<div dir="ltr"><div>I think docker or lxc may help you. You run the process(es) in a container and attach a tap interface to the container, the process inside the container can only see the attached interface. <br><br></div>Regards,<br></div><div class="gmail_extra"><br><div class="gmail_quote">2017-04-18 4:28 GMT-03:00 Lev Olshvang <span dir="ltr"><<a href="mailto:levonshe@yandex.com" target="_blank">levonshe@yandex.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div>Hi all,</div><div> </div><div>I would like to constrain process (by name) or group of process to specific network interface and to specific port.</div><div> </div><div>Please advice if there is some cgroups controller or netfilter module?</div><div> </div><div>ThanX, Lev</div><div> </div>
<br>______________________________<wbr>_________________<br>
Kernelnewbies mailing list<br>
<a href="mailto:Kernelnewbies@kernelnewbies.org">Kernelnewbies@kernelnewbies.<wbr>org</a><br>
<a href="https://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies" rel="noreferrer" target="_blank">https://lists.kernelnewbies.<wbr>org/mailman/listinfo/<wbr>kernelnewbies</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">“If you're going to try, go all the way. Otherwise, don't even start. ..." <br> Charles Bukowski</div>
</div>