Alexey Dobriyan wrote: > >From kernel perspective, allow entrance in nf_hook_slow(). > > Stuff which uses nf_register_hook/nf_register_hooks, but otherwise not > netns-ready: > > DECnet netfilter > ipt_CLUSTERIP > nf_nat_standalone.c together with XFRM (?) > IPVS > several individual match modules (like hashlimit) > ctnetlink > NOTRACK > all sorts of queueing and reporting to userspace > L3 and L4 protocol sysctls, bridge sysctls > probably something else > > Anyway critical mass has been achieved, there is no reason to hide netfilter > any longer. > > >From userspace perspective, allow to manipulate all sorts of > > > > > > > iptables/ip6tables/arptables rules. >
Applied. thanks Alexey. Is there an easy way to test all this stuff? _______________________________________________ Containers mailing list [EMAIL PROTECTED] https://lists.linux-foundation.org/mailman/listinfo/containers _______________________________________________ Devel mailing list [email protected] https://openvz.org/mailman/listinfo/devel
