Libvirt-lxc: iptables not working in containers
Michal Privoznik
mprivozn at redhat.com
Tue Dec 15 10:32:00 UTC 2020
On 12/14/20 12:05 AM, John Hurnett wrote:
> Hi,
> I can't get iptables to work in libvirt-lxc containers. "iptables -L"
> command shows empty chains. However I tested the same scenario with pure
> lxc and iptables works as it should.
> Has anyone experienced that? It seems like a bug, but maybe there is some
> libvirt xml parameter I am missing?
>
> BR
>
Libvirt will create a private network NS if:
1) you have an <interface/> defined for your container, or
2) <privnet/> exists under <features/>
This is documented here:
https://libvirt.org/drvlxc.html#securenetworking
And private network NS also means separate firewall and its tables.
Michal
More information about the libvirt-users
mailing list