Comment 7 for bug 746497

Thanks again for opening this bug.

After talking to upstream (specifically thanks to laine on #virt :), the firewall rules are a feature of the libvirt networks. To do what you want, you should create the bridge yourself (i.e. using /etc/network/interfaces), and then specify that the vm's attach to that. So you would have no libvirt networks at all. The VM xml to do that would look like:

<interface type='bridge'>
 <source bridge='br0'/>
 <mac address='00:16:3e:1a:b3:4a'/>
</interface>