> > Did you try to apply the iptable rules by hand for a test? > This turned out to be the exact hint I needed. I turned off firewalld, and applied the rules I'd quoted exactly, to see a different result. Eventually, it turned out that iptables does not expose zones, and found that applying the rules within the "libvirt" zone resolved the issue. Thanks -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: This is a digitally signed message part. URL: <http://lists.centos.org/pipermail/centos/attachments/20201211/b620c470/attachment-0005.sig>