[lxc-users] Network isolation in unprivileged containers
Akshay Karle
akshay.a.karle at gmail.com
Tue Oct 20 11:11:30 UTC 2015
>
> It would help to know, what level of isolation you're thinking about?
> What is the final end goal?
>
I'm currently looking at ways to prevent any container from having the
ability to discover other containers in the network and sniff their packets
sent, which if sent over an unencrypted protocol (http for example) might
be harmful as it could expose data.
I'm now considering setting up iptable rules on the host to achieve this
but don't have much experience with iptables so will do my research now to
see what is needed to setup the right iptable rules.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20151020/6da560fa/attachment.html>
More information about the lxc-users
mailing list