[lxc-users] LXC container isolation with iptables?
bkw - lxc-user
bkw+1519751212 at 70mpg.org
Tue Feb 27 17:21:19 UTC 2018
I have an LXC host. On that host, there are several unprivileged
containers. All containers and the host are on the same subnet, shared
via bridge interface br0.
If container A (IP address 192.168.1.4) is listening on port 80, can I
put an iptables rule in place on the LXC host machine, that would
prevent container B (IP address 192.168.1.5) from having access to
container A on port 80?
I've tried this set of rules on the LXC host, but they don't work:
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A FORWARD -j DROP -s 192.168.1.5 -d 192.168.1.4
Container B still has access to container A's port 80.
Thanks, in advance, for any assistance you can provide.
More information about the lxc-users
mailing list