Hello, everybody! 
Just wondering what specific host iptable rules are absolutely necessary for the Whonix-External and Whonix-Internal networks to operate normally. Any rules beyond that added by libvirt I would like to remove for more security and control.
I’ve carefully read the libvirt iptables documentation but still remain unsure as to what I can remove or alter.
The shipped configs are the barebones absolutely needed to get things functional. Libvirt does support extra rules for security and filtering between machines but I chose not to use them to minimize attack surface and keep things simple. To ensure guest safety/separation one is advised to simply create another isolated network based on the internal config and not bother with anything else.
I believe I’ve answered this question: