Hello @ all The libvirt-daemon compromises the packet-filtering-rules at daemon-startup, before any VM is started. To prevent this, I first have create a hook-script which deletes existing rules, but apparently these rules are set after the hook. Removing the defined networks was no solution either. Worst of all is, a service restart of the daemon may even completely neutralize the firewall. Is there a solution to prevent this undesirable behavior? No matter how or who what do or with what network configuration a VM is started, the daemon must not compromise the firewall, by altering them. The Firewall is untouchable and taboo. What can I do to disable that? Thank you! Best Regards Tom $ dpkg -l libvirt-daemon ||/ Name Version Architektur Beschreibung +++-=========================-============-============-================================== ii libvirt-daemon 5.0.0-4 amd64 Virtualization daemon $ lsb_release -a Distributor ID: Debian Description: Debian GNU/Linux 10 (buster) Release: 10 Codename: buster