When I setup LXD i use this lxc config set core.https_address "[::]:8443", which is fine for home/office network use but doing the same on a production server opens this up from the outside even when not needed.
So that this is available to containers that might have different networks but on the same host, is this just case a to use IP tables to block remote traffic or what is best way to deal with this given most standard configurations for VPSes or baremetal servers?
Yeah, I’d use firewalling for this. In general my machines that are directly exposed to the internet tend to have a firewall blocking all INPUT except for those ports I actually want to expose.
Hmm, no, you’d normally want rules in the INPUT table.
Usually you’d want to block everything except for established connections and whatever port you want to actually open.