How to manage firewall rules on the LXD bridge

Manage firewall rules on the LXD bridge by yourself.

Preliminary information

Operating system version.

$ lsb_release -a

No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 20.04 LTS
Release:	20.04
Codename:	focal

LXD version.

$ lxd --version

4.0.2

The problem

I have custom firewall rules that are overwritten on every system boot.

It is especially troublesome where required MASQUERADE rule on the bridge…

$ sudo iptables -t nat -L POSTROUTING

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  10.16.32.0/20       !10.16.0.0/16        /* generated for LXD network lxdbr0 */

… is overwritten by the default bridge settings.

$ sudo iptables -t nat -L POSTROUTING

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  10.16.32.0/20       !10.16.32.0/20        /* generated for LXD network lxdbr0 */

This is troublesome because it is stopping me from connecting several independent LXD servers.

The solution

Inspect default LXD bridge.

$ sudo lxc network show lxdbr0

config:
  ipv4.address: 10.16.32.1/20
  ipv4.nat: "true"
  ipv6.address: none
description: ""
name: lxdbr0
type: bridge
used_by:
- /1.0/instances/kubernetes-master
- /1.0/instances/swarm-master
- /1.0/profiles/default
managed: true
status: Created
locations:
- none

Disable nat and firewall on this bridge.

$ sudo lxc network set lxdbr0 ipv4.nat false

$ sudo lxc network set lxdbr0 ipv4.firewall false

Verify applied changes.

$ sudo lxc network show lxdbr0

config:
  ipv4.address: 10.16.32.1/20
  ipv4.firewall: "false"
  ipv4.nat: "false"
  ipv6.address: none
description: ""
name: lxdbr0
type: bridge
used_by:
- /1.0/instances/kubernetes-master
- /1.0/instances/swarm-master
- /1.0/profiles/default
managed: true
status: Created
locations:
- none

Done. Now you can manage firewall rules by yourself.