I have an LXC host. On that host, there are several unprivileged
containers. All containers and the host are on the same subnet, shared
via bridge interface br0.
If container A (IP address 192.168.1.4) is listening on port 80, can I
put an iptables rule in place on the LXC host machine, that would
prevent container B (IP address 192.168.1.5) from having access to
container A on port 80?
I've tried this set of rules on the LXC host, but they don't work:
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A FORWARD -j DROP -s 192.168.1.5 -d 192.168.1.4
Container B still has access to container A's port 80.
Thanks, in advance, for any assistance you can provide.
_______________________________________________
lxc-users mailing list
[email protected]
http://lists.linuxcontainers.org/listinfo/lxc-users
