Hi,
I’m using LXD in network routed mode (server act as router). Looks like it works more or less stable.
I see that on container start, LXD created an entry in firewall filter dynamically on container start i.e.:
table inet lxd {
chain prert.as-stats.eth0 {
type filter hook prerouting priority raw; policy accept;
iif "veth32f4ba76" fib saddr . iif oif missing drop
}
}
To limit access to my containers, I’ve created forwarding rules in nftables:
chain host_site1 {
ip saddr @ALLOWED_ACCESS_WWW tcp dport 80 counter packets 12008 bytes 720480 accept
}
chain forward {
type filter hook forward priority filter; policy drop;
ip protocol { tcp, udp } ip daddr 17.130.2.241 jump host_site1
ip protocol { icmp, tcp, udp } ip saddr @LXC_CONTAINERS counter packets 288 bytes 20374 accept
}
Is there a way to create such rules dynamically on container start.
For example, add rule on start ip protocol { tcp, udp } ip daddr 17.130.2.241 jump host_site1
and remove it on container stop?
Thanks in advance.