How do I prevent libvirt from adding iptables rules for guest NAT networks?
Solution 1:
Well I've found an answer that suits me: I've gone back to school and learned to do it the old fashioned way. No need to use libvirt's fancy networking functions as I can just:
- set up my own bridged network(s) (not attached to any physical network port)
- use a DHCP server on the host and masquerade in iptables
- edit the libvirt guest config files to use the bridge(s)
- have complete flexibility in how I want to configure security with iptables