Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LXD not adding UFW rules for the bridge on a default installation #14808

Open
cppservergit opened this issue Jan 16, 2025 · 1 comment
Open

LXD not adding UFW rules for the bridge on a default installation #14808

cppservergit opened this issue Jan 16, 2025 · 1 comment

Comments

@cppservergit
Copy link

Ubuntu 24.04 server VM
LXD 5.21.1

After installing on a brand-new VM, and initializing with

sudo snap install lxd
sudo lxd init --auto

New containers won't have an IPv4 address.

It was solved by adding the rules, but this is the first time on a fresh install of LXD on Ubuntu 24.04 that I have to add the rules manually, following the docs and using these commands:

sudo ufw allow in on lxdbr0
sudo ufw route allow in on lxdbr0
sudo ufw route allow out on lxdbr0

After running these commands everything is working fine, the containers have ipV4 addresses.

What could have caused LXD to not auto-configure UFW for the bridge on a fresh Ubuntu 24.04 VM?

My network information on the VM:

sudo ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

    inet6 ::1/128 scope host noprefixroute

       valid_lft forever preferred_lft forever

2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000

    link/ether 00:50:56:b1:d9:ee brd ff:ff:ff:ff:ff:ff

    altname enp3s0

    inet 10.100.12.9/24 brd 10.100.12.255 scope global ens160

       valid_lft forever preferred_lft forever

    inet6 fe80::250:56ff:feb1:d9ee/64 scope link

       valid_lft forever preferred_lft forever

3: lxdbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000

    link/ether 00:16:3e:b2:70:cc brd ff:ff:ff:ff:ff:ff

    inet 10.153.159.1/24 scope global lxdbr0

       valid_lft forever preferred_lft forever

    inet6 fd42:f5f:dd50:53c::1/64 scope global

       valid_lft forever preferred_lft forever

    inet6 fe80::216:3eff:feb2:70cc/64 scope link

       valid_lft forever preferred_lft forever
@simondeziel
Copy link
Member

What could have caused LXD to not auto-configure UFW for the bridge on a fresh Ubuntu 24.04 VM?

AFAIK, this is not something LXD is doing automatically. It's also tricky to ship UFW rule snippets in the LXD snap as the bridge name can be anything and there can be multiple bridges. It's also not safe to assume that those broad allow rules are going to be adequate for everyone.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@simondeziel @cppservergit