This may all have worked at some point in the past, but looking at mitaka onwards, rules are always applied to the tap device, not on a bridge.
I think the way forward is to create the tap device, plumbed to the bridge and then pass that as a physical device to the container - however I'm still not quite sure how iptables will handle all of that.
This may all have worked at some point in the past, but looking at mitaka onwards, rules are always applied to the tap device, not on a bridge.
I think the way forward is to create the tap device, plumbed to the bridge and then pass that as a physical device to the container - however I'm still not quite sure how iptables will handle all of that.