From d06f8f096a18ead0c70397ed43c83e8f6da9d85b Mon Sep 17 00:00:00 2001 From: Roman Bogorodskiy Date: Sun, 13 Jul 2025 10:50:22 +0200 Subject: [PATCH] docs: add network driver documentation Currently documents only FreeBSD/pf specific configuration. Signed-off-by: Roman Bogorodskiy Reviewed-by: Michal Privoznik --- docs/drivers.rst | 1 + docs/drvnetwork.rst | 28 ++++++++++++++++++++++++++++ docs/meson.build | 1 + 3 files changed, 30 insertions(+) create mode 100644 docs/drvnetwork.rst diff --git a/docs/drivers.rst b/docs/drivers.rst index b9dccdf5d2..f0d9e9ca34 100644 --- a/docs/drivers.rst +++ b/docs/drivers.rst @@ -6,6 +6,7 @@ Internal drivers - `Storage drivers `__ - `Node device driver `__ - `Secret driver `__ +- `Network driver `__ The libvirt public API delegates its implementation to one or more internal drivers, depending on the `connection URI `__ passed when initializing diff --git a/docs/drvnetwork.rst b/docs/drvnetwork.rst new file mode 100644 index 0000000000..23082310ba --- /dev/null +++ b/docs/drvnetwork.rst @@ -0,0 +1,28 @@ +============== +Network driver +============== + +.. contents:: + +Platform-specific notes +======================= + +FreeBSD +------- + +FreeBSD netowork driver uses the pf firewall. Libvirt managed pf rules +are created within anchors. Anchors need to be configured manually by +the user. Sample ``/etc/pf.conf`` might look like: + +:: + + scrub all + + nat-anchor "libvirt\*" + anchor "libvirt\*" + + pass all + + +Users are not expected to manually modify rules in the ``"libvirt\*"`` +subanchors because the changes will be lost on restart. diff --git a/docs/meson.build b/docs/meson.build index 4f8982ee90..2c7c23271b 100644 --- a/docs/meson.build +++ b/docs/meson.build @@ -49,6 +49,7 @@ docs_rst_files = [ 'drvesx', 'drvhyperv', 'drvlxc', + 'drvnetwork', 'drvnodedev', 'drvopenvz', 'drvqemu', -- 2.47.3