On all of the networks I create, I really don't want libvirt/KVM/virt-manager to do any kind of DHCP. I'm currently using xml files to feed into libvirt via virsh, for example: <network> <name>192_0_1</name> <bridge name='swan01' stp='on' delay='0' /> <mac address='12:00:00:16:16:BA'/> <ip address='192.0.1.127' netmask='255.255.255.0'> </ip> </network> Running this through virsh net-define gives no errors, and virt-manager shows: DHCP Start: disabled DHCP End: disabled But any attempt at starting the network causes: Error starting network '192_0_1': failed to add iptables rule to allow DHCP requests from 'swan01' Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/asyncjob.py", line 96, in cb_wrapper callback(asyncjob, *args, **kwargs) File "/usr/share/virt-manager/virtManager/asyncjob.py", line 117, in tmpcb callback(*args, **kwargs) File "/usr/share/virt-manager/virtManager/network.py", line 82, in start self.net.create() File "/usr/lib64/python2.7/site-packages/libvirt.py", line 2049, in create if ret == -1: raise libvirtError ('virNetworkCreate() failed', net=self) libvirtError: failed to add iptables rule to allow DHCP requests from 'swan01' I narrowed this down to the fact that firewalld was not running. So I guess there are two bugs: 1) when not specifying dhcp ranges in the xml, it should _not_ try to poke DHCP holes. 2) when firewalld is not running, it should perhaps log a warning, but not abort the network start. Paul