Setup bridge without iptables?

Adrian 2018-04-13 13:39:36 UTC #1

I’m trying to setup LXD but bridge creation fails as it relies on iptables commands. For LXC I managed to edit lxc-net script to remove these, and implemented corresponding rules for nftables, which worked fine.

Is it possible to manually create the bridge in a way that satisfies LXD? I presume iptables won’t be touched during regular operation, correct?

Any pointers in the right direction are welcome, thanks!

Dnegreira 2018-04-13 14:36:11 UTC #2

If you create a bridge interface manually and then, for example, when doing lxd init you skip the creation but set the already created bridge this should work.
If you create the bridge at a later stage you can setup the nictype as bridged and parent as the manually created bridge

stgraber 2018-04-13 15:24:58 UTC #3

LXD 3.0 also now has a question in lxd init which lets you use an existing bridge or host interface directly, without having to manually configure it afterwards.

Adrian 2018-04-13 20:10:05 UTC #4

Thanks for the fast response guys, that would be great if there’s a way!

I looked at the source and e.g. the Start() function in lxd/networks.go contains calls to iptables. Wouldn’t these be invoked during regular startup and cause the network initialization to error out?

Adrian 2018-04-14 13:20:24 UTC #5

Ok, I think I’ll revert to iptables for now. With it enabled, things immediately work better out of the box.

I hope the netfilter devs do their best to get nftables ready for primetime soon. I find it much easier to grasp syntax wise, but I won’t be fighting against mainstream inertia here.