Hello,
I have some vps in the same private lan of my office where the router doesn't support VLAN and DMZ.
Therefore to isolate each container from privates hosts on the lan I apply this rules, where it can communicate only with the gateway and not with the entire lan subnet.
It just works but if I create a security group with this rules at dataceneter level to add easy on any new vps/lxc on directly on the dedicated network vps bridge it doesn't work and the rules are not applied.
It the wrong way to works with security group? I neee to works in another way?
Is the best for me if I can apply rules directly on the bridge for all inside vps/lcx or as single click on each vps/lxc
OUT ACCEPT -dest dc/ip-gateway -log nolog
OUT ACCEPT -dest nginx-stream -log info
OUT DROP -dest dc/subent-lan -log nolog
Where I'm wrong?
FULL FIREWALL LXC RULES
I have some vps in the same private lan of my office where the router doesn't support VLAN and DMZ.
Therefore to isolate each container from privates hosts on the lan I apply this rules, where it can communicate only with the gateway and not with the entire lan subnet.
It just works but if I create a security group with this rules at dataceneter level to add easy on any new vps/lxc on directly on the dedicated network vps bridge it doesn't work and the rules are not applied.
It the wrong way to works with security group? I neee to works in another way?
Is the best for me if I can apply rules directly on the bridge for all inside vps/lcx or as single click on each vps/lxc
OUT ACCEPT -dest dc/ip-gateway -log nolog
OUT ACCEPT -dest nginx-stream -log info
OUT DROP -dest dc/subent-lan -log nolog
Where I'm wrong?
FULL FIREWALL LXC RULES
Code:
[OPTIONS]
log_level_in: info
ips: 1
policy_out: DROP
ipfilter: 0
enable: 1
radv: 1
ips_queues: 0
dhcp: 1
[RULES]
OUT ACCEPT -dest dc/ip-gateway -log nolog
OUT ACCEPT -dest nginx-stream -log info
OUT DROP -dest dc/subent-lan -log nolog
GROUP in_http_https
IN ACCEPT -source subnet-lan -p tcp -dport 81 -log info