[lxc-users] preventing multiple networks to connect to each other?
Tomasz Chmielewski
mangoo at wpkg.org
Sun Oct 1 17:59:30 UTC 2017
I would like to have several networks on the same host - so I've created
them with:
# lxc network create br-testing
# lxc network create br-staging
Then edited to match:
# lxc network show br-staging
config:
ipv4.address: 10.191.0.1/24
ipv4.dhcp.ranges: 10.191.0.50-10.191.0.254
ipv4.nat: "false"
# lxc network show br-testing
config:
ipv4.address: 10.190.0.1/24
ipv4.dhcp.ranges: 10.190.0.50-10.190.0.254
ipv4.nat: "false"
The problem is I'd like these network to be separated - i.e. containers
using br-staging bridge should not be able to connect to br-testing
containers, and the other way around. Both networks should be able to
connect to hosts in the internet.
Is there any easy switch for that? So far, one thing which works is
write my own iptables rules, but that gets messy with more networks.
Tomasz Chmielewski
https://lxadm.com
More information about the lxc-users
mailing list