KVM Virtmanage UFW Issues

I use CachyOS Gnome and last night, I installed Virtmanager because I need it. For the record, I have run KVM on this PC for years but on other distributions.
A few months ago, I had the same issue with CachyOS and opted for VirtualBox.

Last night, I installed Virtmanager and just like last time, no internet. I then did a lot of troubleshooting and the only thing that worked was to disable the UFW on the host.

Strangely, I could ping 8.8.8.8 and google.com but Cachy Browser would not connect.

So disabling the UFW on the host would let me install CachyOS as a VM but I do want to run a FW on the host. I then added various rules so that the guest could have internet access but after a while, I gave up.

If Peter reads this, please look into this. It is puzzling why UFW doesn’t play nice with virtual machines.

Here are my UFW rules on the host:

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip

To Action From


Anywhere on virbr0 ALLOW IN Anywhere
Anywhere (v6) on virbr0 ALLOW IN Anywhere (v6)

Anywhere ALLOW OUT Anywhere on virbr0
80/tcp ALLOW OUT Anywhere
443/tcp ALLOW OUT Anywhere
53/udp ALLOW OUT Anywhere
Anywhere (v6) ALLOW OUT Anywhere (v6) on virbr0
80/tcp (v6) ALLOW OUT Anywhere (v6)
443/tcp (v6) ALLOW OUT Anywhere (v6)
53/udp (v6) ALLOW OUT Anywhere (v6)

Here is the relevant history to show you what I have done:

sudo pacman -S --needed qemu-desktop virt-manager virt-viewer dmidecode edk2-ovmf
180 sudo systemctl enable libvirtd.service
181 sudo systemctl start libvirtd.service
182 sudo usermod -aG libvirt $USER
183 sha256sum cachyos-desktop-linux-241221.iso
184 sudo virsh net-start default
185 sudo virsh net-list --all
186 sudo virsh net-autostart default
187 ip addr show virbr0
188 ps aux | grep dnsmasq
189 sudo ufw disable
190 sudo virsh net-destroy default
191 sudo virsh net-start default
192 sudo nano /etc/ufw/before.rules
193 exit
194 sudo nano /etc/ufw/sysctl.conf
195 sudo ufw disable
196 sudo ufw enable
197 sudo ufw status verbose
198 sudo ufw disable
199 sudo ufw reset
200 sudo chmod 600 /etc/ufw/user.rules
201 sudo chmod 600 /etc/ufw/before.rules
202 sudo chmod 600 /etc/ufw/after.rules
203 sudo chmod 600 /etc/ufw/user6.rules
204 sudo chmod 600 /etc/ufw/before6.rules
205 sudo chmod 600 /etc/ufw/after6.rules
206 sudo ufw enable
207 sudo ufw allow in on virbr0
208 sudo ufw allow out on virbr0
209 sudo ufw reload
210 systemctl list-unit-files | grep resolved
211 resolvectl status
212 ping 64.59.144.18
213 sudo pacman -S qemu-full
214 sudo pacman -S qemu-full libvirt virt-manager virt-viewer bridge-utils dnsmasq edk2-ovmf spice-vdagent swtpm swtpm-tools
215 pacman -Ss swtpm
216 paru -S swtpm
217 swtpm --version
218 sudo ufw allow out 80/tcp
219 sudo ufw allow out 443/tcp
220 sudo ufw allow out 53/udp
221 sudo ufw allow in on virbr0
222 sudo ufw allow out on virbr0
223 sudo ufw reload
224 sudo ufw status verbose

Thank you for any pointers. :slight_smile:

make sure you have iptables-nft installed, then try adding firewall_backend = "iptables" to /etc/libvirt/network.conf

restart libvirt service

sudo systemctl restart libvirtd

or reboot

1 Like

Thank you Dutch,
I will give this another shot tonight and update the post. :slight_smile:

Have you solved this problem? If so, share the solution please