On Fri, Mar 31, 2017 at 12:11:40PM +0200, Richard Landsman - Rimote wrote: > Hi, > > I don't see why this should not work with the given solutions. But I'm > relatively new to KVM / libvirt. Alternative: > > Personally I use Shorewall (Shoreline FW) and bridge setups (also works with > a bonding interface). This way you can create zones, interfaces, addresses, > forwarding-rules etc and give per VM permission to let's say only use a > certain IP, only access certain parts of the network, talk to a certain > limited list of IPs etc. I can not imagine you can't create what you want > with Shorewall. It looks complicated, but actually is very intuitive if you > give it some time and effort. > > Please feel free to provide a better description of what you want to > accomplish. Maybe I misunderstand what you want to achieve. > Thanks Richard. But the problem is not Shorewall. I can use any Unix/Linux/BSD based distro to setup a firewall as a vm. The problem here is with the KVM host. I need to attach two physical interfaces to a guest and these phy interfaces have IP and routes assigned and I need to get them off the main routing table. And, why?. Because one of these interfaces is a wireless adapter and host's CPU doesn't support pci passthrough. -- Greetings, C. L. Martinez