Hi all, When creating a new network: 1) Is there a way to disable automatic spawning of dnsmasq on network creation? I read that leaving out the <DHCP> section should accomplish this, but that is not what I am seeing. 2) Is there a way to disable automatic installation of iptables rules? 3) For that matter, what is the purpose of the default iptables rule set? Doesn't line 3 let all traffic pass anyway? Thanks, Paul Running libvirt 0.9.2 on Ubuntu 11.10 server. Here's the libvirt network config: RAW CONFIG <network> <name>test</name> <bridge name="virbr%d" stp="off" delay="0"/> <forward mode="route"/> <ip address="192.168.0.1" netmask="255.255.255.0"> </ip> </network> COMMAND virsh net-create test.xml RESULTS virsh net-dumpxml test <network> <name>test</name> <uuid>2eff5e7f-847a-1fbf-ec82-01a46ef0f6c2</uuid> <forward mode='route'/> <bridge name='virbr3' stp='off' delay='0' /> <mac address='52:54:00:47:E6:15'/> <ip address='192.168.0.1' netmask='255.255.255.0'> </ip> </network ps aux | grep dns nobody 4391 0.0 0.0 21616 916 ? S 09:45 0:00 dnsmasq --strict-order --bind-interfaces --pid-file=/var/run/libvirt/network/test.pid --conf-file= --except-interface lo --listen-address 192.168.0.1 iptables -L --line-numbers Chain FORWARD (policy ACCEPT) num target prot opt source destination 1 ACCEPT all -- anywhere 192.168.0.0/24 2 ACCEPT all -- 192.168.0.0/24 anywhere 3 ACCEPT all -- anywhere anywhere 4 REJECT all -- anywhere anywhere reject-with icmp-port-unreachable 5 REJECT all -- anywhere anywhere reject-with icmp-port-unreachable