[lxc-users] network isolation / per-container network
Lukas Pirl
mail at lukas-pirl.de
Thu May 31 09:21:51 UTC 2018
tl;dr: How to block traffic between containers? A bridge & subnet each?
Dear all.
I have a host which masquerades all packages to/from containers, since
I am restricted to one external IP address.
Currently, the containers share a subnet and can hence communicate with
each other. They have a veth each and share a bridge on the host side.
However, I want to fully control the traffic from/to/between the
containers from the host (i.e., iptables/netfilter).
Would having a subnet and a bridge on the host side per container be
the most "elegant" way to gain full control over the traffic between
containers? It feels a bit cumbersome/overkill.
Thanks in advance,
Lukas
(Please CC me directly, since I am not subscribed to lxc-users)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20180531/ea2ac263/attachment-0001.sig>
More information about the lxc-users
mailing list