How to implement iptables on lxc-container?

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP












0















I installed lxc-container (fedora 29 amd64) on my ubuntu 18.04 system. The linux container had no firewall command line tools. Therefore I installed iptables into my container and it installed successfully.



However I tried to configure the interfaces to drop all incoming and outgoing packets which did not work. I am giving you all the details here.



The command ip a gave;



[root@fedora29 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 inet 127.0.0.1/8 scope host lo
 valid_lft forever preferred_lft forever
 inet6 ::1/128 scope host 
 valid_lft forever preferred_lft forever
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
 link/ether 00:16:3e:4c:d8:bf brd ff:ff:ff:ff:ff:ff link-netnsid 0
 inet 10.0.3.52/24 brd 10.0.3.255 scope global dynamic eth0
 valid_lft 3456sec preferred_lft 3456sec
 inet6 fe80::216:3eff:fe4c:d8bf/64 scope link 
 valid_lft forever preferred_lft forever


I have iptables rules as follows;



[root@fedora29 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination 

Chain FORWARD (policy ACCEPT)
target prot opt source destination 

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


Therefore I added the following two rules



iptables --table filter --append INPUT --in-interface eth0@if8 --jump DROP
iptables --table filter --append OUTPUT --out-interface eth0@if8 --jump DROP


When I finally saved the configuration with 


 iptables-save


[root@fedora29 ~]# iptables-save
# Generated by iptables-save v1.8.0 on Wed Feb 20 08:41:43 2019
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth0@if8 -j DROP
-A OUTPUT -o eth0@if8 -j DROP
COMMIT
# Completed on Wed Feb 20 08:41:43 2019


However the same worked fine with my ubuntu host system, where the interface is named lxcbr0.






linux fedora iptables firewall lxc







share|improve this question
























  • have you reloaded the iptables service after saving? systemctl iptables reload

    – RobotJohnny
    Feb 20 at 13:12











  • @RobotJohnny It's giving . Failed to reload iptables.service: Unit iptables.service not found.

    – shiva
    Feb 21 at 7:29
















0















I installed lxc-container (fedora 29 amd64) on my ubuntu 18.04 system. The linux container had no firewall command line tools. Therefore I installed iptables into my container and it installed successfully.



However I tried to configure the interfaces to drop all incoming and outgoing packets which did not work. I am giving you all the details here.



The command ip a gave;



[root@fedora29 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 inet 127.0.0.1/8 scope host lo
 valid_lft forever preferred_lft forever
 inet6 ::1/128 scope host 
 valid_lft forever preferred_lft forever
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
 link/ether 00:16:3e:4c:d8:bf brd ff:ff:ff:ff:ff:ff link-netnsid 0
 inet 10.0.3.52/24 brd 10.0.3.255 scope global dynamic eth0
 valid_lft 3456sec preferred_lft 3456sec
 inet6 fe80::216:3eff:fe4c:d8bf/64 scope link 
 valid_lft forever preferred_lft forever


I have iptables rules as follows;



[root@fedora29 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination 

Chain FORWARD (policy ACCEPT)
target prot opt source destination 

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


Therefore I added the following two rules



iptables --table filter --append INPUT --in-interface eth0@if8 --jump DROP
iptables --table filter --append OUTPUT --out-interface eth0@if8 --jump DROP


When I finally saved the configuration with 


 iptables-save


[root@fedora29 ~]# iptables-save
# Generated by iptables-save v1.8.0 on Wed Feb 20 08:41:43 2019
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth0@if8 -j DROP
-A OUTPUT -o eth0@if8 -j DROP
COMMIT
# Completed on Wed Feb 20 08:41:43 2019


However the same worked fine with my ubuntu host system, where the interface is named lxcbr0.






linux fedora iptables firewall lxc







share|improve this question
























  • have you reloaded the iptables service after saving? systemctl iptables reload

    – RobotJohnny
    Feb 20 at 13:12











  • @RobotJohnny It's giving . Failed to reload iptables.service: Unit iptables.service not found.

    – shiva
    Feb 21 at 7:29














0












0








0








I installed lxc-container (fedora 29 amd64) on my ubuntu 18.04 system. The linux container had no firewall command line tools. Therefore I installed iptables into my container and it installed successfully.



However I tried to configure the interfaces to drop all incoming and outgoing packets which did not work. I am giving you all the details here.



The command ip a gave;



[root@fedora29 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 inet 127.0.0.1/8 scope host lo
 valid_lft forever preferred_lft forever
 inet6 ::1/128 scope host 
 valid_lft forever preferred_lft forever
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
 link/ether 00:16:3e:4c:d8:bf brd ff:ff:ff:ff:ff:ff link-netnsid 0
 inet 10.0.3.52/24 brd 10.0.3.255 scope global dynamic eth0
 valid_lft 3456sec preferred_lft 3456sec
 inet6 fe80::216:3eff:fe4c:d8bf/64 scope link 
 valid_lft forever preferred_lft forever


I have iptables rules as follows;



[root@fedora29 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination 

Chain FORWARD (policy ACCEPT)
target prot opt source destination 

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


Therefore I added the following two rules



iptables --table filter --append INPUT --in-interface eth0@if8 --jump DROP
iptables --table filter --append OUTPUT --out-interface eth0@if8 --jump DROP


When I finally saved the configuration with 


 iptables-save


[root@fedora29 ~]# iptables-save
# Generated by iptables-save v1.8.0 on Wed Feb 20 08:41:43 2019
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth0@if8 -j DROP
-A OUTPUT -o eth0@if8 -j DROP
COMMIT
# Completed on Wed Feb 20 08:41:43 2019


However the same worked fine with my ubuntu host system, where the interface is named lxcbr0.






linux fedora iptables firewall lxc







share|improve this question
















I installed lxc-container (fedora 29 amd64) on my ubuntu 18.04 system. The linux container had no firewall command line tools. Therefore I installed iptables into my container and it installed successfully.



However I tried to configure the interfaces to drop all incoming and outgoing packets which did not work. I am giving you all the details here.



The command ip a gave;



[root@fedora29 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 inet 127.0.0.1/8 scope host lo
 valid_lft forever preferred_lft forever
 inet6 ::1/128 scope host 
 valid_lft forever preferred_lft forever
7: eth0@if8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
 link/ether 00:16:3e:4c:d8:bf brd ff:ff:ff:ff:ff:ff link-netnsid 0
 inet 10.0.3.52/24 brd 10.0.3.255 scope global dynamic eth0
 valid_lft 3456sec preferred_lft 3456sec
 inet6 fe80::216:3eff:fe4c:d8bf/64 scope link 
 valid_lft forever preferred_lft forever


I have iptables rules as follows;



[root@fedora29 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination 

Chain FORWARD (policy ACCEPT)
target prot opt source destination 

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


Therefore I added the following two rules



iptables --table filter --append INPUT --in-interface eth0@if8 --jump DROP
iptables --table filter --append OUTPUT --out-interface eth0@if8 --jump DROP


When I finally saved the configuration with 


 iptables-save


[root@fedora29 ~]# iptables-save
# Generated by iptables-save v1.8.0 on Wed Feb 20 08:41:43 2019
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth0@if8 -j DROP
-A OUTPUT -o eth0@if8 -j DROP
COMMIT
# Completed on Wed Feb 20 08:41:43 2019


However the same worked fine with my ubuntu host system, where the interface is named lxcbr0.






linux fedora iptables firewall lxc




linux fedora iptables firewall lxc






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Feb 20 at 12:26









Rui F Ribeiro

41.5k1483140




41.5k1483140










asked Feb 20 at 9:47









shivashiva

62




62












  • have you reloaded the iptables service after saving? systemctl iptables reload

    – RobotJohnny
    Feb 20 at 13:12











  • @RobotJohnny It's giving . Failed to reload iptables.service: Unit iptables.service not found.

    – shiva
    Feb 21 at 7:29


















  • have you reloaded the iptables service after saving? systemctl iptables reload

    – RobotJohnny
    Feb 20 at 13:12











  • @RobotJohnny It's giving . Failed to reload iptables.service: Unit iptables.service not found.

    – shiva
    Feb 21 at 7:29

















have you reloaded the iptables service after saving? systemctl iptables reload

– RobotJohnny
Feb 20 at 13:12





have you reloaded the iptables service after saving? systemctl iptables reload

– RobotJohnny
Feb 20 at 13:12













@RobotJohnny It's giving . Failed to reload iptables.service: Unit iptables.service not found.

– shiva
Feb 21 at 7:29






@RobotJohnny It's giving . Failed to reload iptables.service: Unit iptables.service not found.

– shiva
Feb 21 at 7:29











2 Answers
2






active

oldest

votes


















0














Just remove @if8 from the interface name in your rules, because it's not part of the interface name. The interface name is just eth0.



@if8 is a clue given about the link peer interface, and is dynamic: for example it could change after container restart.



For more information on the meaning of @if8 you can see my answer there:
What does “if1@if2” mean in interface name in output of “ip address” command on Ubuntu






share|improve this answer























  • this solved my problem. I don't know how to mark this answer as solved. Thank you very much. I just omitted @if8 in the iptables of fedora29 lxc and it worked like charm. The other issue is that when i tried to implement . systemctl reload iptables . it gave me an error that ` Failed to reload iptables.service: Unit iptables.service not found .`

    – shiva
    Feb 21 at 7:27



















0














Firstly I need to thank @A.B for his response as it cleared my issue. While I tried using policy for the built-in chain without giving the interface it worked.....



[root@fedora29 ~]# iptables --table filter --policy INPUT DROP
[root@fedora29 ~]# iptables --table filter --policy OUTPUT DROP
[root@fedora29 ~]# iptables-save > /etc/network/iptables 
[root@fedora29 ~]# iptables-apply /etc/network/iptables 
Applying new ruleset... done.
Can you establish NEW connections to the machine? (y/N) y
... then my job is done. See you next time.


However when i tried to list the rules using iptables -L i did observe that no new rules were created but the policy of the rules are modified as shown...



[root@fedora29 ~]# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination 

Chain FORWARD (policy ACCEPT)
target prot opt source destination 

Chain OUTPUT (policy DROP)
target prot opt source destination 
[root@fedora29 ~]# ping 10.0.3.1
PING 10.0.3.1 (10.0.3.1) 56(84) bytes of data.
ping: sendmsg: Operation not permitted
ping: sendmsg: Operation not permitted

--- 10.0.3.1 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 23ms

[root@fedora29 ~]# iptables -S
-P INPUT DROP
-P FORWARD ACCEPT
-P OUTPUT DROP





share|improve this answer






















    Your Answer








    StackExchange.ready(function()
    var channelOptions =
    tags: "".split(" "),
    id: "106"
    ;
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function()
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled)
    StackExchange.using("snippets", function()
    createEditor();
    );

    else
    createEditor();

    );

    function createEditor()
    StackExchange.prepareEditor(
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: false,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: null,
    bindNavPrevention: true,
    postfix: "",
    imageUploader:
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    ,
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    );



    );













    draft saved

    draft discarded


















    StackExchange.ready(
    function ()
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f501803%2fhow-to-implement-iptables-on-lxc-container%23new-answer', 'question_page');

    );

    Post as a guest















    Required, but never shown

























    2 Answers
    2






    active

    oldest

    votes








    2 Answers
    2






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    Just remove @if8 from the interface name in your rules, because it's not part of the interface name. The interface name is just eth0.



    @if8 is a clue given about the link peer interface, and is dynamic: for example it could change after container restart.



    For more information on the meaning of @if8 you can see my answer there:
    What does “if1@if2” mean in interface name in output of “ip address” command on Ubuntu






    share|improve this answer























    • this solved my problem. I don't know how to mark this answer as solved. Thank you very much. I just omitted @if8 in the iptables of fedora29 lxc and it worked like charm. The other issue is that when i tried to implement . systemctl reload iptables . it gave me an error that ` Failed to reload iptables.service: Unit iptables.service not found .`

      – shiva
      Feb 21 at 7:27
















    0














    Just remove @if8 from the interface name in your rules, because it's not part of the interface name. The interface name is just eth0.



    @if8 is a clue given about the link peer interface, and is dynamic: for example it could change after container restart.



    For more information on the meaning of @if8 you can see my answer there:
    What does “if1@if2” mean in interface name in output of “ip address” command on Ubuntu






    share|improve this answer























    • this solved my problem. I don't know how to mark this answer as solved. Thank you very much. I just omitted @if8 in the iptables of fedora29 lxc and it worked like charm. The other issue is that when i tried to implement . systemctl reload iptables . it gave me an error that ` Failed to reload iptables.service: Unit iptables.service not found .`

      – shiva
      Feb 21 at 7:27














    0












    0








    0







    Just remove @if8 from the interface name in your rules, because it's not part of the interface name. The interface name is just eth0.



    @if8 is a clue given about the link peer interface, and is dynamic: for example it could change after container restart.



    For more information on the meaning of @if8 you can see my answer there:
    What does “if1@if2” mean in interface name in output of “ip address” command on Ubuntu






    share|improve this answer













    Just remove @if8 from the interface name in your rules, because it's not part of the interface name. The interface name is just eth0.



    @if8 is a clue given about the link peer interface, and is dynamic: for example it could change after container restart.



    For more information on the meaning of @if8 you can see my answer there:
    What does “if1@if2” mean in interface name in output of “ip address” command on Ubuntu







    share|improve this answer












    share|improve this answer



    share|improve this answer










    answered Feb 20 at 16:14









    A.BA.B

    5,2121728




    5,2121728












    • this solved my problem. I don't know how to mark this answer as solved. Thank you very much. I just omitted @if8 in the iptables of fedora29 lxc and it worked like charm. The other issue is that when i tried to implement . systemctl reload iptables . it gave me an error that ` Failed to reload iptables.service: Unit iptables.service not found .`

      – shiva
      Feb 21 at 7:27


















    • this solved my problem. I don't know how to mark this answer as solved. Thank you very much. I just omitted @if8 in the iptables of fedora29 lxc and it worked like charm. The other issue is that when i tried to implement . systemctl reload iptables . it gave me an error that ` Failed to reload iptables.service: Unit iptables.service not found .`

      – shiva
      Feb 21 at 7:27

















    this solved my problem. I don't know how to mark this answer as solved. Thank you very much. I just omitted @if8 in the iptables of fedora29 lxc and it worked like charm. The other issue is that when i tried to implement . systemctl reload iptables . it gave me an error that ` Failed to reload iptables.service: Unit iptables.service not found .`

    – shiva
    Feb 21 at 7:27






    this solved my problem. I don't know how to mark this answer as solved. Thank you very much. I just omitted @if8 in the iptables of fedora29 lxc and it worked like charm. The other issue is that when i tried to implement . systemctl reload iptables . it gave me an error that ` Failed to reload iptables.service: Unit iptables.service not found .`

    – shiva
    Feb 21 at 7:27














    0














    Firstly I need to thank @A.B for his response as it cleared my issue. While I tried using policy for the built-in chain without giving the interface it worked.....



    [root@fedora29 ~]# iptables --table filter --policy INPUT DROP
    [root@fedora29 ~]# iptables --table filter --policy OUTPUT DROP
    [root@fedora29 ~]# iptables-save > /etc/network/iptables 
    [root@fedora29 ~]# iptables-apply /etc/network/iptables 
    Applying new ruleset... done.
    Can you establish NEW connections to the machine? (y/N) y
    ... then my job is done. See you next time.


    However when i tried to list the rules using iptables -L i did observe that no new rules were created but the policy of the rules are modified as shown...



    [root@fedora29 ~]# iptables -L
    Chain INPUT (policy DROP)
    target prot opt source destination 

    Chain FORWARD (policy ACCEPT)
    target prot opt source destination 

    Chain OUTPUT (policy DROP)
    target prot opt source destination 
    [root@fedora29 ~]# ping 10.0.3.1
    PING 10.0.3.1 (10.0.3.1) 56(84) bytes of data.
    ping: sendmsg: Operation not permitted
    ping: sendmsg: Operation not permitted

    --- 10.0.3.1 ping statistics ---
    2 packets transmitted, 0 received, 100% packet loss, time 23ms

    [root@fedora29 ~]# iptables -S
    -P INPUT DROP
    -P FORWARD ACCEPT
    -P OUTPUT DROP





    share|improve this answer



























      0














      Firstly I need to thank @A.B for his response as it cleared my issue. While I tried using policy for the built-in chain without giving the interface it worked.....



      [root@fedora29 ~]# iptables --table filter --policy INPUT DROP
      [root@fedora29 ~]# iptables --table filter --policy OUTPUT DROP
      [root@fedora29 ~]# iptables-save > /etc/network/iptables 
      [root@fedora29 ~]# iptables-apply /etc/network/iptables 
      Applying new ruleset... done.
      Can you establish NEW connections to the machine? (y/N) y
      ... then my job is done. See you next time.


      However when i tried to list the rules using iptables -L i did observe that no new rules were created but the policy of the rules are modified as shown...



      [root@fedora29 ~]# iptables -L
      Chain INPUT (policy DROP)
      target prot opt source destination 

      Chain FORWARD (policy ACCEPT)
      target prot opt source destination 

      Chain OUTPUT (policy DROP)
      target prot opt source destination 
      [root@fedora29 ~]# ping 10.0.3.1
      PING 10.0.3.1 (10.0.3.1) 56(84) bytes of data.
      ping: sendmsg: Operation not permitted
      ping: sendmsg: Operation not permitted

      --- 10.0.3.1 ping statistics ---
      2 packets transmitted, 0 received, 100% packet loss, time 23ms

      [root@fedora29 ~]# iptables -S
      -P INPUT DROP
      -P FORWARD ACCEPT
      -P OUTPUT DROP





      share|improve this answer

























        0












        0








        0







        Firstly I need to thank @A.B for his response as it cleared my issue. While I tried using policy for the built-in chain without giving the interface it worked.....



        [root@fedora29 ~]# iptables --table filter --policy INPUT DROP
        [root@fedora29 ~]# iptables --table filter --policy OUTPUT DROP
        [root@fedora29 ~]# iptables-save > /etc/network/iptables 
        [root@fedora29 ~]# iptables-apply /etc/network/iptables 
        Applying new ruleset... done.
        Can you establish NEW connections to the machine? (y/N) y
        ... then my job is done. See you next time.


        However when i tried to list the rules using iptables -L i did observe that no new rules were created but the policy of the rules are modified as shown...



        [root@fedora29 ~]# iptables -L
        Chain INPUT (policy DROP)
        target prot opt source destination 

        Chain FORWARD (policy ACCEPT)
        target prot opt source destination 

        Chain OUTPUT (policy DROP)
        target prot opt source destination 
        [root@fedora29 ~]# ping 10.0.3.1
        PING 10.0.3.1 (10.0.3.1) 56(84) bytes of data.
        ping: sendmsg: Operation not permitted
        ping: sendmsg: Operation not permitted

        --- 10.0.3.1 ping statistics ---
        2 packets transmitted, 0 received, 100% packet loss, time 23ms

        [root@fedora29 ~]# iptables -S
        -P INPUT DROP
        -P FORWARD ACCEPT
        -P OUTPUT DROP





        share|improve this answer













        Firstly I need to thank @A.B for his response as it cleared my issue. While I tried using policy for the built-in chain without giving the interface it worked.....



        [root@fedora29 ~]# iptables --table filter --policy INPUT DROP
        [root@fedora29 ~]# iptables --table filter --policy OUTPUT DROP
        [root@fedora29 ~]# iptables-save > /etc/network/iptables 
        [root@fedora29 ~]# iptables-apply /etc/network/iptables 
        Applying new ruleset... done.
        Can you establish NEW connections to the machine? (y/N) y
        ... then my job is done. See you next time.


        However when i tried to list the rules using iptables -L i did observe that no new rules were created but the policy of the rules are modified as shown...



        [root@fedora29 ~]# iptables -L
        Chain INPUT (policy DROP)
        target prot opt source destination 

        Chain FORWARD (policy ACCEPT)
        target prot opt source destination 

        Chain OUTPUT (policy DROP)
        target prot opt source destination 
        [root@fedora29 ~]# ping 10.0.3.1
        PING 10.0.3.1 (10.0.3.1) 56(84) bytes of data.
        ping: sendmsg: Operation not permitted
        ping: sendmsg: Operation not permitted

        --- 10.0.3.1 ping statistics ---
        2 packets transmitted, 0 received, 100% packet loss, time 23ms

        [root@fedora29 ~]# iptables -S
        -P INPUT DROP
        -P FORWARD ACCEPT
        -P OUTPUT DROP






        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Feb 21 at 7:41









        shivashiva

        62




        62



























            draft saved

            draft discarded
















































            Thanks for contributing an answer to Unix & Linux Stack Exchange!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid


            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.

            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function ()
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f501803%2fhow-to-implement-iptables-on-lxc-container%23new-answer', 'question_page');

            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown






            -

            Popular posts from this blog

            How to check contact read email or not when send email to Individual?

            Image
            Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Sep 26 at 0:12 ToanLuong 49 9 add a comment  |  up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Se
            Read more

            Bahrain

            Image
            For other uses, see Bahrain (disambiguation). Sovereign island state in the Persian Gulf Kingdom of Bahrain مملكة البحرين   (Arabic) Mamlakat al-Baḥrayn Flag Coat of arms Anthem:  نشيد البحرين الوطني Bahrainona Our Bahrain Location of   Bahrain    (circled in red) Capital and largest city Manama 26°13′N 50°35′E  /  26.217°N 50.583°E  / 26.217; 50.583 Official languages Arabic Ethnic groups (2010 [1] ) 50.7% Arab (46% Bahrani, 4.7% other Arabs) 45.5% Asian 1% European 1.2% Others Religion Islam Demonym(s) Bahraini Government Unitary constitutional monarchy • King Hamad bin Isa Al Khalifa • Crown Prince Salman bin Hamad bin Isa Al Khalifa • Prime Minister Khalifa bin Salman Al Khalifa Legislature National Assembly • Upper house Consultative Council • Lower house Council of Representatives Independence • Declared Independence [2] 14 August 1971 • from United Kingdom [1] 15 August 1971 • Admitted to the United Nations 21 September 1971 • Kingdom of Bahrain 14 February 2002
            Read more

            Postfix configuration issue with fips on centos 7; mailgun relay

            Image
            Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite I am trying to setup postfix to relay all mail generated on the local machine via SMTP to a mailgun relay. I have used the mailgun relay before with success on an ubuntu server, but I am migrating to a Centos 7 server which I will be running in FIPS mode. There error log is below, slightly sanitized. I have a small enough network that I choose to have each machine reach out to mailgun individually (this the loopback-only, 127.0.0.0/8 restrictions) and no firewall open port allowing smtp in to the machine. I assume the FIPS mode (and with it disabling of MD5) is causing problems, but I don't know how to overcome it or if it is even possible for tls_fprint to use some supported hash such as sha256 or sha512. However, the relay=none is slightly concerning since I have relayhost set, but perhaps that is because the smtp process is failing? Any help would be appreciated! postconf -n: alias_database = hash:/etc/alia
            Read more