Thank you.
On 11/19/20 7:48 PM, Tom Eastep wrote:
On 11/16/20 5:22 AM, Łukasz Czerpak wrote:
Hi Matt,
Many thanks for your reply.
Are you using lxd firewall capabilities (1)?:
- If yes, This is unlikely to work as Shorewall will probably modify
what is created by lxd
Firewall in LXD has been disabled:
# lxc network show lxdbr0
config:
ipv4.address: 10.0.0.1/24
ipv4.firewall: "false"
ipv4.nat: "false"
ipv6.address: none
ipv6.firewall: "false"
- If no, have you looked at (2)
2) https://shorewall.org/bridge-Shorewall-perl.html
Yes, I've looked at it and - if my understanding is correct - the page
talks about separating interfaces connected to the bridge by declaring
more zones as bridge ports.
In my scenario I am not sure it's feasible since veth interfaces get
random names when containers are being started.
Anyway, the above can't explain why lxd-lxd (lxd2lxd) policy is set to
ACCEPT by default and why Shorewall removes lxd-lxd chain right after
created it.
You have set routeback=0, so lxd-lxd traffic is prohibited.
-Tom
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
