Skip to content

Commit c153bbd

Browse files
troglobittroglobit
committed
Update fw container post
Infix now has a firewall. Signed-off-by: Joachim Wiberg <[email protected]>
1 parent 02c7094 commit c153bbd

File tree

1 file changed

+14
-12
lines changed

1 file changed

+14
-12
lines changed

_posts/2024-03-12-firewall-container.md

Lines changed: 14 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22
title: Firewall Container
33
author: troglobit
44
date: 2024-03-12 08:08:41 +0100
5+
last_modified_at: 2025-10-29 22:10:00 +0100
56
categories: [showcase]
67
tags: [container, containers, networking, firewall, docker, podman]
78
---
@@ -10,20 +11,20 @@ tags: [container, containers, networking, firewall, docker, podman]
1011

1112
This is the third post in a series about containers in Infix. This time
1213
we dive into using containers as "apps" to extend the system for custom
13-
firewall setups. Infix does not yet have native support for setting up
14-
firewalls or ACLs, so the approach is useful even for more basic setups.
14+
firewall setups. Infix has a built-in zone-based firewall that works
15+
well for common use cases. The container approach described here is for
16+
advanced setups requiring full control over nftables rules.
1517

1618
See the [first post][1] for a background and networking basics.
1719

18-
> This post assumes knowledge and familiarity with the [Infix Network
19-
> Operating System](https://kernelkit.github.io/). Ensure you have
20-
> either a network connection or console access to your Infix system and
21-
> can log in to it using SSH. Recommended reading includes the
22-
> [networking documentation][0].
20+
> This post assumes knowledge and familiarity with [Infix][7]. Ensure
21+
> you have either a network connection or console access to your Infix
22+
> system and can log in to it using SSH. Recommended reading includes
23+
> both the [networking documentation][0] and the introduction to the
24+
> [zone-based firewall][6].
2325
{: .prompt-info }
2426

25-
----
26-
27+
---
2728

2829
## Introduction
2930

@@ -244,7 +245,6 @@ table ip nat {
244245
}
245246
```
246247
247-
248248
## Fin
249249

250250
That concludes the third post about containers in Infix. As usual,
@@ -256,12 +256,12 @@ admin@infix:/> copy running-config startup-config
256256

257257
Take care! 🧡
258258

259-
----
259+
---
260260

261261
[^1]: Linux namespaces partition system resources such that one set of
262262
processes sees one set of resources, while another set of processes
263263
sees a different set of resources. There are many types: mount,
264-
user, PID, network, ...
264+
user, PID, network, ...
265265

266266
[^2]: NAT firewall, in this context an RFC 2636 NAPT, or IP masquerading
267267
firewall with filtering of incoming traffic. For more information, see
@@ -273,3 +273,5 @@ Take care! 🧡
273273
[3]: https://en.wikipedia.org/wiki/Network_address_translation
274274
[4]: https://github.com/kernelkit/infix/blob/main/doc/cli/text-editor.md
275275
[5]: https://wiki.nftables.org/wiki-nftables/index.php/Main_Page
276+
[6]: /posts/zone-based-firewall/
277+
[7]: https://kernelkit.github.io/

0 commit comments

Comments
 (0)