[PVE-User] How to create simplist firewall for Containers with Venet?
Strommer Claus
claus.strommer at prylynx.com
Tue Jul 3 05:25:21 CEST 2012
If your containers are NATed, use iptables on the host. If the containers are bridged then firewall them off like you would any other network device. If you want extra isolation between the host and containers you could use two NICs then manage the host through one and send the bridged network through another.
On 2012-07-02, at 11:18 PM, Bruce B wrote:
> Hi Everyone,
>
> I am looking for a very simple firewall or method that would prevent containers being able to ping each other or the mother node. Reason for this is so that other container or the mother node doesn't come under attack if one of the containers is confiscated.
>
> Currently, I am using pfSense to provide private IP subnet to all container and containers are either using Veth or Venet. However, using both methods I am still able to ping other containers and mother node. I am not looking to involve another firewall than I currently have and if I have to do anything on mother, I prefer it to be simple changes as management becomes a nightmare if I have to do iptables.
>
> Please advise as to what my options are.
>
> Much appreciated,
> Bruce
> _______________________________________________
> pve-user mailing list
> pve-user at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-user
--
Claus Strommer,
Systems administrator and developer, Prylynx Corporation
claus.strommer at prylynx.com
(519) 895-0600 x3004
More information about the pve-user
mailing list