I installed lxc-container (fedora 29 amd64) on my ubuntu 18.04 system. The linux container had no firewall command line tools. Therefore I installed iptables into my container and it installed successfully.
However I tried to configure the interfaces to drop all incoming and outgoing packets which did not work. I am giving you all the details here.
The command ip \a
gave;
[root@fedora29 ~]# ip \a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 00:16:3e:4c:d8:bf brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 10.0.3.52/24 brd 10.0.3.255 scope global dynamic eth0 valid_lft 3456sec preferred_lft 3456sec inet6 fe80::216:3eff:fe4c:d8bf/64 scope link valid_lft forever preferred_lft forever
I have iptables rules as follows;
[root@fedora29 ~]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
Therefore I added the following two rules
iptables --table filter --append INPUT --in-interface eth0@if8 --jump DROP
iptables --table filter --append OUTPUT --out-interface eth0@if8 --jump DROP
When I finally saved the configuration with
iptables-save
[root@fedora29 ~]# iptables-save # Generated by iptables-save v1.8.0 on Wed Feb 20 08:41:43 2019 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -i eth0@if8 -j DROP -A OUTPUT -o eth0@if8 -j DROP COMMIT # Completed on Wed Feb 20 08:41:43 2019
However the same worked fine with my ubuntu host system, where the interface is named lxcbr0.
systemctl iptables reload
. Failed to reload iptables.service: Unit iptables.service not found.
ip \a
in contrast toip a
?