Signed-off-by: Eric Garver <eric@xxxxxxxxxxx>
---
src/network/libvirt-routed-in.policy | 11 +++++++++++
src/network/libvirt-routed-out.policy | 12 ++++++++++++
src/network/meson.build | 10 ++++++++++
3 files changed, 33 insertions(+)
create mode 100644 src/network/libvirt-routed-in.policy
create mode 100644 src/network/libvirt-routed-out.policy
diff --git a/src/network/libvirt-routed-in.policy b/src/network/libvirt-routed-in.policy
new file mode 100644
index 000000000000..baf8822d747c
--- /dev/null
+++ b/src/network/libvirt-routed-in.policy
@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="utf-8"?>
+<policy target="ACCEPT">
+ <short>libvirt-routed-out</short>
+
+ <description>
+ This policy is used to allow routed traffic to the virtual machines.
+ </description>
+
+ <ingress-zone name="ANY" />
+ <egress-zone name="libvirt-routed" />
+</policy>
diff --git a/src/network/libvirt-routed-out.policy b/src/network/libvirt-routed-out.policy
new file mode 100644
index 000000000000..efa0030569d6
--- /dev/null
+++ b/src/network/libvirt-routed-out.policy
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="utf-8"?>
+<policy target="ACCEPT">
+ <short>libvirt-routed-out</short>
+
+ <description>
+ This policy is used to allow routed virtual machine traffic to the rest of
+ the network.
+ </description>
+
+ <ingress-zone name="libvirt-routed" />
+ <egress-zone name="ANY" />
+</policy>
diff --git a/src/network/meson.build b/src/network/meson.build
index cd52e2a54c28..20e411c7eaff 100644
--- a/src/network/meson.build
+++ b/src/network/meson.build
@@ -115,5 +115,15 @@ if conf.has('WITH_NETWORK')
install_dir: prefix / 'lib' / 'firewalld' / 'policies',
rename: [ 'libvirt-nat-out.xml' ],
)
+ install_data(
+ 'libvirt-routed-out.policy',
+ install_dir: prefix / 'lib' / 'firewalld' / 'policies',
+ rename: [ 'libvirt-routed-out.xml' ],
+ )
+ install_data(
+ 'libvirt-routed-in.policy',
+ install_dir: prefix / 'lib' / 'firewalld' / 'policies',
+ rename: [ 'libvirt-routed-in.xml' ],
+ )
endif
endif
--
2.33.0
