Hi All,
PVE controls LXc network interface tight by manage interface files. This leads to NetworkManaget takes config from files, and it is OK until firewalld used inside LXC.
The problem, found in Centos 7 (and posible others RHEL-based) that firewalld binds NetworkManager controlled interface to defailt firewall zone on boot, regardless of what configured in firewalld. In the regular install, it may be fixed by including ZONE=zonename option in the intrface file. But PVE rewrites these files on reboot and this solution can't survive reboot.
The question is if it possible to add some extra options to LXE network config of RHEL containers? Any extra file, like used to add routes? I see workaround to use address range for zone definition instead of interface. Or use PVE firewall instead if firewalld inside container. But for some reason I prefer to keep firewall inside LXC.
Any ideas?
PVE controls LXc network interface tight by manage interface files. This leads to NetworkManaget takes config from files, and it is OK until firewalld used inside LXC.
The problem, found in Centos 7 (and posible others RHEL-based) that firewalld binds NetworkManager controlled interface to defailt firewall zone on boot, regardless of what configured in firewalld. In the regular install, it may be fixed by including ZONE=zonename option in the intrface file. But PVE rewrites these files on reboot and this solution can't survive reboot.
The question is if it possible to add some extra options to LXE network config of RHEL containers? Any extra file, like used to add routes? I see workaround to use address range for zone definition instead of interface. Or use PVE firewall instead if firewalld inside container. But for some reason I prefer to keep firewall inside LXC.
Any ideas?
