libvirt: "Failed to initialize a valid firewall backend"
Solution 1
Installing ebtables
and dnsmasq
seems to fix the problem. Don't forget to restart the libvirtd
service.
The commands:
sudo pacman -Syu ebtables dnsmasq
sudo systemctl restart libvirtd
NOTE: do not forget to close and re-open your virt-manager
GUI (if you're using one).
EDIT: The original answer suggested also installing firewalld
. This doesn't seem to be necessary for many users, and may add an additional unwanted firewall to your system. However if you want to try it, you can add the following commands as well:
sudo pacman -Syu firewalld
sudo systemctl start firewalld
sudo systemctl enable firewalld
sudo systemctl restart libvirtd
Solution 2
This is the error that comes up if libvirtd was started without ebtables
and/or dnsmasq
installed. If you've got them installed and you're still having this issue, you probably need to restart the libvirtd
service:
sudo systemctl restart libvirtd.service
Credit to the comments on the other answer to this question for illuminating this. I'm submitting it as a new and separate answer to the original question because installing and starting firewalld
to solve the original problem is liable to cause new problems: once the firewall daemon is running, most of the services you'll want within your virtual machine, including DHCP, will be blocked by default, meaning that your VMs will not be able to reach the network on initialization.
I lost over an hour of my life trying to track down this problem, and tracing it to a firewall I had just enabled was one of the dumbest sources of a bug that I've ever run into. Don't let it take any time from yours.
Related videos on Youtube
testandby
Updated on September 18, 2022Comments
-
testandby over 1 year
I'm trying to set up a virtual NAT network device without DHCP for libvirt on an Arch Linux host.
What I have tried:
# virsh net-define network.xml Network default defined from network.xml
[
network.xml
]:<network> <name>default</name> <bridge name="maas0" /> <forward mode="nat" /> <ip address="10.137.0.1" netmask="255.255.255.0" /> </network>
My laptop outputs the following on start-up:
# virsh net-start default error: Failed to start network default error: internal error: Failed to initialize a valid firewall backend
All other threads concerning this topic are talking about upgrading software -- I'm using the most current versions:
$ pacman -Q ebtables dnsmasq libvirt iptables ebtables 2.0.10_4-5 dnsmasq 2.75-1 libvirt 1.3.3-1 iptables 1.4.21-3
What could be the reason for that
internal error
and what can I do against? -
pepper_chico over 6 yearsThere's no need to install
firewalld
, it's also not listed on ArchLinux wiki, it's just necessary to startebtables
anddnsmasq
, withlibvirtd
/virtlogd
afterwards. -
ThorSummoner over 5 yearsI want to emphasize, restart libvirtd, after installing
ebtables
anddnsmasq
-
Alex Oliveira about 5 yearsI confirm there's no need to install
firewalld
, as noted by @pepper_chico (comment) and Stuart P. Bentley (other answer). -
Tom Saleeba almost 3 yearsinstalling
ebtables
for me meant replacingiptables
withiptables-nft
as their packages conflicted. I had nothing configured iniptables
and the change seems to have not broken anything.