A private network connects select virtual machines to other virtual machines on the same host, and to the host itself, I usually use it to use samba shares between all virtual machines without giving those virtual machines access to the internet.
To do this, you will need to add a vridge to the host computer without an actual network interface that the bridge connects to, you can also add DHCP if you don’t care to hard code the IP addresses, the virtual machine can then use this interface to talk to other virtual machines or the host itself, A virtual machine can have both this network interface and another that does have access to the internet if you so chose
1- Create the file /etc/libvirt/qemu/networks/private.xml with the following contents
<network>
<name>private</name>
<bridge name="privbr"/>
<ip address="192.168.8.1" netmask="255.255.255.0">
<dhcp>
<range start="192.168.8.2" end="192.168.8.254"/>
</dhcp>
</ip>
</network>
Now, tell KVM about it
virsh net-define /etc/libvirt/qemu/networks/private.xml
Now, make sure it comes up with every reboot
virsh net-start private virsh net-autostart private
Last but not least, modify the virtual machine to use it, in the guest configuration, add the following right after the existing
<interface type='bridge'>
<mac address='00:16:3e:5d:c7:9e'/>
<source bridge='privbr'/>
<model type='e1000e'/>
<address type='pci' domain='0x0000' bus='0x09' slot='0x00' function='0x0'/>
</interface>
The instructions here are for Debian 12 (Bookworm), but may apply to older versions of the distro