My goal is to host several small Picolisp websites on-prem. I have fiber internet, a static IP, and domain names. And, I can port-forward through my Verizon FIOS router. My understanding is that the web servers should be isolated from the rest of my LAN.
Question:
Can I and, if so, how can I configure container network to securely isolate the rest of the LAN from exposure to the wild web without placing them in an external DMZ or VLAN?
I’ve studied LXD/Incus documentation; installed LXD (plan to replace
with Incus) and have worked through many tutorials. But, still, my ambitions exceed my know how.
You can create a network ACL with incus network acl and then assign it to your network with incus network set NAME security.acls=ACLNAME so you can restrict exactly what your instances can connect to.