I got this all working, but need to document.

Firewall

UFW does not work inside of LXC because it is run at kernel level. UFW does not work with LXC well because I can't port forward easily and IP Tables seems the way to got for now. Should make a request to UFW to fix that... in any event, need to figure out how to firewall Host and containers.

macvtap

This looks promising... The most prominent user of macvtap interfaces seems to be libvirt/KVM, which allows guests to be connected to macvtap interfaces. Doing so allows for (almost) bridged-like behaviour of guests but without the need to have a real bridge on the host, as a regular ethernet interface can be used as the macvtap's lower device.

...

Page tree

Versions Compared

Old Version 41

New Version 42

Key

Firewall

macvtap

Page tree

Page History

Versions Compared

Old Version 41

New Version 42

Key

Firewall

macvtap