add libvirt bridge

content/posts/archlinux-and-bridged-libvirt-plus-ufw.rst

@@ -0,0 +1,68 @@
+Arch+libvirt+bridges+ufw
+########################
+:date: 2014-07-03 14:48
+:tags: archlinux,libvirt,network-bridge,ufw,netctl
+
+I never thought getting bridged network for libvirt 
+clients to work under archlinux. Here is the digest.
+
+Adding Bridge Network with netctl
+---------------------------------
+eth0 needs to be up in order to get the bridge working
+
+
+**/etc/netctl/bridge**
+
+.. code-block:: bash
+    
+    Description='bridge'
+    Interface=br0
+    Connection=bridge
+    BindsToInterface=(eth0)
+    IP=static # or dhcp
+    Address=('1.2.3.4/24')
+    Gateway='1.2.3.1'
+    DNS=('1.2.3.3')
+    ExecUpPost="brctl stp $Interface on||:"
+
+**/etc/netctl/eth_bridged**
+
+.. code-block:: bash
+    
+    Description='eth0 without ip'
+    Interface=eth0
+    Connection=ethernet
+    IP=no
+    IP6=no
+
+**enable the bridge**
+
+.. code-block:: bash
+
+    systemctl disable dhcpcd@eth0 # if applicable
+    netctl enable bridge
+    netctl enable eth_bridged
+
+After a reboot the interface should be available and libvirt should be able to use the bridge for libvirt clients.
+If you have ufw in place, add this line to **/etc/ufw/before{,6}.rules** between \*filter and COMMIT :
+
+.. code-block:: bash
+
+    -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
+
+maybe you also need the following lines in **/etc/sysctl.d/bridge.conf**:
+
+.. code-block:: bash
+
+    net.bridge.bridge-nf-call-ip6tables = 0
+    net.bridge.bridge-nf-call-iptables = 0
+    net.bridge.bridge-nf-call-arptables = 0
+
+enable security changes
+
+.. code-block:: bash
+
+    ufw disable
+    ufw enable
+    sysctl -p /etc/sysctl.d/bridge.conf
+