So LXC containers on Ubuntu 22.04 cannot connect to TEH Intarwebs because a rule in a new(?) tool called nft drops all the packets by default…? 🤷

When did this happen? It must have worked before because there are a bunch of containers with installed packages retrieved from some server out there. Strange.

Anyway, the following command fixes the connection issue – not sure this has undesired side-effects, but maybe this should work out of the box so I don’t have to even think about doing something like this 🙄

$ sudo nft add 'chain ip filter FORWARD { policy accept; }'

(Via discuss.linuxcontainers.org.)

Update: There is another way to make this work, it actually is Docker meddling with the iptables:

$ sudo iptables -I DOCKER-USER -i lxdbr0 -j ACCEPT
$ sudo iptables -I DOCKER-USER -o lxdbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

(Via github.com.)