Configure UFW to allow KVM guests


To allow KVM guests network access, the whole internet says you just have to allow incoming and outcoming traffic on the virbr0 interface:

# ufw allow in on virbr0
# ufw allow out on virbr0

However, it still didn't work. journactl -f showed:

# journactl -f
..
Jul 15 11:10:16 mithrandir kernel: [UFW BLOCK]
  IN=virbr0
  OUT=wlan0
  MAC=51:50:00:50:64:ce:49:51:00:b1:cd:e9:08:07
  SRC=192.168.122.185
  DST=195.88.54.16
  LEN=60
  TOS=0x00
  PREC=0x00
  TTL=63
  ID=13981
  DF
  PROTO=TCP
  SPT=45838
  DPT=80
  WINDOW=64240
  RES=0x00
  SYN
  URGP=0

This was because there was no firewall rule to forward traffic from the virbr0 interface to the wlan0 interface to get out on the internet:

# ufw route allow in on virbr0 out on wlan0

With that in place, my KVM guests could access the internet as normal! 💪


Licensed under CC BY Creative Commons License ~ ✉ torstein.k.johansen @ gmail ~ 🐘 @skybert@hachyderm.io ~ 🐦 @torsteinkrause