Is it possible for iptables inserted by LXD and iptables-persistent to work together.
On installation, iptables-persistent saves all of LXD’s rules into /etc/iptables/rules.v4
Do I need to ensure that I only keep my own port-forwarding rules in this file, to avoid duplicating LXD’s?
In general, the iptables rules of LXD do not change over time and I do not think there have been any changes for the rules over the last versions.
Installing iptables-persistent and having them auto-capture the current rules is an easy way to save any IP forwarding rules you have applied without additional effort.
I suppose that it would be an issue to revisit if you actually get problems with iptables-persistent messing with LXD.
LXD always clears its rules (based on the generated comment it puts in them) so having them restored shouldn’t be a problem, LXD will just reset things when it starts.
However, I would like to ensure those LXD-generated rules are always in a specific position in a table. The order matters, especially in more complex production firewalls.