Not found anything to answer this on the site… I want to sandbox containers and they do there network access via OPENVPN (tun0) however I don’t want them to access the local network via the lxdbr0.
The hosts routing table has a 192.168.1.0/24 entry which allows the containers via lxdbr0 to access that entire subnet.
I’ve added a iptables entry which seems to do the job…
#iptables -A FORWARD -i lxdbr0 -o eth0 -j DROP
Whats the consensus on this?, Is there another way to stop the containers from accessing anywhere other than tun0?