infix icon indicating copy to clipboard operation
infix copied to clipboard
verified publisher icon kernelkit

test: basic firewall container

Open troglobit opened this issue 1 year ago • 1 comments

Basic Firewall Container

Verify masquerading and port forwarding using nftables container in network host mode. Proposed setup, which also verifies support for >1 container.

Image

  1. httpd container starts up on a generic port (use port 91, port 80 is used by nginx) with a single veth pair (copy an existing test that already does this)
  2. allow forwarding between interfaces in Infix
  3. nftables container which installs IP masquerading and port forward from ext1 port 8080 to int0 port 91 (.conf base64 encoded in configuration)

Resources

  • Documentation: https://github.com/kernelkit/infix/blob/main/doc/container.md#host-networking
  • Example: https://github.com/kernelkit/infix/blob/main/doc/container.md#examples

See also the blog post Firewall Container for more help and inspiration.

troglobit avatar Sep 03 '24 05:09 troglobit

Team reprio meeting: needs more focus until release, move assignment to @troglobit

troglobit avatar Oct 09 '24 12:10 troglobit