I'm setting up a server which will be hosting multiple LXC containers. However, starting Shorewall results in loss network access from within the LXC containers.
If I reboot the LXC host and leaves Shorewall in a stopped state, LXC containers works fine. So, I compared the state of iptables at system startup and after a shorewall start; shorewall stop.
There is a difference, and I'd like to tell Shorewall about this difference. How do I get the below iptables state into Shorewall for both running and stopped state?
I've been experimenting with /etc/shorewall/stoppedstate, but I can't really figure out how to get Shorewall to populate the INPUT chain through /etc/shorewall/stoppedstate.
Chain INPUT (policy ACCEPT 14730 packets, 1131K bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- lxcbr0 any anywhere anywhere tcp dpt:domain
8 498 ACCEPT udp -- lxcbr0 any anywhere anywhere udp dpt:domain
0 0 ACCEPT tcp -- lxcbr0 any anywhere anywhere tcp dpt:bootps
1 328 ACCEPT udp -- lxcbr0 any anywhere anywhere udp dpt:bootps
