On 12/14/20 12:05 AM, John Hurnett wrote:
Hi,
I can't get iptables to work in libvirt-lxc containers. "iptables -L"
command shows empty chains. However I tested the same scenario with pure
lxc and iptables works as it should.
Has anyone experienced that? It seems like a bug, but maybe there is some
libvirt xml parameter I am missing?
BR
Libvirt will create a private network NS if:
1) you have an <interface/> defined for your container, or
2) <privnet/> exists under <features/>
This is documented here:
https://libvirt.org/drvlxc.html#securenetworking
And private network NS also means separate firewall and its tables.
Michal
