CentOS - Apr 2020 - CentOS 7 host with guests as bridge cannot access host

>Sorry, have to correct myself. Had to much to do today on OpenShift.
>There is no Docker involved in what we discuss. The firewall rules for
>the host bridge devices get created by libvirtd.

Thanks I was using iptables and not converted to firewalld.  I am doing so
now.
Will I need to delete the VM and re-add it ?
I am rebooting first.


Jerry

OK I rebooted.
I changed the NIC from Bridge to Passthrough, hit apply, then changed it to
bridge and hit apply, then booted the VM.

My firewall looks better but still not working.
iptables -L FORWARD -v -n | egrep '(policy|virbr1)'
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    0     0 ACCEPT     all  --  eth0   virbr1  0.0.0.0/0
192.168.100.0/24     ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  virbr1 eth0    192.168.100.0/24
0.0.0.0/0
    0     0 ACCEPT     all  --  virbr1 virbr1  0.0.0.0/0
0.0.0.0/0
    0     0 REJECT     all  --  *      virbr1  0.0.0.0/0
0.0.0.0/0            reject-with icmp-port-unreachable
    0     0 REJECT     all  --  virbr1 *       0.0.0.0/0
0.0.0.0/0            reject-with icmp-port-unreachable

iptables -L FORWARD -v -n | egrep '(policy|virbr0)'
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
    0     0 ACCEPT     all  --  *      virbr0  0.0.0.0/0
192.168.122.0/24     ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  virbr0 *       192.168.122.0/24
0.0.0.0/0
    0     0 ACCEPT     all  --  virbr0 virbr0  0.0.0.0/0
0.0.0.0/0
    0     0 REJECT     all  --  *      virbr0  0.0.0.0/0
0.0.0.0/0            reject-with icmp-port-unreachable
    0     0 REJECT     all  --  virbr0 *       0.0.0.0/0
0.0.0.0/0            reject-with icmp-port-unreachable

Now what? Thanks.

Jerry

This is unfortunate.
https://wiki.libvirt.org/page/TroubleshootMacvtapHostFail

To the "normal" user - BRIDGE means guest is on the same network and
has
access to the host.

Bummer.

Jerry