KVM Virtual Machine Network - Guest-guest/VM-VM only network (no host/hypervisor access, no outbound connectivity)

I know that with the *virsh* command I can create several types of networks (a "NAT network", for example) as we can see in these URLs... KVM network management <https://programmersought.com/article/52213715009/> KVM default NAT-based networking <https://www.ibm.com/downloads/cas/ZVJGQX8E> (page 33) *QUESTION:* How can I create a network (*lan_n*) where only guests/VMs have connectivity, with no outbound connectivity and no host/hypervisor connectivity? *NOTE:* The connectivity to other resources will be provided by a *pfSense* firewall server that will have access to another network (*wan_n*) with outbound connectivity and other resources. Network layout... [N]wan_n ↕ [I]wan_n [V]pfsense_vm [I]lan_n ↕ [N]lan_n ↕ ............................. ↕ ↕ ↕ [V]some_vm_0 [V]some_vm_1 [V]some_vm_4 [V]some_vm_2 [V]some_vm_5 [V]some_vm_3 _ [N] - Network; _ [I] - Network Interface; _ [V] - Virtual Machine. *Thanks! =D* *ORIGINAL QUESTION: *https://serverfault.com/q/1066478/276753 <https://programmersought.com/article/52213715009/> -- *Eduardo Lúcio* Tecnologia, Desenvolvimento e Software Livre LightBase Consultoria em Software Público eduardo.lucio(a)lightbase.com.br <eduardo.lucio(a)LightBase.com.br&gt; *+55-61-3347-1949* - http://brlight.org <eduardo.lucio(a)LightBase.com.br&gt; - *Brasil-DF* *Software livre! Abrace essa idéia!* *"Aqueles que negam liberdade aos outros não a merecem para si mesmos."* *Abraham Lincoln*