> 2015-04-22 14:14 GMT+02:00 Lennart Poettering <lennart at poettering.net>: > > Well, I really don't want to give networkd the caps for that, > sorry. It's a network facing daemon, it should not be able to load > kernel modules.
But it is okay for networkd to manipulate the firewall directly. The nft manual page states that the iptable_nat module conflicts with the module that deals with nftables nat. Does that mean that the networkd IPMasquerade= functionality will not work if one blacklists iptables_nat? -- 02DFF788 4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788 http://keys.gnupg.net/pks/lookup?op=vindex&search=0x314883A202DFF788 Dominick Grift
pgpNEepiniQub.pgp
Description: PGP signature
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
