Re: [libvirt PATCH 00/28] native support for nftables in virtual network driver
On Thu, Jun 13, 2024 at 08:00:32PM GMT, Roman Bogorodskiy wrote:
Andrea Bolognani wrote:
> Honestly I'm not entirely sure it makes much sense to have the
> network driver and especially the default network if you need to
> bring your own firewall rules, but that can be a separate discussion.
Hm, I think the network driver is quite usable without QEMU, e.g. I use
it with bhyve.
Okay, I didn't realize that was an option.
Which leads me to open a different can of worms then: if libvirt
networks can be used with drivers other than QEMU, wouldn't it make
sense for their configuration to live in /etc/libvirt/network instead
of /etc/libvirt/qemu/networks? How difficult would it be to adopt the
new path without breaking existing setups?
I also find it quite useful even without firewall rules. Most of the
time internal connectivity is enough for my guests. Configuring NAT on
per-network basis is also fairly easy. For more advanced scenarios hooks
could be used, though I haven't done that specifically.
VMs with no connectivity to the outside world are of very limited use
IMO. At the very least, a warning about the fact that connectivity is
limited could be displayed upon package installation.
--
Andrea Bolognani / Red Hat / Virtualization