[lxc-users] LXC container isolation with iptables?
Andrey Repin
anrdaemon at yandex.ru
Sun Mar 4 18:36:40 UTC 2018
Greetings, Steven Spencer!
> Honestly, unless I'm spinning up a container on my local desktop, I always
> use the routed method.
This contradicts to…
> Because our organization always thinks of a container as a separate machine,
…this.
> it makes the build pretty similar whether the machine is on the LAN or WAN
> side of the network. It does, of course, require that each container run its
> own firewall, but that's what we would do with any machine on our network.
To me, macvlan bridging is more natural, all network devices are immediately
aware of the container, you could move containers across your network at will
and you don't have to waste your mind with routing information.
--
With best regards,
Andrey Repin
Sunday, March 4, 2018 21:34:40
Sorry for my terrible english...
More information about the lxc-users
mailing list