From dde5397aaa63367b768308c85a21427d346813a2 Mon Sep 17 00:00:00 2001
From: James Page <james.page@canonical.com>
Date: Tue, 3 Sep 2024 11:20:33 +0100
Subject: [PATCH] Enable LXD networking

Ensure that networking traffic is forwarded to and from LXD instances
using nftables.

Change-Id: I8b959dcfd2ebba10c24dc06442d3239ea17ec211
---
 roles/charmbuild/tasks/main.yaml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/roles/charmbuild/tasks/main.yaml b/roles/charmbuild/tasks/main.yaml
index 1103bc7..8ca3ccc 100644
--- a/roles/charmbuild/tasks/main.yaml
+++ b/roles/charmbuild/tasks/main.yaml
@@ -12,6 +12,12 @@
     name: snapd
   become: true
 
+- name: nftables is installed
+  apt:
+    name: nftables
+  become: true
+  when: ansible_distribution_release == 'jammy' or ansible_distribution_release == 'noble'
+
 - name: lxd snap is installed
   snap:
     name: lxd
@@ -22,6 +28,11 @@
   command: lxd init --auto
   become: true
 
+- name: allow packets from lxd bridge
+  command: nft insert rule filter openstack-INPUT iif lxdbr0 accept
+  become: true
+  when: ansible_distribution_release == 'jammy' or ansible_distribution_release == 'noble'
+
 - name: current user is in lxd group
   user:
     name: "{{ ansible_user }}"