On Sun, 21 Dec 2025 16:32:23 +0100
Felix Rubio
Something more: I see that pasta is binding to 0.0.0.0. This means that, while allows other pods to connect to the published port of a container through 169.254.1.2, it also enables that port to be reachable from the network.
Is there any way to prevent that?
Yes, you can specify specific addresses or interfaces to bind to, relevant examples from pasta(1): -t 192.0.2.1/22 Forward local port 22, bound to 192.0.2.1, to port 22 on the guest -t 192.0.2.1%eth0/22 Forward local port 22, bound to 192.0.2.1 and in‐ terface eth0, to port 22 -t %eth0/22 Forward local port 22, bound to any address on in‐ terface eth0, to port 22 Podman supports part of that as well, see podman-run(1) (--publish) or: https://github.com/containers/podman/blob/2fbecb48e166ed79662ea5e45f2d56081a... for a summary. -- Stefano