@tomp
lxc network show lxdbr0
config:
ipv4.address: 10.167.8.1/24
ipv4.nat: "true"
ipv6.address: fd42:80a6:9b9d:5b7c::1/64
ipv6.nat: "true"
description: ""
name: lxdbr0
type: bridge
used_by:
- /1.0/instances/test2
- /1.0/profiles/default
managed: true
status: Created
locations:
- none
lxc network show secondary
config:
ipv4.address: none
ipv4.nat: "true"
ipv6.address: none
ipv6.nat: "true"
description: ""
name: secondary
type: bridge
used_by:
- /1.0/instances/test
managed: true
status: Created
locations:
- none
lxc config show test --expanded
architecture: x86_64
config:
image.architecture: amd64
image.description: ubuntu 22.04 LTS amd64 (release) (20220712)
image.label: release
image.os: ubuntu
image.release: jammy
image.serial: "20220712"
image.type: squashfs
image.version: "22.04"
security.nesting: "true"
volatile.base_image: 49261351a3dea3e8176138640e0a45a70e84c1aaa963bbbde232ea6ea5efdae9
volatile.cloud-init.instance-id: bb168346-c6bd-43ad-814c-a59adee52cad
volatile.eth0.hwaddr: 00:16:3e:42:11:cb
volatile.eth0.name: eth0
volatile.idmap.base: "0"
volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
volatile.last_state.power: STOPPED
volatile.uuid: 366f2276-66ba-4e46-a5ee-db77b8427357
devices:
eth0:
network: secondary
security.ipv4_filtering: "true"
type: nic
root:
path: /
pool: default
type: disk
ephemeral: false
profiles:
- default
stateful: false
description: ""
lxc config show test2 --expanded
architecture: x86_64
config:
image.architecture: amd64
image.description: ubuntu 22.04 LTS amd64 (release) (20220712)
image.label: release
image.os: ubuntu
image.release: jammy
image.serial: "20220712"
image.type: squashfs
image.version: "22.04"
security.nesting: "true"
volatile.base_image: 49261351a3dea3e8176138640e0a45a70e84c1aaa963bbbde232ea6ea5efdae9
volatile.cloud-init.instance-id: ce1ea6fb-ef6e-4217-babc-9323ba489b5d
volatile.eth0.hwaddr: 00:16:3e:0f:0e:33
volatile.idmap.base: "0"
volatile.idmap.current: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
volatile.idmap.next: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
volatile.last_state.idmap: '[{"Isuid":true,"Isgid":false,"Hostid":1000000,"Nsid":0,"Maprange":1000000000},{"Isuid":false,"Isgid":true,"Hostid":1000000,"Nsid":0,"Maprange":1000000000}]'
volatile.last_state.power: STOPPED
volatile.uuid: a34a723b-dd40-4609-960f-768758112665
devices:
eth0:
name: eth0
network: lxdbr0
security.port_isolation: "true"
type: nic
root:
path: /
pool: default
type: disk
ephemeral: false
profiles:
- default
stateful: false
description: ""
My setup is having n-amount of networks (currently testing with 2), each supposed to have their own set of containers, which each shouldn’t be able to communicate with those outside their bridge, the above link seems to remove the routing from the host, so it can’t route bridge to bridge, which could avoid having to create hundreds of iptables rules.