How to implement iptables on lxc-container?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP












0















I installed lxc-container (fedora 29 amd64) on my ubuntu 18.04 system. The linux container had no firewall command line tools. Therefore I installed iptables into my container and it installed successfully.



However I tried to configure the interfaces to drop all incoming and outgoing packets which did not work. I am giving you all the details here.



The command ip a gave;



[root@fedora29 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:16:3e:4c:d8:bf brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.0.3.52/24 brd 10.0.3.255 scope global dynamic eth0
valid_lft 3456sec preferred_lft 3456sec
inet6 fe80::216:3eff:fe4c:d8bf/64 scope link
valid_lft forever preferred_lft forever


I have iptables rules as follows;



[root@fedora29 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


Therefore I added the following two rules



iptables --table filter --append INPUT --in-interface eth0@if8 --jump DROP
iptables --table filter --append OUTPUT --out-interface eth0@if8 --jump DROP


When I finally saved the configuration with


 iptables-save


[root@fedora29 ~]# iptables-save
# Generated by iptables-save v1.8.0 on Wed Feb 20 08:41:43 2019
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth0@if8 -j DROP
-A OUTPUT -o eth0@if8 -j DROP
COMMIT
# Completed on Wed Feb 20 08:41:43 2019


However the same worked fine with my ubuntu host system, where the interface is named lxcbr0.










share|improve this question
























  • have you reloaded the iptables service after saving? systemctl iptables reload

    – RobotJohnny
    Feb 20 at 13:12











  • @RobotJohnny It's giving . Failed to reload iptables.service: Unit iptables.service not found.

    – shiva
    Feb 21 at 7:29
















0















I installed lxc-container (fedora 29 amd64) on my ubuntu 18.04 system. The linux container had no firewall command line tools. Therefore I installed iptables into my container and it installed successfully.



However I tried to configure the interfaces to drop all incoming and outgoing packets which did not work. I am giving you all the details here.



The command ip a gave;



[root@fedora29 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:16:3e:4c:d8:bf brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.0.3.52/24 brd 10.0.3.255 scope global dynamic eth0
valid_lft 3456sec preferred_lft 3456sec
inet6 fe80::216:3eff:fe4c:d8bf/64 scope link
valid_lft forever preferred_lft forever


I have iptables rules as follows;



[root@fedora29 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


Therefore I added the following two rules



iptables --table filter --append INPUT --in-interface eth0@if8 --jump DROP
iptables --table filter --append OUTPUT --out-interface eth0@if8 --jump DROP


When I finally saved the configuration with


 iptables-save


[root@fedora29 ~]# iptables-save
# Generated by iptables-save v1.8.0 on Wed Feb 20 08:41:43 2019
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth0@if8 -j DROP
-A OUTPUT -o eth0@if8 -j DROP
COMMIT
# Completed on Wed Feb 20 08:41:43 2019


However the same worked fine with my ubuntu host system, where the interface is named lxcbr0.










share|improve this question
























  • have you reloaded the iptables service after saving? systemctl iptables reload

    – RobotJohnny
    Feb 20 at 13:12











  • @RobotJohnny It's giving . Failed to reload iptables.service: Unit iptables.service not found.

    – shiva
    Feb 21 at 7:29














0












0








0








I installed lxc-container (fedora 29 amd64) on my ubuntu 18.04 system. The linux container had no firewall command line tools. Therefore I installed iptables into my container and it installed successfully.



However I tried to configure the interfaces to drop all incoming and outgoing packets which did not work. I am giving you all the details here.



The command ip a gave;



[root@fedora29 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:16:3e:4c:d8:bf brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.0.3.52/24 brd 10.0.3.255 scope global dynamic eth0
valid_lft 3456sec preferred_lft 3456sec
inet6 fe80::216:3eff:fe4c:d8bf/64 scope link
valid_lft forever preferred_lft forever


I have iptables rules as follows;



[root@fedora29 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


Therefore I added the following two rules



iptables --table filter --append INPUT --in-interface eth0@if8 --jump DROP
iptables --table filter --append OUTPUT --out-interface eth0@if8 --jump DROP


When I finally saved the configuration with


 iptables-save


[root@fedora29 ~]# iptables-save
# Generated by iptables-save v1.8.0 on Wed Feb 20 08:41:43 2019
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth0@if8 -j DROP
-A OUTPUT -o eth0@if8 -j DROP
COMMIT
# Completed on Wed Feb 20 08:41:43 2019


However the same worked fine with my ubuntu host system, where the interface is named lxcbr0.










share|improve this question
















I installed lxc-container (fedora 29 amd64) on my ubuntu 18.04 system. The linux container had no firewall command line tools. Therefore I installed iptables into my container and it installed successfully.



However I tried to configure the interfaces to drop all incoming and outgoing packets which did not work. I am giving you all the details here.



The command ip a gave;



[root@fedora29 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:16:3e:4c:d8:bf brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.0.3.52/24 brd 10.0.3.255 scope global dynamic eth0
valid_lft 3456sec preferred_lft 3456sec
inet6 fe80::216:3eff:fe4c:d8bf/64 scope link
valid_lft forever preferred_lft forever


I have iptables rules as follows;



[root@fedora29 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


Therefore I added the following two rules



iptables --table filter --append INPUT --in-interface eth0@if8 --jump DROP
iptables --table filter --append OUTPUT --out-interface eth0@if8 --jump DROP


When I finally saved the configuration with


 iptables-save


[root@fedora29 ~]# iptables-save
# Generated by iptables-save v1.8.0 on Wed Feb 20 08:41:43 2019
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth0@if8 -j DROP
-A OUTPUT -o eth0@if8 -j DROP
COMMIT
# Completed on Wed Feb 20 08:41:43 2019


However the same worked fine with my ubuntu host system, where the interface is named lxcbr0.







linux fedora iptables firewall lxc






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Feb 20 at 12:26









Rui F Ribeiro

41.5k1483140




41.5k1483140










asked Feb 20 at 9:47









shivashiva

62




62












  • have you reloaded the iptables service after saving? systemctl iptables reload

    – RobotJohnny
    Feb 20 at 13:12











  • @RobotJohnny It's giving . Failed to reload iptables.service: Unit iptables.service not found.

    – shiva
    Feb 21 at 7:29


















  • have you reloaded the iptables service after saving? systemctl iptables reload

    – RobotJohnny
    Feb 20 at 13:12











  • @RobotJohnny It's giving . Failed to reload iptables.service: Unit iptables.service not found.

    – shiva
    Feb 21 at 7:29

















have you reloaded the iptables service after saving? systemctl iptables reload

– RobotJohnny
Feb 20 at 13:12





have you reloaded the iptables service after saving? systemctl iptables reload

– RobotJohnny
Feb 20 at 13:12













@RobotJohnny It's giving . Failed to reload iptables.service: Unit iptables.service not found.

– shiva
Feb 21 at 7:29






@RobotJohnny It's giving . Failed to reload iptables.service: Unit iptables.service not found.

– shiva
Feb 21 at 7:29











2 Answers
2






active

oldest

votes


















0














Just remove @if8 from the interface name in your rules, because it's not part of the interface name. The interface name is just eth0.



@if8 is a clue given about the link peer interface, and is dynamic: for example it could change after container restart.



For more information on the meaning of @if8 you can see my answer there:
What does “if1@if2” mean in interface name in output of “ip address” command on Ubuntu






share|improve this answer























  • this solved my problem. I don't know how to mark this answer as solved. Thank you very much. I just omitted @if8 in the iptables of fedora29 lxc and it worked like charm. The other issue is that when i tried to implement . systemctl reload iptables . it gave me an error that ` Failed to reload iptables.service: Unit iptables.service not found .`

    – shiva
    Feb 21 at 7:27



















0














Firstly I need to thank @A.B for his response as it cleared my issue. While I tried using policy for the built-in chain without giving the interface it worked.....



[root@fedora29 ~]# iptables --table filter --policy INPUT DROP
[root@fedora29 ~]# iptables --table filter --policy OUTPUT DROP
[root@fedora29 ~]# iptables-save > /etc/network/iptables
[root@fedora29 ~]# iptables-apply /etc/network/iptables
Applying new ruleset... done.
Can you establish NEW connections to the machine? (y/N) y
... then my job is done. See you next time.


However when i tried to list the rules using iptables -L i did observe that no new rules were created but the policy of the rules are modified as shown...



[root@fedora29 ~]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy DROP)
target prot opt source destination
[root@fedora29 ~]# ping 10.0.3.1
PING 10.0.3.1 (10.0.3.1) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted

--- 10.0.3.1 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 23ms

[root@fedora29 ~]# iptables -S
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP





share|improve this answer






















    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f501803%2fhow-to-implement-iptables-on-lxc-container%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    Just remove @if8 from the interface name in your rules, because it's not part of the interface name. The interface name is just eth0.



    @if8 is a clue given about the link peer interface, and is dynamic: for example it could change after container restart.



    For more information on the meaning of @if8 you can see my answer there:
    What does “if1@if2” mean in interface name in output of “ip address” command on Ubuntu






    share|improve this answer























    • this solved my problem. I don't know how to mark this answer as solved. Thank you very much. I just omitted @if8 in the iptables of fedora29 lxc and it worked like charm. The other issue is that when i tried to implement . systemctl reload iptables . it gave me an error that ` Failed to reload iptables.service: Unit iptables.service not found .`

      – shiva
      Feb 21 at 7:27
















    0














    Just remove @if8 from the interface name in your rules, because it's not part of the interface name. The interface name is just eth0.



    @if8 is a clue given about the link peer interface, and is dynamic: for example it could change after container restart.



    For more information on the meaning of @if8 you can see my answer there:
    What does “if1@if2” mean in interface name in output of “ip address” command on Ubuntu






    share|improve this answer























    • this solved my problem. I don't know how to mark this answer as solved. Thank you very much. I just omitted @if8 in the iptables of fedora29 lxc and it worked like charm. The other issue is that when i tried to implement . systemctl reload iptables . it gave me an error that ` Failed to reload iptables.service: Unit iptables.service not found .`

      – shiva
      Feb 21 at 7:27














    0












    0








    0







    Just remove @if8 from the interface name in your rules, because it's not part of the interface name. The interface name is just eth0.



    @if8 is a clue given about the link peer interface, and is dynamic: for example it could change after container restart.



    For more information on the meaning of @if8 you can see my answer there:
    What does “if1@if2” mean in interface name in output of “ip address” command on Ubuntu






    share|improve this answer













    Just remove @if8 from the interface name in your rules, because it's not part of the interface name. The interface name is just eth0.



    @if8 is a clue given about the link peer interface, and is dynamic: for example it could change after container restart.



    For more information on the meaning of @if8 you can see my answer there:
    What does “if1@if2” mean in interface name in output of “ip address” command on Ubuntu







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Feb 20 at 16:14









    A.BA.B

    5,2121728




    5,2121728












    • this solved my problem. I don't know how to mark this answer as solved. Thank you very much. I just omitted @if8 in the iptables of fedora29 lxc and it worked like charm. The other issue is that when i tried to implement . systemctl reload iptables . it gave me an error that ` Failed to reload iptables.service: Unit iptables.service not found .`

      – shiva
      Feb 21 at 7:27


















    • this solved my problem. I don't know how to mark this answer as solved. Thank you very much. I just omitted @if8 in the iptables of fedora29 lxc and it worked like charm. The other issue is that when i tried to implement . systemctl reload iptables . it gave me an error that ` Failed to reload iptables.service: Unit iptables.service not found .`

      – shiva
      Feb 21 at 7:27

















    this solved my problem. I don't know how to mark this answer as solved. Thank you very much. I just omitted @if8 in the iptables of fedora29 lxc and it worked like charm. The other issue is that when i tried to implement . systemctl reload iptables . it gave me an error that ` Failed to reload iptables.service: Unit iptables.service not found .`

    – shiva
    Feb 21 at 7:27






    this solved my problem. I don't know how to mark this answer as solved. Thank you very much. I just omitted @if8 in the iptables of fedora29 lxc and it worked like charm. The other issue is that when i tried to implement . systemctl reload iptables . it gave me an error that ` Failed to reload iptables.service: Unit iptables.service not found .`

    – shiva
    Feb 21 at 7:27














    0














    Firstly I need to thank @A.B for his response as it cleared my issue. While I tried using policy for the built-in chain without giving the interface it worked.....



    [root@fedora29 ~]# iptables --table filter --policy INPUT DROP
    [root@fedora29 ~]# iptables --table filter --policy OUTPUT DROP
    [root@fedora29 ~]# iptables-save > /etc/network/iptables
    [root@fedora29 ~]# iptables-apply /etc/network/iptables
    Applying new ruleset... done.
    Can you establish NEW connections to the machine? (y/N) y
    ... then my job is done. See you next time.


    However when i tried to list the rules using iptables -L i did observe that no new rules were created but the policy of the rules are modified as shown...



    [root@fedora29 ~]# iptables -L
    Chain INPUT (policy DROP)
    target prot opt source destination

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination

    Chain OUTPUT (policy DROP)
    target prot opt source destination
    [root@fedora29 ~]# ping 10.0.3.1
    PING 10.0.3.1 (10.0.3.1) 56(84) bytes of data.
    ping: sendmsg: Operation not permitted
    ping: sendmsg: Operation not permitted

    --- 10.0.3.1 ping statistics ---
    2 packets transmitted, 0 received, 100% packet loss, time 23ms

    [root@fedora29 ~]# iptables -S
    -P INPUT DROP
    -P FORWARD ACCEPT
    -P OUTPUT DROP





    share|improve this answer



























      0














      Firstly I need to thank @A.B for his response as it cleared my issue. While I tried using policy for the built-in chain without giving the interface it worked.....



      [root@fedora29 ~]# iptables --table filter --policy INPUT DROP
      [root@fedora29 ~]# iptables --table filter --policy OUTPUT DROP
      [root@fedora29 ~]# iptables-save > /etc/network/iptables
      [root@fedora29 ~]# iptables-apply /etc/network/iptables
      Applying new ruleset... done.
      Can you establish NEW connections to the machine? (y/N) y
      ... then my job is done. See you next time.


      However when i tried to list the rules using iptables -L i did observe that no new rules were created but the policy of the rules are modified as shown...



      [root@fedora29 ~]# iptables -L
      Chain INPUT (policy DROP)
      target prot opt source destination

      Chain FORWARD (policy ACCEPT)
      target prot opt source destination

      Chain OUTPUT (policy DROP)
      target prot opt source destination
      [root@fedora29 ~]# ping 10.0.3.1
      PING 10.0.3.1 (10.0.3.1) 56(84) bytes of data.
      ping: sendmsg: Operation not permitted
      ping: sendmsg: Operation not permitted

      --- 10.0.3.1 ping statistics ---
      2 packets transmitted, 0 received, 100% packet loss, time 23ms

      [root@fedora29 ~]# iptables -S
      -P INPUT DROP
      -P FORWARD ACCEPT
      -P OUTPUT DROP





      share|improve this answer

























        0












        0








        0







        Firstly I need to thank @A.B for his response as it cleared my issue. While I tried using policy for the built-in chain without giving the interface it worked.....



        [root@fedora29 ~]# iptables --table filter --policy INPUT DROP
        [root@fedora29 ~]# iptables --table filter --policy OUTPUT DROP
        [root@fedora29 ~]# iptables-save > /etc/network/iptables
        [root@fedora29 ~]# iptables-apply /etc/network/iptables
        Applying new ruleset... done.
        Can you establish NEW connections to the machine? (y/N) y
        ... then my job is done. See you next time.


        However when i tried to list the rules using iptables -L i did observe that no new rules were created but the policy of the rules are modified as shown...



        [root@fedora29 ~]# iptables -L
        Chain INPUT (policy DROP)
        target prot opt source destination

        Chain FORWARD (policy ACCEPT)
        target prot opt source destination

        Chain OUTPUT (policy DROP)
        target prot opt source destination
        [root@fedora29 ~]# ping 10.0.3.1
        PING 10.0.3.1 (10.0.3.1) 56(84) bytes of data.
        ping: sendmsg: Operation not permitted
        ping: sendmsg: Operation not permitted

        --- 10.0.3.1 ping statistics ---
        2 packets transmitted, 0 received, 100% packet loss, time 23ms

        [root@fedora29 ~]# iptables -S
        -P INPUT DROP
        -P FORWARD ACCEPT
        -P OUTPUT DROP





        share|improve this answer













        Firstly I need to thank @A.B for his response as it cleared my issue. While I tried using policy for the built-in chain without giving the interface it worked.....



        [root@fedora29 ~]# iptables --table filter --policy INPUT DROP
        [root@fedora29 ~]# iptables --table filter --policy OUTPUT DROP
        [root@fedora29 ~]# iptables-save > /etc/network/iptables
        [root@fedora29 ~]# iptables-apply /etc/network/iptables
        Applying new ruleset... done.
        Can you establish NEW connections to the machine? (y/N) y
        ... then my job is done. See you next time.


        However when i tried to list the rules using iptables -L i did observe that no new rules were created but the policy of the rules are modified as shown...



        [root@fedora29 ~]# iptables -L
        Chain INPUT (policy DROP)
        target prot opt source destination

        Chain FORWARD (policy ACCEPT)
        target prot opt source destination

        Chain OUTPUT (policy DROP)
        target prot opt source destination
        [root@fedora29 ~]# ping 10.0.3.1
        PING 10.0.3.1 (10.0.3.1) 56(84) bytes of data.
        ping: sendmsg: Operation not permitted
        ping: sendmsg: Operation not permitted

        --- 10.0.3.1 ping statistics ---
        2 packets transmitted, 0 received, 100% packet loss, time 23ms

        [root@fedora29 ~]# iptables -S
        -P INPUT DROP
        -P FORWARD ACCEPT
        -P OUTPUT DROP






        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Feb 21 at 7:41









        shivashiva

        62




        62



























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Unix & Linux Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f501803%2fhow-to-implement-iptables-on-lxc-container%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown






            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Displaying single band from multi-band raster using QGIS

            How many registers does an x86_64 CPU actually have?