BStern
(Bret Stern)
December 29, 2023, 3:24pm
1
I’ve searched for the subject topic and found several. This link seems close:
Currently I’m using lxdbr0 (the default) which has been a very simple way of using container networking.
However just spotted that the containers running on the same lxdbr0 are visible to each other. Which is undesirable.
What is the simplest way of isolating the network of each container.
Thanks in advance…
We are in early stages of hosting containers for external client ERP environments.
Ultimately each container will need wan gateway access and nothing else. No visibility to other client
containers.
However administration of these containers will need access to all the containers.
Is anyone doing a similar arrangement?
Interested in feedback,
Regards Bret Stern
stgraber
(Stéphane Graber)
December 29, 2023, 4:23pm
2
Even on a simple bridged network, there’s support for this kind of isolation.
You’ll likely want the full complement of nic device options:
security.ipv4_filtering=true (prevents IPv4 spoofing)
security.ipv6_filtering=true (prevents IPv6 spoofing)
security.mac_filtering=true (prevents MAC spoofing)
security.port_isolation=true (prevents container to container traffic)
Network devices, also referred to as Network Interface Controllers or NICs, supply a connection to a network. Incus supports several different types of network devices ( NIC types). nictype vs. net...
If you need a more complex setup where each customer has multiple containers that need to interact with each other, then you may want to opt for OVN networking which then allows for an unlimited number of virtual networks with ACL/firewalling support to allow exactly the traffic you want.