I wish to generate a number of virtual Ethernet ports to be used for containers and VMs, for the three following scenarios:
- Sharing the existing eth0 which has previously been assigned an IP address by DHCP – switching it if you will – but disallowing 127.0.0.0/8 connections (isolated network, for processes in containers hiding other processes).
- Allowing local-only connections, only seeing things on the local host but hiding external (for containered processes not allowed to connect to the outside world, like unplugging eth0 cable then running it).
- Allowing local (existing 127.0.0.0/8) as well as sharing existing eth0 interface.
ip commands would be setting up the interface plus the firewall rules (
bpfilter) and possibly masquerading settings.
PS: “Container” as above = (kernel) namespaces + cgroups + seccomp as created by programs like