Show HN: Childflow – command-tree network control(proxy/DNS/capture) for Linux

Category: security

Tags: network-sandbox, proxy, dns, packet-capture, security

Score: 7.0/10 (Innovation: 7, Technical: 7, Documentation: 8, Utility: 6)

Childflow is a Linux command-line tool that runs a command and its child processes in an isolated network sandbox, allowing per-tree control over DNS, hosts, proxy, traffic capture, and outbound policies. It's interesting because it solves the problem of enforcing network constraints for tools that ignore environment variables, using a rootless backend for day-to-day use and a rootful backend for advanced features like transparent interception.

Target audience: backend devs, devops, security engineers

Repository: https://github.com/blacknon/childflow · Rust · MIT · 3 stars

View on Hacker News