ip-netns - process network namespace management ip "[ " OPTIONS " ]" netns " { " COMMAND " | " help " }" "ip netns" " { " list " } " "ip netns" " { " add " | " delete " } " NETNSNAME "ip netns exec " NETNSNAME command ... A network namespace is logically another copy of the network stack, with it's own routes, firewall rules, and network devices. By convention a named network namespace is an object at "/var/run/netns/" NAME that can be opened. The file descriptor resulting from opening "/var/run/netns/" NAME refers to the specified network namespace. Holding that file descriptor open keeps the network namespace alive. The file descriptor can be used with the setns(2) system call to change the network namespace associated with a task. The convention for network namespace aware applications is to look for global network configuration files first in "/etc/netns/" NAME "/" then in "/etc/". For example, if you want a different version of /etc/resolv.conf for a network namespace used to isolate your vpn you would name it /etc/netns/myvpn/resolv.conf. ip netns exec automates handling of this configuration, file convention for network namespace unaware applications, by creating a mount namespace and bind mounting all of the per network namespace configure files into their traditional location in /etc.

ip (8)

Original Manpage by Eric W. Biederman