LXC firewall rule - only internet access

D

Duckdave

Member
May 30, 2018
38
1
13
Is it possible to configure the pve firewall that a lxc can only reach the internet and no other ip addresses in the same subnet?

i know it from pfsense where i can configure a rule that only counts on a specific gateway.

Regards
 
You can create an IPSet containing all of your local networks (e.g. 192.168.0.0/16, 10.0.0.0/8, etc...) and then add the following rules:

Code: 
Rule #1
Direction: out
Action: ACCEPT
Destination: <Your Gateway IP>

Rule #2
Direction: out
Action: DROP
Destination: <IPSet you created>

The first one should be optional, but improves reliability (allows ICMP messages for example).
 
You must log in or register to reply here.
Top Bottom