Signed-off-by: Eric Garver <eric@garver.life>
---
 src/network/libvirt-routed-out.policy | 12 ++++++++++++
 src/network/meson.build               |  5 +++++
 2 files changed, 17 insertions(+)
 create mode 100644 src/network/libvirt-routed-out.policy

diff --git a/src/network/libvirt-routed-out.policy b/src/network/libvirt-routed-out.policy
new file mode 100644
index 000000000000..efa0030569d6
--- /dev/null
+++ b/src/network/libvirt-routed-out.policy
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="utf-8"?>
+<policy target="ACCEPT">
+  <short>libvirt-routed-out</short>
+
+  <description>
+    This policy is used to allow routed virtual machine traffic to the rest of
+    the network.
+  </description>
+
+  <ingress-zone name="libvirt-routed" />
+  <egress-zone name="ANY" />
+</policy>
diff --git a/src/network/meson.build b/src/network/meson.build
index cd52e2a54c28..36d9b51a2cf9 100644
--- a/src/network/meson.build
+++ b/src/network/meson.build
@@ -115,5 +115,10 @@ if conf.has('WITH_NETWORK')
       install_dir: prefix / 'lib' / 'firewalld' / 'policies',
       rename: [ 'libvirt-nat-out.xml' ],
     )
+    install_data(
+      'libvirt-routed-out.policy',
+      install_dir: prefix / 'lib' / 'firewalld' / 'policies',
+      rename: [ 'libvirt-routed-out.xml' ],
+    )
   endif
 endif
-- 
2.33.0

On Wed, May 11, 2022 at 11:41:55AM -0400, Eric Garver wrote:
> Signed-off-by: Eric Garver <eric@garver.life>
> ---
>  src/network/libvirt-routed-out.policy | 12 ++++++++++++
>  src/network/meson.build               |  5 +++++
>  2 files changed, 17 insertions(+)
>  create mode 100644 src/network/libvirt-routed-out.policy

I guess this patch was a mistake, since there's already another
PATCH 3 in this series, which appears to be a superset of this
one.

> 
> diff --git a/src/network/libvirt-routed-out.policy b/src/network/libvirt-routed-out.policy
> new file mode 100644
> index 000000000000..efa0030569d6
> --- /dev/null
> +++ b/src/network/libvirt-routed-out.policy
> @@ -0,0 +1,12 @@
> +<?xml version="1.0" encoding="utf-8"?>
> +<policy target="ACCEPT">
> +  <short>libvirt-routed-out</short>
> +
> +  <description>
> +    This policy is used to allow routed virtual machine traffic to the rest of
> +    the network.
> +  </description>
> +
> +  <ingress-zone name="libvirt-routed" />
> +  <egress-zone name="ANY" />
> +</policy>
> diff --git a/src/network/meson.build b/src/network/meson.build
> index cd52e2a54c28..36d9b51a2cf9 100644
> --- a/src/network/meson.build
> +++ b/src/network/meson.build
> @@ -115,5 +115,10 @@ if conf.has('WITH_NETWORK')
>        install_dir: prefix / 'lib' / 'firewalld' / 'policies',
>        rename: [ 'libvirt-nat-out.xml' ],
>      )
> +    install_data(
> +      'libvirt-routed-out.policy',
> +      install_dir: prefix / 'lib' / 'firewalld' / 'policies',
> +      rename: [ 'libvirt-routed-out.xml' ],
> +    )
>    endif
>  endif
> -- 
> 2.33.0
> 

With regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

On Thu, May 12, 2022 at 07:37:30PM +0100, Daniel P. Berrangé wrote:
> On Wed, May 11, 2022 at 11:41:55AM -0400, Eric Garver wrote:
> > Signed-off-by: Eric Garver <eric@garver.life>
> > ---
> >  src/network/libvirt-routed-out.policy | 12 ++++++++++++
> >  src/network/meson.build               |  5 +++++
> >  2 files changed, 17 insertions(+)
> >  create mode 100644 src/network/libvirt-routed-out.policy
> 
> I guess this patch was a mistake, since there's already another
> PATCH 3 in this series, which appears to be a superset of this
> one.

Yes. Sorry. I must have had a stale 0003 laying around.

Please ignore this patch. :)