[systemd-devel] [Question] How to make services only see only one external network interface and loopback
Lucas Eduardo
lucas59356 at gmail.com
Tue Jan 17 20:03:42 UTC 2023
I am working on a service unit for a DHT crawler.
For some reason, it doesn't work well with the default network settings
because it seems to use a huge amount of traffic for a very small
amount of findings.
The same program works fine via docker, but I want to package it as a
hardened systemd unit.
A difference between the network layout in Docker and the host is that
Docker only exposes the "lo" interface and an upstream one, and the host
exposes everything and I think it's causing some kind of conflict.
How can I implement this Docker behaviour in systemd?
I tried using PrivateNetwork but it kills any Internet access because
only localhost is available.
Is there any not so well known feature to implement this?
I am running systemd 251.7 on NixOS. I already have experience
converting systemd stuff to the way the NixOS module system understands.
Thanks in advance
More information about the systemd-devel
mailing list