Comment 5 for bug 573461

Loic, I think this is a different issue since it appears you are using libvirt's NAT and not libvirt's bridging setup. If I am wrong, please correct me.

Assuming you are using NAT, as you said libvirt is the one doing the inserting of the rules in this case. ufw does have a 'MANAGE_BUILTINS' option in /etc/default/ufw that will flush the builtins, but in this case that wouldn't work too well because libvirt is started after ufw (and so ufw would flush the builtins, setup its rules, then libvirt would come along and insert them at the top again). libvirt probably should grow some functionality to check if ufw is present and enabled, then do something sane. Can you file a wishlist bug against libvirt for this?