From: Roman Bogorodskiy <bogorodskiy@gmail.com>
Date: Sun, 13 Jul 2025 08:50:22 +0000 (+0200)
Subject: docs: add network driver documentation
X-Git-Tag: v11.7.0-rc1~15
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=d06f8f096a18ead0c70397ed43c83e8f6da9d85b;p=thirdparty%2Flibvirt.git

docs: add network driver documentation

Currently documents only FreeBSD/pf specific configuration.

Signed-off-by: Roman Bogorodskiy <bogorodskiy@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---

diff --git a/docs/drivers.rst b/docs/drivers.rst
index b9dccdf5d2..f0d9e9ca34 100644
--- a/docs/drivers.rst
+++ b/docs/drivers.rst
@@ -6,6 +6,7 @@ Internal drivers
 -  `Storage drivers <storage.html>`__
 -  `Node device driver <drvnodedev.html>`__
 -  `Secret driver <drvsecret.html>`__
+-  `Network driver <drvnetwork.html>`__
 
 The libvirt public API delegates its implementation to one or more internal
 drivers, depending on the `connection URI <uri.html>`__ passed when initializing
diff --git a/docs/drvnetwork.rst b/docs/drvnetwork.rst
new file mode 100644
index 0000000000..23082310ba
--- /dev/null
+++ b/docs/drvnetwork.rst
@@ -0,0 +1,28 @@
+==============
+Network driver
+==============
+
+.. contents::
+
+Platform-specific notes
+=======================
+
+FreeBSD
+-------
+
+FreeBSD netowork driver uses the pf firewall. Libvirt managed pf rules
+are created within anchors. Anchors need to be configured manually by
+the user. Sample ``/etc/pf.conf`` might look like:
+
+::
+
+ scrub all
+
+ nat-anchor "libvirt\*"
+ anchor "libvirt\*"
+
+ pass all
+
+
+Users are not expected to manually modify rules in the ``"libvirt\*"``
+subanchors because the changes will be lost on restart.
diff --git a/docs/meson.build b/docs/meson.build
index 4f8982ee90..2c7c23271b 100644
--- a/docs/meson.build
+++ b/docs/meson.build
@@ -49,6 +49,7 @@ docs_rst_files = [
   'drvesx',
   'drvhyperv',
   'drvlxc',
+  'drvnetwork',
   'drvnodedev',
   'drvopenvz',
   'drvqemu',