Firewall rules for a Win10 VM on KVM+QEMU (VirtManager)


Please consult me on how to limit network access to “internet only” (no network access to F37 host or LAN resources) for Windows 10 VM on KVM+QEMU (VirtManager). Should FW rules be created in host’s FW config ? Are there any ways to setup FW restrictions on KVM/QEMU itself ? What’s the proper recipe for this use case ?

Artūras B.

When guest is configured with NAT forwarding over virbr0, guest to host access is restricted by default, but some essential services are allowed, see:

sudo firewall-cmd --info-zone=libvirt

This is possible.

That is also possible.

It is reasonable to use firewalld since it is already involved and easier to troubleshoot.

Thanks @vgaetera , I’ll study what you shared.