Incus - Container Can not Use Network
11/01/2025, SatHost Firewall Rules
A potential cause for your container not being able to reach outside the internet could be caused by firewall rules. For example, on my system , there weren't any recent changed made to my incus network configuration, but somehow system packages were not able to be downloaded inside all my incus containers. It could be that your operating system package manager or system configuration elsewhere could have made updates to your firewall rules.
My system uses nft tables to manage firewall rules and the proper way to add these rules permanently to the nft table file
/etc/nftables.conf, but I had difficulty in getting the rules to apply before incus can be started. Instead, I opted to add a preexec command before the sudo incus exec ... command to reload the rules right before incus starts.
# Using the fish shell
function fish_preexec --on-event fish_preexec
if string match -r '^sudo\s+incus\s+exec' $argv[1]
sudo nft insert rule ip filter FORWARD iifname "incusbr0" accept
sudo nft insert rule ip filter FORWARD oifname "incusbr0" accept
end
end
If you only want to temporarily test out these two rules, run these two commands in your terminal.
sudo nft insert rule ip filter FORWARD iifname "incusbr0" accept
sudo nft insert rule ip filter FORWARD oifname "incusbr0" accept