On Fri, Jan 31, 2025 at 09:26:32AM -0000, oza.4h07@xxxxxxxxx wrote: > Thank you all very much,for replying. > > Can I ask the following questions : > > 1. are the fw rules added by libvirtd, hardcoded in libvirtd source code or editable ? They are defined by our source code. > 2. can a sys admin enable ou disable these rules inclusion (ie set a > paramater somewhere so that these rules are or are not included in > currently running firewall) ? The default <forward> config will always add rules, since without adding rules you don't get any functional connectivity for guests. If you want to take full responsibility for adding rules you can change the cnofig to <forward mode='open'/> which will give you a broken connectivity until you add your own rules. With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
