Ping a Specific Port

Question

allo

Asked: 2013-12-10 10:14:05 +0800 CST2013-12-10 10:14:05 +0800 CST 2013-12-10 10:14:05 +0800 CST

route traffic from a cgroup via a specific network interface

772

Is there a possiblity, to restrict a cgroup to a specific network interface? All packets from the cgroup should only be routed via a VPN connection, while other packets use the default route.

With unix users its possible with iptables "-m owner --set-mark" and then routing with "ip rule".

Is it possible to match a cgroup? iptables seems to have no support for this.

2 Answers

Voted

Marco d'Itri · Answer 1 · 2015-10-25T21:58:02+08:00

Best Answer

Marco d'Itri

2015-10-25T21:58:02+08:002015-10-25T21:58:02+08:00

iptables support for -m cgroup has not yet been released, but you can easily build the extension yourself and install it on your system:

git clone git://git.netfilter.org/iptables.git
cd iptables
./autogen.sh
./configure
make -k
sudo cp extensions/libxt_cgroup.so /lib/xtables/
sudo chmod -x /lib/xtables/libxt_cgroup.so

4

johntellsall · Answer 2 · 2014-06-02T11:44:57+08:00

johntellsall

2014-06-02T11:44:57+08:002014-06-02T11:44:57+08:00

Use -m cgroup. Example:

iptables -A OUTPUT -m cgroup ! --cgroup 1 -j DROP

From: http://lwn.net/Articles/569678/

1

route traffic from a cgroup via a specific network interface

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?