The technique to use to make this work on 12.04 was to edit /etc/ufw/sysctl.conf to have: # Don't filter packets to our libvirt guests net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-arptables = 0
The problem is on later releases of Ubuntu these are not available until the 'bridge' module is loaded. ufw startup happens extremely early in the boot process-- intentionally before networking comes up. If the bridge module is loaded after ufw starts, it set the sysctl values to its default values-- ie, all '1', which breaks libvirt. What needs to happen on later releases of Ubuntu is to set these values after the bridge module is loaded. There are any number of ways to do this, but since this was related to firewalling, I chose to do it all within ufw: * modify /etc/default/ufw to have 'bridge' listed in IPT_MODULES * append the following to /etc/ufw/sysctl.conf: # Don't filter packets to our libvirt guests net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-arptables = 0 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/573461 Title: UFW blocks libvirt bridged traffic To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/573461/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
