[lxc-users] LXC - Best way to avoid networking changes in a container

gustavo panizzo (gfa) gfa at zumbi.com.ar
Fri Jun 26 13:23:49 UTC 2015


you can configure openvswitch to drop the pkts if the mac address and/or
ip does not match. or you can use an SDN controller which will do it for
you

http://openvswitch.org/pipermail/discuss/2011-May/005112.html for an
example how to do it manually


On June 26, 2015 11:59:04 AM GMT+08:00, Benoit GEORGELIN - Association Web4all <benoit.georgelin at web4all.fr> wrote:
>Hi, 
>
>I'm looking to avoid network changes in an LXC container with root
>access while the system is up and running. 
>
>Let's say I have two containers running. 
>
>A: 192.168.0.100/24 
>B: 192.168.0.200/24 
>
>They are both on the same private network but it can be a public
>network too. 
>How can I prevent root user from container B to change his IP address
>and user the IP address of container A ? 
>
>Container network is built on top of Ovs Switch . Maybe there is a way
>to restrict MAC Address and IP for a specific port ? I did not see any
>option. 
>
>Thanks for you advises ! 
>
>Cordialement, 
>Benoit G 
>
>
>------------------------------------------------------------------------
>
>_______________________________________________
>lxc-users mailing list
>lxc-users at lists.linuxcontainers.org
>http://lists.linuxcontainers.org/listinfo/lxc-users

-- 
1AE0 322E B8F7 4717 BDEA BF1D 44BB 1BA7 9F6C 6333

Sent from mobile.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150626/d7f5e059/attachment.html>


More information about the lxc-users mailing list