Not logged in
Log in now
Create an account
Subscribe to LWN
An unexpected perf feature
LWN.net Weekly Edition for May 16, 2013
A look at the PyPy 2.0 release
PostgreSQL 9.3 beta: Federated databases and more
LWN.net Weekly Edition for May 9, 2013
Namespaces in operation, part 1: namespaces overview
Posted Jan 4, 2013 15:16 UTC (Fri) by dskoll (subscriber, #1630)
I believe you can have separate iptables rules in each namespace. I'm running an LXC container and it has it's own view of iptables separate from the host system.
Posted Jan 4, 2013 18:56 UTC (Fri) by luto (subscriber, #39314)
If the kernel had programmable policy for what tasks could listen, accept, and connect on which sockets to which endpoints, on the other hand, firewalls could (on non-routers, anyway) go away and everything would get simpler and faster.
And no, selinux doesn't count in my book. Try actually programming the policy.
Posted Jan 4, 2013 20:56 UTC (Fri) by ebiederm (subscriber, #35028)
Network devices and sockets belong to a particular network namespace and everything else figures out which network namespace you are talking about from the socket or network device.
Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds