0

on my host I created 2 macvlan-interfaces in bridge-mode. One in the main-network-namespace, the other in a docker container. Both interfaces are in the same subnet.

So far everything works.

Now the traffic to the host and container should by filtered by iptable-rules.

Since both macvlan-interfaces are connected to the same physical interface, I have difficulties to understand how it works.

Is it needed to put iptable-rules to the container and the host. (because they are in different namespaces) Or can the host somehow filter the traffic to the container?

Are the macvlan-interfaces isolated or do they see the traffic from/to each other?

Are there any "best practices"?

seeseost
  • 61
  • 2
  • 7
  • What are you trying to accomplish? Do you have an existing setup you can share? Why do you think you need macvlan? – David Maze Nov 08 '18 at 15:38
  • I want to host a gitea installation. It uses ssh and it should use default port 22. The host itself also uses ssh on port 22.So in normal network mode one of the ports must be changed. I try to avoid that. – seeseost Nov 08 '18 at 16:21

0 Answers0