==== Execute a command on the docker container network namespace ====

\\
Tired of having to **install ping/curl/telnet/netcat to test connectivity** on docker containers to other hosts? This is probably the most useful thing i've learn on container technologies

<code bash>
container_name=your-example-container

# Get the PID of docker container main command
docker inspect -f '{{.State.Pid}}' $container_name

# Execute whatever command you want (you must have it installed on host)
#  example:
nsenter -t PID -n host techdoku.nogafam.es
nsenter -t PID -n telnet 2.3.4.5 80
nsenter -t PID -n iptables -A OUTPUT -d 1.2.3.4 -p udp --dport 53 -j ACCEPT 
nsenter -t PID -n netstat -lptuan
# or whatever network-related command you want to exec
</code>

Keep in mind this **won't execute commands on the container**, so things like for example querying /etc/resolv.conf file WON'T WORK
<code bash>
cat /etc/resolv.conf
</code>

Technically, **network namespaces** are a technology on *nix operating systems that allows to create separated or/and isolated network stacks on the hosts, which contains it's own **private set of IP addresses**, it's own **routing table**, socket listing, connection tracking table, **firewall**, and other network-related resources... [[https://en.wikipedia.org/wiki/Linux_namespaces#Network_(net)|source on WikiPedia]]