I know that with the virsh command I can create several types of networks (a “NAT network”, for example) as we can see in these URLs…
KVM network management
KVM default NAT-based networking (page 33)
QUESTION: How can I create a network (lan_n) where only guests/VMs have connectivity, with no outbound connectivity and no host/hypervisor connectivity?
NOTE: The connectivity to other resources will be provided by a pfSense firewall server that will have access to another network (wan_n) with outbound connectivity and other resources.
Network layout... (N)wan_n ↕ (I)wan_n (V)pfsense_vm (I)lan_n ↕ (N)lan_n ↕ ............................. ↕ ↕ ↕ (V)some_vm_0 (V)some_vm_1 (V)some_vm_4 (V)some_vm_2 (V)some_vm_5 (V)some_vm_3 _ (N) - Network; _ (I) - Network Interface; _ (V) - Virtual Machine.