I am new to networking, and I am trying to implement a firewall inside of an LXC container (Alpine Linux) that is bridged with another LXC container (Alpine Linux) through a br0 interface.
Right now, my only goal is to block all traffic that is coming from the client device through the container.
So far I have had lots of trouble getting any of the firewall rules to apply/work properly.
What happens is I can set a rule/policy (e.g. drop forward chain), verify that it is in the ruleset, but then when I connect a client device to the network, it does not seem to apply (I can still access the network).
I am using nftables to configure the firewall settings.
My basic process is:
install nftables add policy to drop packets in the forwarding chain I have tried every possible configuration I can think of for these rules.
I was reading that because the container is bridged, that the data packets only travel on layer 2, so the layer 3 firewall rules would not ever apply to the packet, is this true?
I have been able to use layer 2 rules to block traffic (e.g. bridge rules in nftables and ebtables rules), but nothing on layer 3 yet.
For more background, here is the container interface setup:
WLAN0/WLAN1 -> br0 (Container A) -> br0 (Container B) -> eth0 -> internet
I am trying to apply firewall rules inside of container A right now.
If any more information is needed, let me know :)