1 |
On Sun, Jan 11, 2015 at 10:48 AM, lee <lee@××××××××.de> wrote: |
2 |
>> |
3 |
>> I don't want to run fail2ban in the container because the container must |
4 |
>> not mess with the firewall settings of the host. If a container can do |
5 |
>> that, then what's the point of having containers in the first place? |
6 |
>> |
7 |
|
8 |
I've never used the LXC scripts to set up a container, but I actually |
9 |
run a firewall inside a container. You just need to run it in a |
10 |
separate network namespace so that it is messing with its own |
11 |
interface. |
12 |
|
13 |
In general, though, I wouldn't want my containers messing with my host |
14 |
interfaces. |
15 |
|
16 |
>> |
17 |
>> BTW, why does Gentoo put containers under /etc? Containers aren't |
18 |
>> configuration files ... |
19 |
> |
20 |
|
21 |
I'd never put a container there. I can't speak to how the lxc scripts |
22 |
are intended to be used - I don't use those tools to manage |
23 |
containers. I typically stick my containers in their own place in |
24 |
btrfs subvolumes for easy management. |
25 |
|
26 |
-- |
27 |
Rich |