[PVE-User] How to create simplist firewall for Containers with Venet?

Bruce B bruceb444 at gmail.com
Tue Jul 3 05:18:46 CEST 2012


Hi Everyone,

I am looking for a very simple firewall or method that would prevent
containers being able to ping each other or the mother node. Reason for
this is so that other container or the mother node doesn't come under
attack if one of the containers is confiscated.

Currently, I am using pfSense to provide private IP subnet to all container
and containers are either using Veth or Venet. However, using both methods
I am still able to ping other containers and mother node. I am not looking
to involve another firewall than I currently have and if I have to do
anything on mother, I prefer it to be simple changes as management becomes
a nightmare if I have to do iptables.

Please advise as to what my options are.

Much appreciated,
Bruce
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.proxmox.com/pipermail/pve-user/attachments/20120702/cc10062a/attachment.htm>


More information about the pve-user mailing list