Ubuntu
libvirt package

  1. Bug #1928113
  2. Comment #1

Comment 1 for bug 1928113

Revision history for this message
Thiago Jung Bauermann (thiago-bauermann) wrote :

More information I should have mentioned earlier:

The impact of this bug is that libvirt can't start the default network:

bauermann@popigai:~$ virsh -c qemu:///system net-start default
error: Failed to start network default
error: internal error: firewalld is set to use the nftables backend, but the required firewalld 'libvirt' zone is missing. Either set the firewalld backend to 'iptables', or ensure that firewalld has a 'libvirt' zone by upgrading firewalld to a version supporting rule priorities (0.7.0+) and/or rebuilding libvirt with --with-firewalld-zone

bauermann@popigai:~$ echo $?
1

The workaround is to add a zone="trusted" attribute to the bridge node of the network XML definition:

<network>
  <name>default</name>
  <uuid>d20d5db0-4a01-4422-8bcb-8b582d019356</uuid>
  <forward mode="nat">
    <nat>
      <port start="1024" end="65535"/>
    </nat>
  </forward>
  <bridge name="virbr0" zone="trusted" stp="on" delay="0"/>
  <mac address="52:54:00:13:28:6a"/>
  <ip address="192.168.122.1" netmask="255.255.255.0">
    <dhcp>
      <range start="192.168.122.2" end="192.168.122.254"/>
    </dhcp>
  </ip>
</network>