https://bugzilla.suse.com/show_bug.cgi?id=1214612 https://bugzilla.suse.com/show_bug.cgi?id=1214612#c3 Alexandre Vicenzi <alexandre.vicenzi@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(danish.prakash@su | |se.com) --- Comment #3 from Alexandre Vicenzi <alexandre.vicenzi@suse.com> --- (In reply to Danish Prakash from comment #2)

Yes, we should. However, it should be noted that netavark defaults to nftables so this might become redundant as we completely transition to netavark and end up loading the ip* modules unconditionally.

In this case, it might be helpful to load these modules when we do not strictly require netavark i.e. SLE15-*.

It seems that netavark defaults to the system implementation [1]. On Tumbleweed (tested on version 20240930) netavark seems to require ip6_tables, as shown below. alexandre@localhost:~> podman info | grep netavark networkBackend: netavark backend: netavark package: netavark-1.12.2-1.1.x86_64 path: /usr/libexec/podman/netavark version: netavark 1.12.2 alexandre@localhost:~> zypper info nftables Information for package nftables: --------------------------------- Repository : Main Repository (OSS) Name : nftables Version : 1.0.9-3.5 Arch : x86_64 Vendor : openSUSE Installed Size : 129.6 KiB Installed : Yes (automatically) Status : up-to-date Source package : nftables-1.0.9-3.5.src Upstream URL : https://netfilter.org/projects/nftables/ Summary : Userspace utility to access the nf_tables packet filter alexandre@localhost:~> podman network create --ipv6 --gateway fd00::1:8:1 --subnet fd00::1:8:0/112 ipv6 ipv6 alexandre@localhost:~> podman run --network ipv6 -ti registry.opensuse.org/opensuse/tumbleweed Error: netavark: code: 3, msg: modprobe: ERROR: could not insert 'ip6_tables': Operation not permitted ip6tables v1.8.10 (legacy): can't initialize ip6tables table `nat': Table does not exist (do you need to insmod?) Perhaps ip6tables or your kernel needs to be upgraded. Danish, am I missing something? Because netavark does not default to nftables on my system, even if installed. [1]: https://github.com/containers/netavark/blob/v1.12.2/src/firewall/mod.rs#L46 -- You are receiving this mail because: You are on the CC list for the bug.