Skip to main content
Unix & Linux

Return to Question

Bumped by Community user
Bumped by Community user
Bumped by Community user
Bumped by Community user
Bumped by Community user
Bumped by Community user
Bumped by Community user
Bumped by Community user
Bumped by Community user
deleted 176 characters in body
Source Link
Rui F Ribeiro
Rui F Ribeiro
  • 57k
  • 26
  • 151
  • 233

I am completely new to lxc-containers. I installed lxc-container (fedora 29 amd64) on my ubuntu 18.04 system. The linux container had no firewall command line tools. Therefore I installed iptables into my container and it installed successfully.

However the same worked fine with my ubuntu host system, where the interface is named lxcbr0. Please let me know if I need to provide any additional information so that it could help me to make you understand the problem more clear

I am completely new to lxc-containers. I installed lxc-container (fedora 29 amd64) on my ubuntu 18.04 system. The linux container had no firewall command line tools. Therefore I installed iptables into my container and it installed successfully.

However the same worked fine with my ubuntu host system, where the interface is named lxcbr0. Please let me know if I need to provide any additional information so that it could help me to make you understand the problem more clear

I installed lxc-container (fedora 29 amd64) on my ubuntu 18.04 system. The linux container had no firewall command line tools. Therefore I installed iptables into my container and it installed successfully.

However the same worked fine with my ubuntu host system, where the interface is named lxcbr0.

Source Link
shiva
shiva
  • 49
  • 1
  • 7

How to implement iptables on lxc-container?

I am completely new to lxc-containers. I installed lxc-container (fedora 29 amd64) on my ubuntu 18.04 system. The linux container had no firewall command line tools. Therefore I installed iptables into my container and it installed successfully.

However I tried to configure the interfaces to drop all incoming and outgoing packets which did not work. I am giving you all the details here.

The command ip \a gave;

[root@fedora29 ~]# ip \a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:16:3e:4c:d8:bf brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 10.0.3.52/24 brd 10.0.3.255 scope global dynamic eth0
       valid_lft 3456sec preferred_lft 3456sec
    inet6 fe80::216:3eff:fe4c:d8bf/64 scope link 
       valid_lft forever preferred_lft forever

I have iptables rules as follows;

[root@fedora29 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Therefore I added the following two rules

iptables --table filter --append INPUT --in-interface eth0@if8 --jump DROP
iptables --table filter --append OUTPUT --out-interface eth0@if8 --jump DROP

When I finally saved the configuration with 

 iptables-save

[root@fedora29 ~]# iptables-save
# Generated by iptables-save v1.8.0 on Wed Feb 20 08:41:43 2019
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth0@if8 -j DROP
-A OUTPUT -o eth0@if8 -j DROP
COMMIT
# Completed on Wed Feb 20 08:41:43 2019

However the same worked fine with my ubuntu host system, where the interface is named lxcbr0. Please let me know if I need to provide any additional information so that it could help me to make you understand the problem more clear