3 hours ago · 7 min read1444 words · Tech · hide · 0 comments

In Part 1, we introduced the idea that coding agents like Claude Code may chose to scrape using a direct request from the host and a proxied request via Anthropic Infrastructure. In this post, we’ll start isolating traffic for an application using namespaces. Isolating Claude’s traffic with network namespaces The concept We use a network namespace to filter out all networking traffic on the host that is unrelated to the claude process. A namespace gives a process its own isolated copy of the Linux network stack. The process in the namespace gets its own interfaces, routing table, iptables rules, and socket space, completely separated from the host. Because claude is the only process inside the namespace, every packet on that namespace’s interface belongs to claude. No filtering or guesswork required. Example analogy: Putting the process in a private interrogation room with one-way glass. The process can still make phone calls (network access via NAT), but every call goes through a…

No comments yet. Log in to reply on the Fediverse. Comments will appear here.