Description
Restricts network access for a command and its child processes on Linux. It is useful for users and administrators who want to run tools with tighter network boundaries than the rest of the system.
Network sandboxes can break applications or create a false sense of isolation if scope is misunderstood. Test policies carefully and do not treat it as a complete security boundary for hostile code.