Open tzugen opened 1 year ago
You can just run iptables in the network namespace for dropping packets by the source address that is visible in the network namespace, does that work for you?
@AkihiroSuda Hey :) This approach works if I want to drop packages from inside the namespace (=blacklisting) I don't think it will work if I want to leave all packets from the namespace untouched, but disallow everything else outside the namespace (=whitelisting)
I have setup the interface as described in the man page.
Now I want to create an IPtables rule to allow those packets while dropping anything else. I had hoped that I could filter on the source address, but its simply the local address of the pc.
Is there a way to tag the packets, for example with a classid?