root@v1:~# incus project create foo
Project foo created
root@v1:~# incus project create bar
Project bar created
root@v1:~# incus profile show default | incus profile edit default --project foo
root@v1:~# incus profile show default | incus profile edit default --project bar
root@v1:~# incus network create br-foo
Network br-foo created
root@v1:~# incus network create br-bar
Network br-bar created
root@v1:~# incus profile device set default eth0 network=br-foo --project foo
root@v1:~# incus profile device set default eth0 network=br-bar --project bar
root@v1:~# incus launch images:ubuntu/22.04 u1 --project foo
Launching u1
root@v1:~# incus launch images:ubuntu/22.04 u2 --project bar
Launching u2
root@v1:~# incus list --all-projects
+---------+------+---------+----------------------+-----------------------------------------------+-----------+-----------+
| PROJECT | NAME | STATE | IPV4 | IPV6 | TYPE | SNAPSHOTS |
+---------+------+---------+----------------------+-----------------------------------------------+-----------+-----------+
| bar | u2 | RUNNING | 10.225.141.73 (eth0) | fd42:e575:3737:756a:216:3eff:fe79:b3b6 (eth0) | CONTAINER | 0 |
+---------+------+---------+----------------------+-----------------------------------------------+-----------+-----------+
| foo | u1 | RUNNING | 10.190.44.137 (eth0) | fd42:df65:6f8e:f6a5:216:3eff:fe34:6f0d (eth0) | CONTAINER | 0 |
+---------+------+---------+----------------------+-----------------------------------------------+-----------+-----------+
root@v1:~# incus exec u1 bash --project foo
root@u1:~# ping 10.225.141.73
PING 10.225.141.73 (10.225.141.73) 56(84) bytes of data.
64 bytes from 10.225.141.73: icmp_seq=1 ttl=63 time=0.079 ms
^C
--- 10.225.141.73 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.079/0.079/0.079/0.000 ms
root@u1:~#
exit
root@v1:~# incus network acl create public-only
Network ACL public-only created
root@v1:~# incus network acl rule add public-only ingress action=allow
root@v1:~# incus network acl rule add public-only egress action=allow
root@v1:~# incus network acl rule add public-only egress action=reject destination=10.0.0.0/8
root@v1:~# incus network acl rule add public-only egress action=reject destination=192.168.0.0/16
root@v1:~# incus network acl rule add public-only egress action=reject destination=172.16.0.0/12
root@v1:~# incus network set br-bar security.acls=public-only
root@v1:~# incus network set br-foo security.acls=public-only
root@v1:~# incus exec u1 bash --project foo
root@u1:~# ping 10.225.141.73
PING 10.225.141.73 (10.225.141.73) 56(84) bytes of data.
From 10.190.44.1 icmp_seq=1 Destination Port Unreachable
^C
--- 10.225.141.73 ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
root@u1:~# ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.
64 bytes from 1.1.1.1: icmp_seq=1 ttl=57 time=8.91 ms
^C
--- 1.1.1.1 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 8.911/8.911/8.911/0.000 ms
root@u1:~#
exit
root@v1:~#
9 Likes