Network Namespace

I plan to use Network namespacing (netns) under Linux in future to isolate programs that behaves badly (Firefox) or does not require network at all (build of programs).

Stage: study

Systemd support

For Long time there is PrivateNetwork=yes that runs service in isolated loopback network (nothing else).

Links to study:

• https://linux-audit.com/systemd/settings/units/privatenetwork/
• https://www.redhat.com/en/blog/mastering-systemd

More general using ip netns instance templates:

• https://www.cloudnull.io/2019/04/running-services-in-network-name-spaces-with-systemd/

NetworkNamesapcePath example from https://discourse.nixos.org/t/run-systemd-service-in-network-namespace/3179 for nixos:

# [email protected]
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=${pkgs.iproute}/bin/ip netns add %I
ExecStop=${pkgs.iproute}/bin/ip netns del %I

# myservice.service
[Unit]
[email protected]
[email protected]
NetworkNamespacePath=/var/run/netns/wg
[Service]
ExecStart=myservice