This zone will be used for the NAT network by default.
Note that this zone definition omits "forward" aka intra-zone
forwarding, because it requires firewalld >= 0.9.0.
Signed-off-by: Eric Garver <eric@xxxxxxxxxxx>
---
libvirt.spec.in | 1 +
src/network/libvirt-nat.zone | 10 ++++++++++
src/network/meson.build | 5 +++++
3 files changed, 16 insertions(+)
create mode 100644 src/network/libvirt-nat.zone
diff --git a/libvirt.spec.in b/libvirt.spec.in
index ac5bf7b8653c..6537b9385a0e 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1920,6 +1920,7 @@ exit 0
%if %{with_firewalld_zone}
%{_prefix}/lib/firewalld/zones/libvirt.xml
+%{_prefix}/lib/firewalld/zones/libvirt-nat.xml
%{_prefix}/lib/firewalld/zones/libvirt-routed.xml
%{_prefix}/lib/firewalld/policies/libvirt-routed-in.xml
%{_prefix}/lib/firewalld/policies/libvirt-routed-out.xml
diff --git a/src/network/libvirt-nat.zone b/src/network/libvirt-nat.zone
new file mode 100644
index 000000000000..6ebffb189a56
--- /dev/null
+++ b/src/network/libvirt-nat.zone
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="utf-8"?>
+<zone>
+ <short>libvirt-nat</short>
+
+ <description>
+ This zone is intended to be used only by NAT libvirt virtual networks -
+ libvirt will add the bridge devices for all new virtual networks to this
+ zone by default.
+ </description>
+</zone>
diff --git a/src/network/meson.build b/src/network/meson.build
index d266bb225a64..fa18cbb8ff62 100644
--- a/src/network/meson.build
+++ b/src/network/meson.build
@@ -101,6 +101,11 @@ if conf.has('WITH_NETWORK')
install_dir: prefix / 'lib' / 'firewalld' / 'zones',
rename: [ 'libvirt.xml' ],
)
+ install_data(
+ 'libvirt-nat.zone',
+ install_dir: prefix / 'lib' / 'firewalld' / 'zones',
+ rename: [ 'libvirt-nat.xml' ],
+ )
install_data(
'libvirt-routed.zone',
install_dir: prefix / 'lib' / 'firewalld' / 'zones',
--
2.37.3
