1

This question was the same I have found to my issue. It has no answer.

I am running vagrant on my Ubuntu and have ipv6 disabled. When I create an image with vagrant, libvirt returns:

Error while activating network: Call to virNetworkCreate failed: internal error: Failed to apply firewall rules /sbin/ip6tables --table filter --insert FORWARD --in-interface virbr1 --jump REJECT: ip6tables v1.6.1: can't initialize ip6tables table `filter': Address family not supported by protocol Perhaps ip6tables or your kernel needs to be upgraded.

How do I disable ipv6 in libvirt or how do I fix this issue?

kolosov
  • 11
  • 2
  • 2
    Not the reply you want to hear, I'm sure, but anyway: IPv6 is a mandatory part of the TCP/IP networking standard. Why did you disable it on your host in the first place? – Tilman Schmidt Apr 12 '20 at 12:23
  • 1
    @TilmanSchmidt the assumption of the post is: the user is using IPv6. If disabling it was an option then the user would have avoided asking how to avoid disabling it. It's not "Not the reply you want to hear", but "Not the reply I should make" – kolosov Apr 12 '20 at 22:48
  • 1
    The question says: "I have ipv6 disabled" which to me seems to indicate that the user is *not* using IPv6. If you want to say the user *is* using IPv6 then you may want to rephrase the question to make that clearer. – Tilman Schmidt Apr 13 '20 at 17:47
  • @TilmanSchmidt I'm saying "the user must not enable nor use nor think about ipv6" – kolosov Apr 13 '20 at 18:31
  • Then you shouldn't use vagrant. – Tilman Schmidt Apr 13 '20 at 18:44
  • @TilmanSchmidt vagrant or libvirt? I don't have problems creating VMs with VirtualBox – kolosov Apr 13 '20 at 20:06

2 Answers2

1

Do not disable IPv6 at the kernel level. Remove disable lines from modprobe.conf.

libvirt network filter chains are a firewall abstraction with a decent amount of features. Of course they can deny. But not if the kernel has that address family disabled.

Disable at the kernel level introduces technical debt. Short term, software like this that supports IPv6 may error, because they cannot do what was requested if the kernel doesn't support it.

Long term, this sets back your IPv6 implementation. Eventually, you will want IP communication without NATs or proxies. Or get sick of RFC 1918 address space conflicts. But now you need to touch this kernel thing in addition to firewalls. And cannot build out a v6 host firewall while disabled in the kernel.

John Mahowald
  • 32,050
  • 2
  • 19
  • 34
0

You don't mention which version of libvirt you are using which is important here. Libvirt does not mandate use of IPv6, however, there were a couple of versions released last year which accidentally introduced a hard dependency on IPv6. This was since fixed so libvirt should gracefully degrade if it finds IPv6 missing/disabled. So if this isn't working, then I'd suggest filing a bug against Ubuntu.

DanielB
  • 1,618
  • 7
  • 7