Off hand, I cannot think of a way to isolate a network interface except with namespaces. If that is true, the simplest way would be with a container, especially an LXD container which is is functionally like a full OS with it's own kernel.
@Bruce Elrick A bit of a heavier solution than I was looking for, but in the absence of a better solution, I'll probably go this route. Thanks for the help.
Jonathan Lamothe
in reply to Jonathan Lamothe • •Content warning: nerdy sysadmin stuff
Bruce Elrick
in reply to Jonathan Lamothe • • •Bruce Elrick
in reply to Bruce Elrick • • •snap install lxd
lxd init --auto
lxc launch ubuntu:jammy mycontainer
lxc shell mycontainer
curl -fsSL https://tailscale.com/install.sh | sh
tailscale up
...
Bruce Elrick
in reply to Bruce Elrick • • •Bruce Elrick
in reply to Bruce Elrick • • •Also, it occurs to me that likely the snap install lxd hides granting some privileges to the user who has sudo privs (via an lxd group).
In principle there might be a much slimmer container that could do the same, but I am too lazy to figure it out.
Jonathan Lamothe
in reply to Bruce Elrick • •Jonathan Lamothe
in reply to Jonathan Lamothe • •Bruce Elrick likes this.
Bruce Elrick
in reply to Jonathan Lamothe • • •Jonathan Lamothe
in reply to Bruce Elrick • •Bruce Elrick
in reply to Jonathan Lamothe • • •Bruce Elrick
in reply to Bruce Elrick • • •Rainer "diasp.org" Sokoll ✅
in reply to Jonathan Lamothe • • •Jonathan Lamothe likes this.