Created
November 16, 2025 15:14
-
-
Save yuna0x0/fd51164ce6687c689f21405ba11afcd4 to your computer and use it in GitHub Desktop.
Firewall allow libvirt VM NAT Network (converted to ufw commands)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Firewall allow libvirt VM NAT Networking (converted to ufw commands) | |
| # Ref: https://wiki.archlinux.org/title/Libvirt#Using_nftables | |
| # The old solution is to set `firewall_backend=iptables` in `/etc/libvirt/network.conf` | |
| # instead of setting firewall rules in nftables, ufw, etc. | |
| # However, this uses the legacy iptables backend and should be considered deprecated. | |
| sudo ufw allow in on virbr0 to any port 53 proto udp comment 'allow VM DNS requests to host' | |
| sudo ufw allow in on virbr0 to any port 67 proto udp comment 'allow VM DHCP requests to host' | |
| sudo ufw route allow in on virbr0 | |
| sudo ufw route allow out on virbr0 | |
| # You must reboot the system after adding these rules. Based on my testing, only restarting services is not sufficient. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment