From 4499b1b3f190c87d8f4ede1d64a67fdf3bf21d27 Mon Sep 17 00:00:00 2001
From: Kai Kang <kai.kang@windriver.com>
Date: Wed, 26 Nov 2025 15:29:14 +0800
Subject: [PATCH] libvirt: set firewall backend priority

If firewall_backend isn't configured in the config file, libvirt will
choose the first available backend from the following list by default:

    [nftables, iptables]

so when nftables is installed in image, firewall backend nftables rather
than iptables is adopted.

Add a PACKAGECONFIG to set the firewall backend priority. And update
runtime dependencies for backend nftables.

Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
---
 recipes-extended/libvirt/libvirt_git.bb | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/recipes-extended/libvirt/libvirt_git.bb b/recipes-extended/libvirt/libvirt_git.bb
index 681ceade..e9359e1e 100644
--- a/recipes-extended/libvirt/libvirt_git.bb
+++ b/recipes-extended/libvirt/libvirt_git.bb
@@ -15,7 +15,9 @@ DEPENDS = "bridge-utils gnutls libxml2 lvm2 avahi parted curl libpcap util-linux
 #
 RDEPENDS:${PN} = "gettext-runtime"
 
-RDEPENDS:libvirt-libvirtd += "bridge-utils iptables pm-utils dnsmasq netcat-openbsd ebtables"
+RDEPENDS:libvirt-libvirtd += "bridge-utils pm-utils dnsmasq netcat-openbsd ebtables \
+                              ${@bb.utils.contains('PACKAGECONFIG', 'nftables', 'nftables iproute2-tc', 'iptables', d)} \
+                              "
 RDEPENDS:libvirt-libvirtd:append:x86-64 = " dmidecode"
 RDEPENDS:libvirt-libvirtd:append:x86 = " dmidecode"
 RDEPENDS:libvirt-libvirtd:append:arm = " dmidecode"
@@ -175,6 +177,7 @@ PACKAGECONFIG[apparmor_profiles] = "-Dapparmor_profiles=enabled, -Dapparmor_prof
 PACKAGECONFIG[firewalld] = "-Dfirewalld=enabled, -Dfirewalld=disabled,"
 PACKAGECONFIG[libpcap] = "-Dlibpcap=enabled, -Dlibpcap=disabled,libpcap,libpcap"
 PACKAGECONFIG[numad] = "-Dnumad=enabled, -Dnumad=disabled,"
+PACKAGECONFIG[nftables] = ""
 
 # Enable the Python tool support
 require libvirt-python.inc
@@ -313,6 +316,7 @@ do_install:append() {
 
 EXTRA_OEMESON += " \
     -Dinit_script=${@bb.utils.contains('DISTRO_FEATURES','systemd','systemd','none', d)} \
+    -Dfirewall_backend_priority=${@bb.utils.contains('PACKAGECONFIG','nftables','nftables,iptables','iptables,nftables', d)} \
     -Drunstatedir=/run \
     -Dtests=enabled \
     "