    iam using docker on my omv. OFC with portainer. Now i created a Macvlan to connect a container physically to my network. everything seems fine so far. Also could connect to the services, by the given ip-address. Now ive seen, that simple all ports got exposed and i cant restrict that, due it doesnt use the hosts iptables.

    I came across this: https://github.com/deitch/ctables/blob/master/ctables

    with that iam able to restrict the iptables inside of a container. Unfortionally they are non persistent. I was wondering if anyone got it to work to auto execute a script on containerstart via portainer.



