diff --git a/libvirt.spec.in b/libvirt.spec.in
index 794dd43c59..5ea9ef2912 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1915,6 +1915,9 @@ exit 0
%if %{with_firewalld_zone}
%{_prefix}/lib/firewalld/zones/libvirt.xml
%{_prefix}/lib/firewalld/zones/libvirt-routed.xml
+%{_prefix}/lib/firewalld/policies/libvirt-routed-in.xml
+%{_prefix}/lib/firewalld/policies/libvirt-routed-out.xml
+%{_prefix}/lib/firewalld/policies/libvirt-to-host.xml
%endif
%files daemon-driver-nodedev
diff --git a/src/network/libvirt-routed-in.policy b/src/network/libvirt-routed-in.policy
new file mode 100644
index 0000000000..dd691efbb6
--- /dev/null
+++ b/src/network/libvirt-routed-in.policy
@@ -0,0 +1,11 @@
+
+
+ libvirt-routed-in
+
+
+ This policy is used to allow routed traffic to the virtual machines.
+
+
+
+
+
diff --git a/src/network/libvirt-routed-out.policy b/src/network/libvirt-routed-out.policy
new file mode 100644
index 0000000000..efa0030569
--- /dev/null
+++ b/src/network/libvirt-routed-out.policy
@@ -0,0 +1,12 @@
+
+
+ libvirt-routed-out
+
+
+ This policy is used to allow routed virtual machine traffic to the rest of
+ the network.
+
+
+
+
+
diff --git a/src/network/libvirt-to-host.policy b/src/network/libvirt-to-host.policy
new file mode 100644
index 0000000000..b20aecaf42
--- /dev/null
+++ b/src/network/libvirt-to-host.policy
@@ -0,0 +1,20 @@
+
+
+ libvirt-to-host
+
+
+ This policy is used to filter traffic from virtual machines to the
+ host.
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/src/network/meson.build b/src/network/meson.build
index a38dc147ac..d266bb225a 100644
--- a/src/network/meson.build
+++ b/src/network/meson.build
@@ -106,5 +106,20 @@ if conf.has('WITH_NETWORK')
install_dir: prefix / 'lib' / 'firewalld' / 'zones',
rename: [ 'libvirt-routed.xml' ],
)
+ install_data(
+ 'libvirt-to-host.policy',
+ install_dir: prefix / 'lib' / 'firewalld' / 'policies',
+ rename: [ 'libvirt-to-host.xml' ],
+ )
+ install_data(
+ 'libvirt-routed-out.policy',
+ install_dir: prefix / 'lib' / 'firewalld' / 'policies',
+ rename: [ 'libvirt-routed-out.xml' ],
+ )
+ install_data(
+ 'libvirt-routed-in.policy',
+ install_dir: prefix / 'lib' / 'firewalld' / 'policies',
+ rename: [ 'libvirt-routed-in.xml' ],
+ )
endif
endif