Currently documents only FreeBSD/pf specific configuration. Signed-off-by: Roman Bogorodskiy <bogorods...@gmail.com> --- docs/drivers.rst | 1 + docs/drvnetwork.rst | 28 ++++++++++++++++++++++++++++ docs/meson.build | 1 + 3 files changed, 30 insertions(+) create mode 100644 docs/drvnetwork.rst
diff --git a/docs/drivers.rst b/docs/drivers.rst index b9dccdf5d2..f0d9e9ca34 100644 --- a/docs/drivers.rst +++ b/docs/drivers.rst @@ -6,6 +6,7 @@ Internal drivers - `Storage drivers <storage.html>`__ - `Node device driver <drvnodedev.html>`__ - `Secret driver <drvsecret.html>`__ +- `Network driver <drvnetwork.html>`__ The libvirt public API delegates its implementation to one or more internal drivers, depending on the `connection URI <uri.html>`__ passed when initializing diff --git a/docs/drvnetwork.rst b/docs/drvnetwork.rst new file mode 100644 index 0000000000..23082310ba --- /dev/null +++ b/docs/drvnetwork.rst @@ -0,0 +1,28 @@ +============== +Network driver +============== + +.. contents:: + +Platform-specific notes +======================= + +FreeBSD +------- + +FreeBSD netowork driver uses the pf firewall. Libvirt managed pf rules +are created within anchors. Anchors need to be configured manually by +the user. Sample ``/etc/pf.conf`` might look like: + +:: + + scrub all + + nat-anchor "libvirt\*" + anchor "libvirt\*" + + pass all + + +Users are not expected to manually modify rules in the ``"libvirt\*"`` +subanchors because the changes will be lost on restart. diff --git a/docs/meson.build b/docs/meson.build index 4f8982ee90..2c7c23271b 100644 --- a/docs/meson.build +++ b/docs/meson.build @@ -49,6 +49,7 @@ docs_rst_files = [ 'drvesx', 'drvhyperv', 'drvlxc', + 'drvnetwork', 'drvnodedev', 'drvopenvz', 'drvqemu', -- 2.49.0
