Aloha,
I have a setup where one of my containers have been compromised, and I would like to quarantine it from accessing the internet, while still allowing local traffic needed to migrate application data to a new container. I believe there’s little risk that the compromised container infects other containers on the local network, I’ve cleaned whatever I was able to find, but I would rather take no chances of it initiating a reverse shell connection to a remote C2 which may be used to push other malicious payloads onto the affected container.
Is there a way to prevent a container from accessing the internet while keeping its local LAN traffic ?
All containers share a bridge on the host that is not managed by LXD/Incus and I have no prior knowledge of lxd networks. Ideally the solution would be applied from the host, either through iptables rules, bridge config or LXD network settings.
Thanks by advance~ !