plugins icon indicating copy to clipboard operation
plugins copied to clipboard
verified publisher icon containernetworking

bridge: Add an option to enable port isolation

Open ormergi opened this issue 1 year ago • 1 comments

Enable bridge CNI users set port-isolation [1] on the interface.

Linux-bridge port that is set as isolated cannot communicate with other isolated ports (they can still communicate with non-isolated ports). For example: In case I have two containers connected over a bridge (running on the same node), I want traffic to go though a smart switch, and the switch should decide whether these containers can communicate with each other according to some restrictions or policies.

Add new option should be an addition flag, controlling whether port-isolation is set on the interface or not. Default should be false.

[1] https://man7.org/linux/man-pages/man8/bridge.8.html (see "isolated" option)

ormergi avatar Jan 09 '25 15:01 ormergi

/cc @SchSeba

ormergi avatar Jan 19 '25 23:01 ormergi

The code that resolve this request has merged.

Thank you @squeed

/close

ormergi avatar Apr 10 '25 13:04 ormergi