I am currently using the net_cls cgroup to classify packets from a process and then later mangle them with iptables. From the kernel and systemd guys it seems that net_cls is deprecated and other tools like nftables are supposed to do the same things. I checked out nftables and it looks like I can use cgroups matches (iptables for that matter might work too) but I am unclear as to what my cgroup would be. Does anyone have any hints on what that cgroup is? Do I need to create one? Can I leverage an existing one from systemd or something?
Asked
Active
Viewed 248 times
