Currently, --net=none creates a network namespace with only a new loopback interface. Implemente a --net=local option that would create a network namespace with only the existing loopback interface. Reported on wordpress.com
netblue30
All 7 comments
The problem is an interface cannot belong to more than one network namespace. The feature cannot be implemented without Linux kernel modifications.
netblue30
on 31 Oct 2015
Is it possible to have explicit blacklisting of existing network interfaces then? This would achieve the same result if one blacklisted all interfaces except the loopback. Or is this impossible due to same Linux kernel technical restrictions, despite being worded differently?
pitchforks
on 8 Nov 2015
No, blacklisting will not work because of the way they set the namespace inside the kernel. I'll try to build a proxy and move the network traffic between the two loopback interfaces (the one on the host, and the one in the sandbox). I think it should work.
netblue30
on 9 Nov 2015
One approach could be to create a veth pair to redirect all within-sandbox traffic to the host, and use an iptables rule to route all that traffic to 127.0.0.1? Or to another specific IP/port. I do that to redirect all my sandboxes' network traffic to my host's default gateway, providing transparent networking with bandwidth control.
Sidnioulz
on 30 Jan 2016
Two years later, and there's still no progress on it? I'd like to make a bitcoin donation to make this feature implemented 馃槅
biergaizi
on 13 Jul 2017
As far as I know, it's been another year now @biergaizi :wink:
chiraag-nataraj
on 7 Jun 2018
Please avoid leaving comments like this on repositories. There are people subscribed to issues who just want to be notified when there are relevant news (and you have no contact info on your profile page).
anewuser
on 8 Jun 2018
Related issues
fl-chris
路
4Comments
HulaHoopWhonix
路
4Comments
bryce-lynch
路
4Comments
crass
路
3Comments
SkewedZeppelin
路
3Comments