Ufw and lxd network conflicts on Debian 10

bruce78 · January 9, 2020, 2:04pm

I’ve installed ufw on a debian 10 host with the following config

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
25/tcp                     ALLOW IN    Anywhere                  
80/tcp                     ALLOW IN    Anywhere                  
443/tcp                    ALLOW IN    Anywhere                  
587/tcp                    ALLOW IN    Anywhere                  
993/tcp                    ALLOW IN    Anywhere                        
2200/tcp                   ALLOW IN    Anywhere
25/tcp (v6)                ALLOW IN    Anywhere (v6)             
80/tcp (v6)                ALLOW IN    Anywhere (v6)             
443/tcp (v6)               ALLOW IN    Anywhere (v6)             
587/tcp (v6)               ALLOW IN    Anywhere (v6)             
993/tcp (v6)               ALLOW IN    Anywhere (v6)

If I try and create a new container e.g.

lxc launch images:debian/buster/amd64 c1

An IP4 address isnt assigned… the workaround is to stop ufw, stop the container, restart the container and then restart ufw…

Does anyone know what the problem might be or is there a better solution?

p.s. I’ve also been exploring the solution in this thread, UFW gets inactive on restart of container but sudo apt update fails… the container isn’t given an IP4 address and apt fails as below…

root@ufw:~# sudo apt update
Err:1 http://archive.ubuntu.com/ubuntu bionic InRelease                                                                               
  Temporary failure resolving 'archive.ubuntu.com'
Err:2 http://security.ubuntu.com/ubuntu bionic-security InRelease        
  Temporary failure resolving 'security.ubuntu.com'
Err:3 http://archive.ubuntu.com/ubuntu bionic-updates InRelease          
  Temporary failure resolving 'archive.ubuntu.com'
Err:4 http://archive.ubuntu.com/ubuntu bionic-backports InRelease
  Temporary failure resolving 'archive.ubuntu.com'
Reading package lists... Done        
Building dependency tree       
Reading state information... Done
All packages are up to date.
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic/InRelease  Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-updates/InRelease  Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://archive.ubuntu.com/ubuntu/dists/bionic-backports/InRelease  Temporary failure resolving 'archive.ubuntu.com'
W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/bionic-security/InRelease  Temporary failure resolving 'security.ubuntu.com'
W: Some index files failed to download. They have been ignored, or old ones used instead.

bruce78 · January 10, 2020, 3:07am

Ok so the resolution as outlined here https://wiki.debian.org/nftables#Current_status is to switch to the legacy version…

update-alternatives --set iptables /usr/sbin/iptables-legacy
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
update-alternatives --set arptables /usr/sbin/arptables-legacy
update-alternatives --set ebtables /usr/sbin/ebtables-legacy