I have 15 containers that I would like to implement network-level port restrictions on between the containers. For example, 5 containers cannot SSH to the other 10 containers. All containers use bridged networking on br0. The host also uses br0 for physical network traffic.
Is it possible to implement firewalling inside of the linux bridge (br0) or do I have to implement iptables scripts across all 15 containers?
My googling has possibly recommended using open v-switch, though I’m yet to find any guides on using open v-switch with LXC, and I’m very unfamiliar with it.