On Sun, Jan 11, 2015 at 10:48 AM, lee <l...@yagibdah.de> wrote: >> >> I don't want to run fail2ban in the container because the container must >> not mess with the firewall settings of the host. If a container can do >> that, then what's the point of having containers in the first place? >>
I've never used the LXC scripts to set up a container, but I actually run a firewall inside a container. You just need to run it in a separate network namespace so that it is messing with its own interface. In general, though, I wouldn't want my containers messing with my host interfaces. >> >> BTW, why does Gentoo put containers under /etc? Containers aren't >> configuration files ... > I'd never put a container there. I can't speak to how the lxc scripts are intended to be used - I don't use those tools to manage containers. I typically stick my containers in their own place in btrfs subvolumes for easy management. -- Rich
