Martin Gignac <martin.gignac@xxxxxxxxx> writes:
> This is actually a very cool idea! I never realized that nftables
> rulesets are bound to a specific namespace, but now it makes perfect
> sense. The only "drawback" (I guess) is that I cannot use 'iif' for
> any other interface than 'lo' in the temp namespace; I'll need to use
> 'iifname' instead since the referenced interfaces won't exist in the
> temp namespace. But it's not a deal breaker.
You can create dummy interfaces with appropriate names inside your dummy
namespace. Something like this (untested):
ip -namespace delete-me link add name eth0 type dummy
