Greetings, Tomasz Chmielewski! > I have these two networks:
> # lxc network show br-staging > config: > ipv4.address: 10.100.0.1/24 > ipv4.dhcp.ranges: 10.100.0.50-10.100.0.254 > ipv4.firewall: "true" > ipv4.nat: "true" > description: staging network > name: br-staging > type: bridge > # lxc network show br-testing > config: > ipv4.address: 10.200.0.1/24 > ipv4.dhcp.ranges: 10.200.0.50-10.200.0.254 > ipv4.firewall: "true" > ipv4.nat: "true" > description: testing network > name: br-testing > type: bridge > Containers in these two networks have IP address assigned from DHCP and > can connect out to the world - this is what I want. > Unfortunately, containers from one network (staging) can also connect to > containers from the other network (testing) - which is not what I want. So, fix it? iptables to your rescue. (E.g.: this is not an LXD problem.) > Is there any mechanism in LXD to prevent it? Or do I have to add my own, > custom iptables rules? You have enabled packet forwarding on the host, but not specified any restrictions. Indeed, everything is forwarded where possible. -- With best regards, Andrey Repin Monday, February 10, 2020 23:31:02 Sorry for my terrible english... _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
