I want to “copy” this in Incus, so I create my web server and my db containers from docker images, both working ok. My question is, how can I made my db container isolated from host but accessed from my web server container?
First thought was to create a network (call it B) and attach both containers to it, and my main incus bridged network attached only to the web server container.
Is there a way to get my B network isolated from host? Should I use ovn?
My goal is simulate the behavior (inner communication but isolation from “outside”) that you get when using a compose file in docker.
You should be able to block what you want by creating a separate network and then attaching a network ACL to the network to block any ingress/egress to it.
The empty ACL should basically block everything. Container to container traffic will remain allowed within that network as ACLs on regular bridge networks cannot perform micro-segmentation (ACLs on individual instances within the network).