It prompts the user's agent to audit their network devices and topology first, and research online if it gets stuck. The configs need to be agnostic and contain placeholders. The whole idea is that the agent helps the user vibe code this, which is very doable, and probably the norm when there are so many people looking for solutions like this given the current climate. And netns is for single-host isolation. This is a router forwarding LAN→WAN. Different problem.
dontdoxxme|3 months ago
Not at all. Put the LAN interface in a network namespace that is different to the host (ip link set ... netns ...).
This gives you your "kill switch" without even needing firewall rules, it happens on a lower level.
yoloshii|3 months ago