Hello ! Probably someone knows about iptables. If I use a LXC based VM, I am sharing the host iptables with the VM. But I do not understand the scenario in full. Waht myke my basic running is, that I initialized the required modules on the host side (at its start), so the LXC VM is finding already loaded modules.
What I wish to schieve, is to build a firewalls router as a VM, so I can handle rules for the ISP interface, a DMZ and the LAN separately. My current iptables script just became unmaintainable due to its size (I am omitting the other half of the truth - my iptables script has been evolved over the years from bad beginnings). Anyway, I am finding the idea superb. On the other hand, such a VM would have to handle nearly nothing except package switching - so a full virtualization, like QEMU, may better fit, even with restricted cpu power (due to emulation). But this would ensure, that the iptables inside the VM are really isolated. There are other difficulties, if OpenVswitch and iptables are used together - which I was not able to track until now. My firewall starts with ports of OpenVswitch, because it allows me to create a mirror port, which iself goes over the LAN as VLANxx, so I can make some diagnostics at a better suited box. Any hints and/or ideas are really very welcome! Thanks anyway, Manfred _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
