Whonix 17 wont work directly on debian 12 bookworm host (no iptables)

KVM
1

Debian removed the dependency on iptables since bullseye, and bookwork by default doesnt ship iptables and replaced with nftables.

This caused a blocker to run whonix when this command wont work anymore:

sudo virsh -c qemu:///system net-start Whonix-External

kvmiptable
kvmiptable805×208 17.7 KB

kvmiptable3
kvmiptable3821×217 24.9 KB

kvmiptable4
kvmiptable4557×663 42.6 KB 

Error starting domain: Requested operation is not valid: network 'Whonix-External' is not active

Traceback (most recent call last):
  File "/usr/share/virt-manager/virtManager/asyncjob.py", line 72, in cb_wrapper
    callback(asyncjob, *args, **kwargs)
  File "/usr/share/virt-manager/virtManager/asyncjob.py", line 108, in tmpcb
    callback(*args, **kwargs)
  File "/usr/share/virt-manager/virtManager/object/libvirtobject.py", line 57, in newfn
    ret = fn(self, *args, **kwargs)
          ^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/share/virt-manager/virtManager/object/domain.py", line 1402, in startup
    self._backend.create()
  File "/usr/lib/python3/dist-packages/libvirt.py", line 1373, in create
    raise libvirtError('virDomainCreate() failed')
libvirt.libvirtError: Requested operation is not valid: network 'Whonix-External' is not active

So can this be changed to use nftables? or we need to add iptables as extra package (which is sorta backward degradation)?

1 Like
2

depend on iptables, though when installed with --no-install-recommends doesnt install iptables (?)

Upstream though saying they are not depending on iptables:

So this change made by Debian Libvirt Maintainers

This issue fixed in debian hosts if iptables installed.

1 Like
3

Old Debian upstream bug report:
Dependency problem with iptables and libvirt-daemon-system

But it’s from 2019.

So unfortunately it seems the maintenance of KVM in Debian seems less than stellar.

1 Like