Please consult me on how to limit network access to “internet only” (no network access to F37 host or LAN resources) for Windows 10 VM on KVM+QEMU (VirtManager). Should FW rules be created in host’s FW config ? Are there any ways to setup FW restrictions on KVM/QEMU itself ? What’s the proper recipe for this use case ?
When guest is configured with NAT forwarding over
virbr0, guest to host access is restricted by default, but some essential services are allowed, see:
sudo firewall-cmd --info-zone=libvirt
This is possible.
That is also possible.
It is reasonable to use firewalld since it is already involved and easier to troubleshoot.
Thanks @vgaetera , I’ll study what you shared.