I’m trying to setup LXD but bridge creation fails as it relies on iptables commands. For LXC I managed to edit lxc-net script to remove these, and implemented corresponding rules for nftables, which worked fine.
Is it possible to manually create the bridge in a way that satisfies LXD? I presume iptables won’t be touched during regular operation, correct?
Any pointers in the right direction are welcome, thanks!
If you create a bridge interface manually and then, for example, when doing lxd init you skip the creation but set the already created bridge this should work.
If you create the bridge at a later stage you can setup the nictype as bridged and parent as the manually created bridge
LXD 3.0 also now has a question in lxd init which lets you use an existing bridge or host interface directly, without having to manually configure it afterwards.
Thanks for the fast response guys, that would be great if there’s a way!
I looked at the source and e.g. the Start() function in lxd/networks.go contains calls to iptables. Wouldn’t these be invoked during regular startup and cause the network initialization to error out?
Ok, I think I’ll revert to iptables for now. With it enabled, things immediately work better out of the box.
I hope the netfilter devs do their best to get nftables ready for primetime soon. I find it much easier to grasp syntax wise, but I won’t be fighting against mainstream inertia here.