Add rule to prevent LX containers from firewalld on host system.

conf/interfaces_ipv4.conf.sample

@@ -33,7 +33,7 @@ local_ifs="$local_if_1 $local_if_2 $local_if_3"
 
 
 # -------------
-# --- Network Interfaces
+# --- IP-Addresses
 # -------------
 
 # - Extern IP Addresses on this Host
@@ -55,6 +55,30 @@ local_2_ip=""
 local_2_ip=""
 
 
+# -------------
+# --- IP-Addresses LXC Guest sSystems
+# -------------
+
+# for _guest in $(lxc-ls) ; do echo ; lxc-info -n $_guest | grep -E "(IP:|Name:)" ; done
+
+# NOT IN USE
+lxc_guest_1_ip=""
+# NOT IN USE
+lxc_guest_2_ip=""
+# NOT IN USE
+lxc_guest_3_ip=""
+# NOT IN USE
+lxc_guest_4_ip=""
+# NOT IN USE
+lxc_guest_5_ip=""
+# NOT IN USE
+lxc_guest_6_ip=""
+# NOT IN USE
+lxc_guest_7_ip=""
+
+lxc_guest_ips="$lxc_guest_1_ip $lxc_guest_2_ip $lxc_guest_3_ip $lxc_guest_4_ip $lxc_guest_5_ip $lxc_guest_6_ip $lxc_guest_7_ip"
+
+
 # - Devices given in list "nat_devices" will be natted
 # -
 # - Blank separated list

conf/interfaces_ipv6.conf.sample

@@ -55,6 +55,30 @@ local_2_ip=""
 local_2_ip=""
 
 
+# -------------
+# --- IP-Addresses LXC Guest sSystems
+# -------------
+
+# for _guest in $(lxc-ls) ; do echo ; lxc-info -n $_guest | grep -E "(IP:|Name:)" ; done
+
+# NOT IN USE
+lxc_guest_1_ip=""
+# NOT IN USE
+lxc_guest_2_ip=""
+# NOT IN USE
+lxc_guest_3_ip=""
+# NOT IN USE
+lxc_guest_4_ip=""
+# NOT IN USE
+lxc_guest_5_ip=""
+# NOT IN USE
+lxc_guest_6_ip=""
+# NOT IN USE
+lxc_guest_7_ip=""
+
+lxc_guest_ips="$lxc_guest_1_ip $lxc_guest_2_ip $lxc_guest_3_ip $lxc_guest_4_ip $lxc_guest_5_ip $lxc_guest_6_ip $lxc_guest_7_ip"
+
+
 # - Devices given in list "nat_devices" will be natted
 # -
 # - Blank separated list

conf/main_ipv4.conf.sample

@@ -20,6 +20,15 @@
 do_not_firewall_bridged_traffic=false
 
 
+# -------------
+# --- Do not firewall traffic from and to LX Gust Systems
+# -------------
+
+# - Traffic to hosted LX containers are not firewalled here.
+# -
+do_not_firewall_lx_guest_systems=true
+
+
 # -------------
 # --- Drop ICMP
 # -------------

conf/main_ipv6.conf.sample

@@ -20,6 +20,15 @@
 do_not_firewall_bridged_traffic=false
 
 
+# -------------
+# --- Do not firewall traffic from and to LX Gust Systems
+# -------------
+
+# - Traffic to hosted LX containers are not firewalled here.
+# -
+do_not_firewall_lx_guest_systems=true
+
+
 # -------------
 # --- Drop ICMP
 # -------------

ip6t-firewall-server

@@ -280,6 +280,26 @@ fi
 echo
 
 
+# -------------
+# --- Do not firewall traffic from and to LX Gust Systems
+# -------------
+
+echononl "\tDo not firewall traffic from and to LX Gust Systems"
+if $do_not_firewall_lx_guest_systems && [[ ${#lxc_guest_ip_arr[@]} -gt 0 ]]; then
+
+   for _ip in ${lxc_guest_ip_arr[@]} ; do
+   
+      $ip6t -I FORWARD -p all -d $_ip -j ACCEPT
+      $ip6t -I FORWARD -p all -s $_ip -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+echo
+
+
 # -------------
 # ---- Log given IP Addresses
 # -------------

ipt-firewall-server

@@ -340,6 +340,26 @@ fi
 echo
 
 
+# -------------
+# --- Do not firewall traffic from and to LX Gust Systems
+# -------------
+
+echononl "\tDo not firewall traffic from and to LX Gust Systems"
+if $do_not_firewall_lx_guest_systems && [[ ${#lxc_guest_ip_arr[@]} -gt 0 ]]; then
+
+   for _ip in ${lxc_guest_ip_arr[@]} ; do
+   
+      $ipt -I FORWARD -p all -d $_ip -j ACCEPT
+      $ipt -I FORWARD -p all -s $_ip -j ACCEPT
+
+   done
+   echo_done
+else
+   echo_skipped
+fi
+echo
+
+
 # -------------
 # ---- Log given IP Addresses
 # -------------