The dnsmasq that is included in the LXD snap wasn’t compiled with HAVE_NFTSET flag. I’m trying to firewall my restricted container using domain names and I need dnsmasq to put the IP addresses into my netfilter set but it can’t do it because it wasn’t compiled with the HAVE_NFTSET. Any chance the LXD snap could include a dnsmasq binary compiled with nftset?
I’m using Ubuntu 24.04.1 with LXD 5.21.2
The default dnsmasq (/usr/sbin) has all the same compile options plus nftset and it’s only 120 bytes larger.
The LXD snaps use the dnsmasq-base package from the corresponding distro/base core version. At the moment, the latest/edge channel comes with a dnsmasq compiled with nftset support enabled as it uses the one from Ubuntu Noble (24.04):