Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support iptables-like filtering #140

Open
sirdarckcat opened this issue May 29, 2020 · 4 comments
Open

Support iptables-like filtering #140

sirdarckcat opened this issue May 29, 2020 · 4 comments

Comments

@sirdarckcat
Copy link
Member

Seems like it's possible to do ip packet filtering inside network namespaces. Not sure how something like this could be implemented, so just throwing it out there as an idea.

https://github.com/deitch/ctables/blob/master/ctables
https://stackoverflow.com/questions/35695840/iptables-not-working-on-macvlan-traffic-in-container
@sirdarckcat sirdarckcat mentioned this issue May 29, 2020
Closed
@sirdarckcat
Copy link
Member Author

(I was looking into this to limit the bandwidth used by the contained service)

@juliangruber
Copy link

juliangruber commented Feb 23, 2021
edited
Loading

Maybe filtering on a syscall level could work for this, using https://github.com/google/kafel?

Otherwise I'd think you'd need to create a new virtual interface, add iptable rules, and then pass that to the jailed process.

@sirdarckcat
Copy link
Member Author

Hmm interesting. @happyCoder92 WDYT?

@juliangruber
Copy link

Keep in mind that when passing a virtual interface you need to use sudo

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@juliangruber @sirdarckcat