Hi All, I have two kvm guests running with a bridged configuration bound separately to br0 and br1 on my Fedora 15 host. I'm attempting to create some nwfilter rules on br1 and am running into a bunch of problems that have me scratching my head. libvirt version: 0.8.8-7 What I've noticed on the second host is as follows: - Most all nwfilter rules that I create for the host on br1 don't work as I would expect. If I create a rule for TCP dest port 22 with direction set to 'in', I would expect I could connect to the host via SSH from another host, but I only see a SYN and not a full connection. If I set the direction to 'inout', SSH seems to work. - A nwfilter rule for UDP dest port 53 with direction set to 'out' or 'inout' doesn't allow lookups to an outside DNS server. - In the configuration of one VM, the source Virtual network device lists "Host device vnet0 (Bridge 'br0') and the other lists "Host device eth1 (Bridge 'br1')". I don't see anything different in the two hosts XML configuration files that describe the difference, but I'm concerned that the second VM on br1 is misconfigured. I notice a few iptables rules with "PHYSDEV match --physdev-in vnet1" listed in them, should these really read "PHYSDEV match --physdev-in br1" given the configuration virt-manager is reporting? I would appreciate any pointers. -Kevin