Bridge networking exclusion


In my Ubuntu, I have and, the former connects to dsl while the later connects to a local area network, if I start a lxd container, it automatically has the lxdbr0 as the network connection, inside the container I can ping all the 192.168.1.x and 10.0.0.x machines in the network, I’d like to exclude 10.0.0.x from lxdbr0, is there a way? thanks

sudo lxc network show lxdbr0

  ipv4.nat: "true"
  ipv6.address: none
description: ""
name: lxdbr0
type: bridge
- /1.0/containers/test-container
managed: true

You’d do that with good old iptables, putting it in an init script for persistency:

iptables -I FORWARD -i lxdbr0 -d -j REJECT