filter hook output priority filter; policy accept;
	counter packets 118 bytes 16509 jump ufw6-before-logging-output
	counter packets 118 bytes 16509 jump ufw6-before-output
	counter packets 108 bytes 15861 jump ufw6-after-output
	counter packets 108 bytes 15861 jump ufw6-after-logging-output
	counter packets 108 bytes 15861 jump ufw6-reject-output
	counter packets 108 bytes 15861 jump ufw6-track-output
}

chain FORWARD {
	type filter hook forward priority filter; policy drop;
	counter packets 0 bytes 0 jump ufw6-before-logging-forward
	counter packets 0 bytes 0 jump ufw6-before-forward
	counter packets 0 bytes 0 jump ufw6-after-forward
	counter packets 0 bytes 0 jump ufw6-after-logging-forward
	counter packets 0 bytes 0 jump ufw6-reject-forward
	counter packets 0 bytes 0 jump ufw6-track-forward
}

chain ufw6-logging-deny {
	ct state invalid limit rate 3/minute burst 10 packets counter packets 0 bytes 0 return
	limit rate 3/minute burst 10 packets counter packets 0 bytes 0 log prefix "[UFW BLOCK] "
}

chain ufw6-logging-allow {
	limit rate 3/minute burst 10 packets counter packets 0 bytes 0 log prefix "[UFW ALLOW] "
}

chain ufw6-skip-to-policy-input {
	counter packets 0 bytes 0 drop
}

chain ufw6-skip-to-policy-output {
	counter packets 0 bytes 0 accept
}

chain ufw6-skip-to-policy-forward {
	counter packets 0 bytes 0 drop
}

chain ufw6-user-input {
	meta l4proto tcp tcp dport 5140 counter packets 0 bytes 0 accept
	meta l4proto udp udp dport 5140 counter packets 0 bytes 0 accept
}

chain ufw6-user-output {
}

chain ufw6-user-forward {
}

chain ufw6-user-logging-input {
}

chain ufw6-user-logging-output {
}

chain ufw6-user-logging-forward {
}

chain ufw6-user-limit {
	limit rate 3/minute counter packets 0 bytes 0 log prefix "[UFW LIMIT BLOCK] "
	counter packets 0 bytes 0 reject
}

chain ufw6-user-limit-accept {
	counter packets 0 bytes 0 accept
}

}
table inet lxd {
chain pstrt.lxdbr0 {
type nat hook postrouting priority srcnat; policy accept;
ip saddr 10.72.248.0/24 ip daddr != 10.72.248.0/24 masquerade
ip6 saddr fd42:9fc7:1f00:52d6::/64 ip6 daddr != fd42:9fc7:1f00:52d6::/64 masquerade
}

chain fwd.lxdbr0 {
	type filter hook forward priority filter; policy accept;
	ip version 4 oifname "lxdbr0" accept
	ip version 4 iifname "lxdbr0" accept
	ip6 version 6 oifname "lxdbr0" accept
	ip6 version 6 iifname "lxdbr0" accept
}

chain in.lxdbr0 {
	type filter hook input priority filter; policy accept;
	iifname "lxdbr0" tcp dport 53 accept
	iifname "lxdbr0" udp dport 53 accept
	iifname "lxdbr0" icmp type { destination-unreachable, time-exceeded, parameter-problem } accept
	iifname "lxdbr0" udp dport 67 accept
	iifname "lxdbr0" icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, nd-router-solicit, nd-neighbor-solicit, nd-neighbor-advert, mld2-listener-report } accept
	iifname "lxdbr0" udp dport 547 accept
}

chain out.lxdbr0 {
	type filter hook output priority filter; policy accept;
	oifname "lxdbr0" tcp sport 53 accept
	oifname "lxdbr0" udp sport 53 accept
	oifname "lxdbr0" icmp type { destination-unreachable, time-exceeded, parameter-problem } accept
	oifname "lxdbr0" udp sport 67 accept
	oifname "lxdbr0" icmpv6 type { destination-unreachable, packet-too-big, time-exceeded, parameter-problem, echo-request, nd-router-advert, nd-neighbor-solicit, nd-neighbor-advert, mld2-listener-report } accept
	oifname "lxdbr0" udp sport 547 accept
}

}
table inet incus {
}

cat /var/log/incus/incusd.log
time=“2024-04-17T10:08:24+02:00” level=warning msg=“Failed getting exec control websocket reader, killing command” PID=593640 err=“websocket: close 1006 (abnormal closure): unexpected EOF” instance=graylog interactive=true project=default
time=“2024-04-17T10:08:54+02:00” level=warning msg=“Failed shutting down instance, forcefully stopping” err=“Failed shutting down instance, status is "Running": context deadline exceeded” instance=min11 project=default
time=“2024-04-17T10:43:44+02:00” level=warning msg=“Failed shutting down instance, forcefully stopping” err=“Failed shutting down instance, status is "Running": context deadline exceeded” instance=min11 project=default

candlerb · April 17, 2024, 2:56pm

Your firewall is blocking dhcp traffic, and the fix is documented here:

sudo ufw allow in on incusbr0
sudo ufw route allow in on incusbr0
sudo ufw route allow out on incusbr0

EDIT: I use ufw and not nft. I see you have nft rules for lxdbr0, but not incusbr0. I don’t know why iptables and nft are inconsistent on your system.

Bahman · April 17, 2024, 5:00pm

i don’t know what happened but incus ls give me
incus ls
Error: The incus daemon doesn’t appear to be started (socket path: /var/lib/incus/unix.socket)
and i have following in incus.log:
time=“2024-04-17T10:43:44+02:00” level=warning msg=“Failed shutting down instance, forcefully stopping” err=“Failed shutting down instance, status is "Running": context deadline exceeded” instance=min11 project=default

Bahman · April 17, 2024, 5:05pm

i install incus one more time and it’e working. thank you it was firewall issue.

Bahman · April 17, 2024, 6:39pm

i never enable nftables. i had a problem for port 5140/tcp my server not answer for that port i just active firewall and enable port 5140/tcp.