Arch+libvirt+bridges+ufw
########################
:date: 2014-07-03 14:48
:tags: archlinux,libvirt,network-bridge,ufw,netctl

I never thought getting bridged network for libvirt 
clients to work under archlinux. Here is the digest.

Adding Bridge Network with netctl
---------------------------------
eth0 needs to be up in order to get the bridge working


**/etc/netctl/bridge**

.. code-block:: bash
    
    Description='bridge'
    Interface=br0
    Connection=bridge
    BindsToInterface=(eth0)
    IP=static # or dhcp
    Address=('1.2.3.4/24')
    Gateway='1.2.3.1'
    DNS=('1.2.3.3')
    ExecUpPost="brctl stp $Interface on||:"

**/etc/netctl/eth_bridged**

.. code-block:: bash
    
    Description='eth0 without ip'
    Interface=eth0
    Connection=ethernet
    IP=no
    IP6=no

**enable the bridge**

.. code-block:: bash

    systemctl disable dhcpcd@eth0 # if applicable
    netctl enable bridge
    netctl enable eth_bridged

After a reboot the interface should be available and libvirt should be able to use the bridge for libvirt clients.
If you have ufw in place, add this line to **/etc/ufw/before{,6}.rules** between \*filter and COMMIT :

.. code-block:: bash

    -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT

maybe you also need the following lines in **/etc/sysctl.d/bridge.conf**:

.. code-block:: bash

    net.bridge.bridge-nf-call-ip6tables = 0
    net.bridge.bridge-nf-call-iptables = 0
    net.bridge.bridge-nf-call-arptables = 0

enable security changes

.. code-block:: bash

    ufw disable
    ufw enable
    sysctl -p /etc/sysctl.d/bridge.conf