[lxc-users] how to forbid cross-network traffic?
Tomasz Chmielewski
mangoo at wpkg.org
Mon Feb 10 17:41:13 UTC 2020
I have these two networks:
# lxc network show br-staging
config:
ipv4.address: 10.100.0.1/24
ipv4.dhcp.ranges: 10.100.0.50-10.100.0.254
ipv4.firewall: "true"
ipv4.nat: "true"
description: staging network
name: br-staging
type: bridge
# lxc network show br-testing
config:
ipv4.address: 10.200.0.1/24
ipv4.dhcp.ranges: 10.200.0.50-10.200.0.254
ipv4.firewall: "true"
ipv4.nat: "true"
description: testing network
name: br-testing
type: bridge
Containers in these two networks have IP address assigned from DHCP and
can connect out to the world - this is what I want.
Unfortunately, containers from one network (staging) can also connect to
containers from the other network (testing) - which is not what I want.
Is there any mechanism in LXD to prevent it? Or do I have to add my own,
custom iptables rules?
Tomasz Chmielewski
More information about the lxc-users
mailing list