I read that nftables uses the kernel built in netfilter hooks to filter packets. How does an unpriviledged container have access to that?
Just trying to learn and understand better. Thanks!
netfilter is named spaced, so should work fine inside an unprivileged container, with its own set of rules.
1 Like
Cool, that is good to know! Thanks!