Arch+libvirt+bridges+ufw

I never thought getting bridged network for libvirt clients to work under archlinux. Here is the digest.

Adding Bridge Network with netctl

eth0 needs to be up in order to get the bridge working

/etc/netctl/bridge

Description='bridge'
Interface=br0
Connection=bridge
BindsToInterface=(eth0)
IP=static # or dhcp
Address=('1.2.3.4/24')
Gateway='1.2.3.1'
DNS=('1.2.3.3')
ExecUpPost="brctl stp $Interface on||:"

/etc/netctl/eth_bridged

Description='eth0 without ip'
Interface=eth0
Connection=ethernet
IP=no
IP6=no

enable the bridge

systemctl disable dhcpcd@eth0 # if applicable
netctl enable bridge
netctl enable eth_bridged

After a reboot the interface should be available and libvirt should be able to use the bridge for libvirt clients. If you have ufw in place, add this line to /etc/ufw/before{,6}.rules between *filter and COMMIT :

-I FORWARD -m physdev --physdev-is-bridged -j ACCEPT

maybe you also need the following lines in /etc/sysctl.d/bridge.conf:

net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

enable security changes

ufw disable
ufw enable
sysctl -p /etc/sysctl.d/bridge.conf

Comments