Run system command in sandboxed app

I need to add/remove iptables rules inside my legato app how can i do that?
The app must sandboxed. To use an unsandboxed app is not an option!

I check a GPIO and if the GPIO is set to high i need to execute the following command:

iptables -t nat -A POSTROUTING --out-interface rmnet_data0 -j MASQUERADE
iptables -A FORWARD -o ecm0 -i rmnet_data0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i ecm0 -o rmnet_data0 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward

Thanks in advanced!

it is quite hard to implement this in sandboxed application.

I suggest you to build an unsandboxed application to just call these iptables commands.
And then in your sandboxed application, when you need to set iptables rules, you can use IPC to call your unsandboxed application.

Thanks for the quick Answer!

Is there really no way to do this in a single sandboxed app?

you can try porting the iptables source code to your application.