| 1 |
On Sun, Jan 11, 2015 at 10:48 AM, lee <lee@××××××××.de> wrote: |
| 2 |
>> |
| 3 |
>> I don't want to run fail2ban in the container because the container must |
| 4 |
>> not mess with the firewall settings of the host. If a container can do |
| 5 |
>> that, then what's the point of having containers in the first place? |
| 6 |
>> |
| 7 |
|
| 8 |
I've never used the LXC scripts to set up a container, but I actually |
| 9 |
run a firewall inside a container. You just need to run it in a |
| 10 |
separate network namespace so that it is messing with its own |
| 11 |
interface. |
| 12 |
|
| 13 |
In general, though, I wouldn't want my containers messing with my host |
| 14 |
interfaces. |
| 15 |
|
| 16 |
>> |
| 17 |
>> BTW, why does Gentoo put containers under /etc? Containers aren't |
| 18 |
>> configuration files ... |
| 19 |
> |
| 20 |
|
| 21 |
I'd never put a container there. I can't speak to how the lxc scripts |
| 22 |
are intended to be used - I don't use those tools to manage |
| 23 |
containers. I typically stick my containers in their own place in |
| 24 |
btrfs subvolumes for easy management. |
| 25 |
|
| 26 |
-- |
| 27 |
Rich |
Archives