AkihiroSuda
commented
1 year ago You can just run iptables in the network namespace for dropping packets by the source address that is visible in the network namespace, does that work for you?
Open tzugen opened 1 year ago
AkihiroSuda
commented
1 year ago You can just run iptables in the network namespace for dropping packets by the source address that is visible in the network namespace, does that work for you?
tzugen
commented
1 year ago @AkihiroSuda Hey :) This approach works if I want to drop packages from inside the namespace (=blacklisting) I don't think it will work if I want to leave all packets from the namespace untouched, but disallow everything else outside the namespace (=whitelisting)
I have setup the interface as described in the man page.
Now I want to create an IPtables rule to allow those packets while dropping anything else. I had hoped that I could filter on the source address, but its simply the local address of the pc.
Is there a way to tag the packets, for example with a classid?