iam using docker on my omv. OFC with portainer. Now i created a Macvlan to connect a container physically to my network. everything seems fine so far. Also could connect to the services, by the given ip-address. Now ive seen, that simple all ports got exposed and i cant restrict that, due it doesnt use the hosts iptables.
I came across this: https://github.com/deitch/ctables/blob/master/ctables
with that iam able to restrict the iptables inside of a container. Unfortionally they are non persistent. I was wondering if anyone got it to work to auto execute a script on containerstart via portainer.