From a99154b24e76f544b889670d254a674438a92b86 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lukas=20M=C3=A4rdian?= <slyon@ubuntu.com>
Date: Wed, 13 Nov 2024 14:57:20 +0100
Subject: [PATCH] DebCI: avoid LXC connectivity issues with Docker

---
 .github/workflows/debci.yml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/debci.yml b/.github/workflows/debci.yml
index 4eeae32a4..34853e32b 100644
--- a/.github/workflows/debci.yml
+++ b/.github/workflows/debci.yml
@@ -31,6 +31,8 @@ jobs:
         run: |
           sudo add-apt-repository -y -n -s ppa:slyon/netplan-ci
           sudo apt update
+          sudo apt purge docker.io  # FIXME: how is docker enabled on GitHub actions?
+          sudo dpkg -l | grep docker
           sudo apt install debci lxc lxc-templates debian-archive-keyring autopkgtest ubuntu-dev-tools devscripts linux-modules-extra-$(uname -r) #openvswitch-switch
       # See: https://discourse.ubuntu.com/t/containers-lxc/11526 (Apparmor section)
       #      (LP: #1950787, LP: #1998943)
@@ -38,7 +40,11 @@ jobs:
         run: |
           # Fix Docker blocking LXC networking:
           # https://discuss.linuxcontainers.org/t/9953/4
-          sudo iptables -I DOCKER-USER  -j ACCEPT
+          # https://documentation.ubuntu.com/lxd/en/latest/howto/network_bridge_firewalld/#prevent-connectivity-issues-with-lxd-and-docker
+          sudo iptables  -I DOCKER-USER  -j ACCEPT
+          # sudo ip6tables -I DOCKER-USER  -j ACCEPT
+          sudo iptables  -I DOCKER-USER  -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
+          # sudo ip6tables -I DOCKER-USER  -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
           sudo apparmor_parser -R /etc/apparmor.d/usr.bin.lxc-start
           sudo ln -s /etc/apparmor.d/usr.bin.lxc-start /etc/apparmor.d/disable/
           echo "lxc.apparmor.profile = unconfined" | sudo tee -a /etc/lxc/default.conf