Giter VIP home page Giter VIP logo

network_namespaces's Introduction

Network namespaces for Linux desktop & shell applications

Ease use of isolated network namespaces with Linux desktop and shell applications. This repository offers several scripts and files which

  • automate network namespace creation for you

    • iptables-based firewall rules are automatically configured for your network namespaces

    • you can re-apply network namespace configuration by re-executing /etc/network-namespaces.d/netns_init.sh

  • provide launch script netns_exec which enforces an application to run in the selected network namespace

  • ps and kill command wrappers (psns and killns, respectively) for checking and sending signals (man 7 signal) to applications running in a specific network namespace

For automation and auto-deployment of network namespaces during system boot, I prefer rc-local Systemd wrapper.

Deployment

  • You should deploy repository snippet files using the directory hierarchy shown here

  • bash, iptables and sudo are required

    • rc.local is optional but preferred for full automation

  • You should set executable bit (chmod +x) for files in usr/local/bin/ and for etc/network-namespaces.d/netns_init.sh

Examples

Predefined network namespaces

Network namespace Description
nonet No network access
netwan WAN access. No LAN access
failsafe Similar to netwan but with different DNS set
netlocal Host-only network access without DNS (change configuration as desired)

You should re-configure pre-defined network namespaces as you wish (contents of files etc/network-namespaces.d/netns_init.sh and usr/local/bin/iptables-netns).

You should add or remove network namespaces and customize the setup for your needs.

Desktop applications, usage examples

  • Generic application (VLC), run in nonet namespace (no network access):
netns_exec nonet vlc
  • Flatpak application (Valve Steam), run in nonet namespace (no network access):

(NOTE: This can be also be achieved via native Flatpak network access/permission control)

netns_exec nonet /usr/bin/flatpak run --branch=stable --arch=x86_64 --command=/app/bin/steam --file-forwarding com.valvesoftware.Steam
  • Flatpak application (Discord), run in netwan namespace:
netns_exec netwan /usr/bin/flatpak run --branch=stable --arch=x86_64 --command=com.discordapp.Discord com.discordapp.Discord
  • Flatpak application (Firefox), run in failsafe namespace:
netns_exec failsafe /usr/bin/flatpak run --branch=stable --arch=x86_64 --command=firefox --file-forwarding org.mozilla.firefox

network_namespaces's People

Contributors

fincer avatar

Stargazers

avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.