1498522227 J * fstd_ ~fstd@x5ce4a365.dyn.telefonica.de
1498522698 Q * fstd Ping timeout: 480 seconds
1498522698 N * fstd_ fstd
1498524447 Q * BlackPanx Server closed connection
1498524463 J * BlackPanx ~black@93-103-10-34.static.t-2.net
1498524792 Q * romster Remote host closed the connection
1498524806 J * romster ~romster@158.140.215.184
1498529311 M * Bertl_oO  off to bed now ... have a good one everyone!
1498529313 N * Bertl_oO Bertl_zZ
1498532502 Q * daniel_hozac Server closed connection
1498532514 J * daniel_hozac ~daniel@217-211-16-149-no42.tbcn.telia.com
1498535591 Q * mcp Server closed connection
1498535626 J * mcp ~mcp@wolk-project.de
1498541089 Q * geb Server closed connection
1498541199 J * geb ~geb@mars.gebura.eu.org
1498547077 J * hijacker ~hijacker@82-161-240-76.ip.xs4all.nl
1498547096 Q * hijacker 
1498552487 J * nikolay ~nikolay@HOST.255.3.ixos.de
1498553036 Q * pixel_yo Server closed connection
1498553121 J * pixel_yo ~pixel@v22017013027542729.megasrv.de
1498554104 Q * romster Ping timeout: 480 seconds
1498554611 J * romster ~romster@158.140.215.184
1498555655 Q * _are_ Server closed connection
1498555655 J * _are_ ~quassel@2a01:238:4325:ca00:f065:c93c:f967:9285
1498556219 N * Bertl_zZ Bertl
1498556222 M * Bertl morning folks!
1498557180 M * Ghislain hi there
1498557612 M * Ghislain do you think there is a way to have a network namespace interface with a vroot like  filter (vdev ?) that would allow all network stuff but change to mac/ip changes ? so they can use iptbales but not mess with the network config settings ? 
1498557618 M * Ghislain just dreaming otu loud again ;p
1498557666 M * Bertl not sure what you're dreaming about :)
1498557687 M * Ghislain you dont want the details ! lol
1498557717 M * Ghislain well i dream of a guest that can iptables but not change/add/del ip on the guest
1498557762 M * Ghislain like vroot, you have the device but cannot mess with it
1498557785 M * Ghislain but for the network
1498557805 M * Bertl well, messing with an interface is bound to certain capabilities
1498557816 M * Bertl so the capability checks are already there
1498557845 M * Ghislain ohhh yes, let me check that
1498557861 M * Bertl if you modify that in such a way that you prevent a certain namespace from doing that
1498557880 M * Bertl then you probably already have what you want
1498557938 M * Bertl most likely you will need to create your own specific capability and adjust the kernel to use that, because traditionally networking is all one big capability
1498558001 M * Ghislain yes i see all is on netadmin, iptables ans ip changes are in the same caps
1498558062 M * Ghislain i can limit only raw and broadcast
1498558566 M * Ghislain okay, lets rewrite the caps system ! ;p
1498558584 M * Ghislain can i write it in php ?
1498558600 M * Ghislain or in bash..that would do
1498558640 M * Ghislain ohhh no i will do that in...java !
1498559004 M * Bertl well, it is trivial to add a new cap if there is space left in the bits
1498559013 M * AlexanderS Ghislain: Maybe lua? :-D Some BSD variant already uses it in the kernel..
1498559026 M * Bertl and you just need to change the relevant checks to use the new bit
1498559050 M * Bertl so not really rocket science
1498561765 M * Bertl off for now ... bbl
1498561766 N * Bertl Bertl_oO
1498564823 Q * kolorafa Server closed connection
1498564824 J * kolorafa ~quassel@root03.itdesk.eu
1498566445 Q * Aiken Remote host closed the connection
1498567017 M * Ghislain  AlexanderS: ah why not
1498567033 M * Ghislain  Bertl: add new caps perhaps but enforcing them is another matter
1498567067 M * Bertl_oO the checks are already there, you just need to check for a _different_ cap
1498567131 M * Ghislain oh you mean instead of net_admin check net_admin or net_iptables... 
1498572246 J * Ghislain1 ~ghislain@81.56.195.31
1498572246 Q * Ghislain Read error: Connection reset by peer
1498573031 Q * ex Server closed connection
1498573033 J * ex ~ex@valis.net.pl
1498573655 Q * karasz Server closed connection
1498573661 J * karasz ~karasz@00015555.user.oftc.net
1498574847 Q * bzed Server closed connection
1498574864 J * bzed ~bzed@bzed.netrep.oftc.net
1498576479 Q * CcxWrk Server closed connection
1498576575 J * CcxWrk ~ccx@asterix.te2000.cz
1498577927 Q * Jb_boin Server closed connection
1498577937 J * Jb_boin ~dedior@proxad.eu
1498578792 Q * nikolay Quit: Leaving
1498579647 Q * eyck Server closed connection
1498579651 J * eyck ~eyck@st14cl28.host-nowanet.pl
1498584051 Q * _are_ Remote host closed the connection
1498584647 Q * Bertl_oO Server closed connection
1498584649 J * Bertl_oO herbert@IRC.13thfloor.at
1498589103 Q * sladen Server closed connection
1498589107 J * sladen ~paul@starsky.19inch.net
1498590311 Q * Carpoon_ Server closed connection
1498590326 J * Carpoon ~Carpoon@carpoon.hu
1498592553 Q * jrklein resistance.oftc.net graviton.oftc.net
1498592553 Q * dustinm` resistance.oftc.net graviton.oftc.net
1498593035 J * jrklein ~cloud@proxy.dnihost.net
1498593035 J * dustinm` ~dustinm`@68.ip-149-56-14.net
1498595518 J * Aiken ~Aiken@d63f.h.jbmb.net
1498596545 J * nikolay ~nikolay@2001:981:4551:1:fa71:7c7e:ff30:b56c
1498599327 Q * Hunger Server closed connection
1498599338 J * Hunger ~Hunger@zer0days.com
1498599339 Q * nikolay Ping timeout: 480 seconds
1498600575 Q * AlexanderS Server closed connection
1498600588 J * AlexanderS ~Alexander@home.zedat.fu-berlin.de
1498604711 Q * PowerKe Server closed connection
1498604722 J * PowerKe ~tom@d54c69995.access.telenet.be