Portmaster on Virtual Machines are currently not officially supported
The simplest and most reliable fix is to make your Virtual Machine use a static DNS instead of your System DNS.
For example Cloudflare which is 1.1.1.1 and 1.0.0.1
1.1.1.1 and 1.0.0.11.1.1.1Allow KVM's network range in the "Network Noise" profile.
Allow 192.168.122.0/24 # KVM Network Range
Block * # Block anything else
Rules are checked from top to bottom, stopping after the first match.
Make sure Exclude * is at the bottom.
The KVM network is currently being detected as "Network Noise" and is getting blocked as "LAN Peer-To-Peer Incoming" which is blocked by "Force Block Incoming Connections"