There is a post API 1.0 variable
The changes below were introduced to the LXD API after the 1.0 API was finalized.
Add two new keys,
ipv6.firewallwhich if set to false will turn off the generation of iptables FORWARDING rules. NAT rules will still be added so long as the matching
ipv6.natkey is set to true.
Rules necessary for dnsmasq to work (DHCP/DNS) will always be applied if dnsmasq is enabled on the bridge.
Looking for it but it’s not there:
$ lxc network show lxdbr0 config: ipv4.address: 10.185.64.1/24 ipv4.nat: "true" ipv6.address: fd42:f2c5:781c:6810::1/64 ipv6.nat: "true" description: "" name: lxdbr0 type: bridge used_by: - /1.0/containers/C - /1.0/containers/S managed: true status: Created locations: - none
lxc network get lxdbr0 ipv4.nat true
and is true that setting both
ipv4.firewall to false will result in no iptables rules for
lxdbr0 at all?