content: add UFW firewall warning to virt-manager VM setup guide (#39)

## Summary

On distros with UFW enabled by default (e.g. CachyOS), VM networking
silently fails after `virsh net-start default` because UFW blocks DNS
and DHCP on `virbr0`. Adds a warning callout with the required UFW rules
at the point users would hit this issue.

## Type of change

- [x] `content` — update or improve existing content

> [PR title and commit types must follow these standards — view the
contributing
guide](https://github.com/Stensel8/Zephyrus-Linux/blob/main/CONTRIBUTING.md#commit-messages)

## Checklist

- [x] PR title follows the commit convention (e.g. `fix: correct nmcli
command in eduroam guide`)
- [x] Both EN and NL versions updated (if applicable)
- [x] Media is in AVIF format (not PNG/JPG)
- [x] No broken image references (`/images/*.avif` all exist in
`static/images/`)
- [x] Tested locally with `hugo server`

<!-- START COPILOT CODING AGENT TIPS -->
---

✨ Let Copilot coding agent [set things up for
you](https://github.com/Stensel8/Zephyrus-Linux/issues/new?title=✨+Set+up+Copilot+instructions&body=Configure%20instructions%20for%20this%20repository%20as%20documented%20in%20%5BBest%20practices%20for%20Copilot%20coding%20agent%20in%20your%20repository%5D%28https://gh.io/copilot-coding-agent-tips%29%2E%0A%0A%3COnboard%20this%20repo%3E&assignees=copilot)
— coding agent works faster and does higher quality work when set up for
your repo.

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Stensel8 <102481635+Stensel8@users.noreply.github.com>

Author: Copilot

content/docs/virtualization/vm-setup.md

@@ -72,6 +72,17 @@ sudo virsh net-autostart default
 
 Note: If you see "network is already active", it is already running.
 
+{{< callout type="warning" >}}
+**Firewall notice:** On some distributions (e.g. CachyOS), the firewall blocks VM networking by default. If your VM cannot reach the internet or get an IP address, add these UFW rules:
+```bash
+sudo ufw allow in on virbr0 to any port 53 proto udp comment 'VM DNS'
+sudo ufw allow in on virbr0 to any port 67 proto udp comment 'VM DHCP'
+sudo ufw route allow in on virbr0
+sudo ufw route allow out on virbr0
+```
+Fedora and most other distros allow this traffic by default and do not need these rules.
+{{< /callout >}}
+
 **5. Download VirtIO drivers ISO:**
 ```bash
 # Download the official stable VirtIO drivers ISO (~753 MB)

content/docs/virtualization/vm-setup.nl.md

@@ -72,6 +72,17 @@ sudo virsh net-autostart default
 
 Let op: Als je "network is already active" ziet, draait het netwerk al.
 
+{{< callout type="warning" >}}
+**Firewallmelding:** Op sommige distributies (bijv. CachyOS) blokkeert de firewall VM-netwerken standaard. Als je VM geen verbinding met internet kan maken of geen IP-adres krijgt, voeg dan deze UFW-regels toe:
+```bash
+sudo ufw allow in on virbr0 to any port 53 proto udp comment 'VM DNS'
+sudo ufw allow in on virbr0 to any port 67 proto udp comment 'VM DHCP'
+sudo ufw route allow in on virbr0
+sudo ufw route allow out on virbr0
+```
+Fedora en de meeste andere distributies staan dit verkeer standaard toe en hebben deze regels niet nodig.
+{{< /callout >}}
+
 **5. VirtIO drivers ISO downloaden:**
 ```bash
 # Download de officiële stable VirtIO drivers ISO (~753 MB)