You are not logged in.

#1 2019-12-08 13:32:33

chrisdb
Member
Registered: 2019-09-12
Posts: 50

[SOLVED] LXC firewall rules

Hello,

I am currently trying out lxc. But the problem is I'm using nftables instead of iptables.

I can't seem to find the necessary rules to enable internet access to my container from the host.

Can anyone provide me with the rules?

Here's my current nftables config:

#!/sbin/nft -f

flush ruleset

# applies to both IPv4 and IPv6
table inet filter {
        chain input {
                type filter hook input priority 0; policy drop;

                # drop invalid packets
                ct state invalid counter drop

                # accept established/related connections
                ct state established,related accept

                # accept loopback interface
                iifname lo accept

                # drop connections to loopback not coming from loopback
                iifname != lo ip daddr 127.0.0.1/8 counter drop
                iifname != lo ip6 daddr ::1/128 counter drop

                # accept all icmp types
                ip protocol icmp counter accept
                ip6 nexthdr icmpv6 counter accept

                # count dropped packets
                counter
        }

        chain forward {
                type filter hook forward priority 0; policy drop;
                counter
        }

        chain output {
                type filter hook output priority 0; policy accept;
                counter
        }

}

Last edited by chrisdb (2019-12-08 19:27:35)

Offline

#2 2019-12-08 19:27:07

chrisdb
Member
Registered: 2019-09-12
Posts: 50

Re: [SOLVED] LXC firewall rules

I'm gonna suspend this thread.

Seem to be having issues with nftables in combination with iptables which is used by LXC...

Offline

Board footer

Powered by FluxBB