How does nftables work inside an unpriviledged container?

I read that nftables uses the kernel built in netfilter hooks to filter packets. How does an unpriviledged container have access to that?
Just trying to learn and understand better. Thanks!

netfilter is named spaced, so should work fine inside an unprivileged container, with its own set of rules.

1 Like

Cool, that is good to know! Thanks!