I wanted to test the efficiency of Ipfilter-net for container.
Inside the container, after running the following command ( from https://sandilands.info/sgordon/address-spoofing-with-iptables-in-linux), spoofing the ip, all output network activity is blocked ( ping etc).
The most interesting fact is that the output is blocked, even without activating general IP Filter option in the VM’s firewall’s options tab https://pve.proxmox.com/pve-docs/chapter-pve-firewall.html#pve_firewall_ipfilter_section
Running the same iptables command from Proxmox host, doesn’t block output.
Something at LXC level is blocking outgoing spoofed connection, without ipfilter option. What is it?
Thank you!
Inside the container, after running the following command ( from https://sandilands.info/sgordon/address-spoofing-with-iptables-in-linux), spoofing the ip, all output network activity is blocked ( ping etc).
Code:
iptables -t nat -A POSTROUTING -j SNAT --to-source 1.1.1.1The most interesting fact is that the output is blocked, even without activating general IP Filter option in the VM’s firewall’s options tab https://pve.proxmox.com/pve-docs/chapter-pve-firewall.html#pve_firewall_ipfilter_section
Running the same iptables command from Proxmox host, doesn’t block output.
Something at LXC level is blocking outgoing spoofed connection, without ipfilter option. What is it?
Thank you!
