Re: [Devel] [PATCH rh7 1/2] net: Add rules for new {ip, ip6, x}table modules

[Kirill Tkhai]

Cyrill, please, review the series.

В Вт, 26/05/2015 в 14:09 +0300, Kirill Tkhai пишет:
> Here are the modules, which need extended permittions
> (see module_payload_allowed() for details).
> 
> https://jira.sw.ru/browse/PSBM-33631
> 
> Signed-off-by: Kirill Tkhai <ktk...@odin.com>
> ---
>  kernel/kmod.c |   13 +++++++++++++
>  1 file changed, 13 insertions(+)
> 
> diff --git a/kernel/kmod.c b/kernel/kmod.c
> index b77bbc5..a213533 100644
> --- a/kernel/kmod.c
> +++ b/kernel/kmod.c
> @@ -211,6 +211,7 @@ static struct {
>       { "iptable_nat",        VE_IP_NAT       },
>       { "iptable_mangle",     VE_IP_MANGLE    },
>       { "ip6table_filter",    VE_IP_FILTER6   },
> +     { "ip6table_nat",       VE_IP_NAT       },
>       { "ip6table_mangle",    VE_IP_MANGLE6   },
>  
>       { "xt_CONNMARK",        VE_NF_CONNTRACK|VE_IP_CONNTRACK },
> @@ -225,6 +226,8 @@ static struct {
>       { "xt_state",           VE_NF_CONNTRACK|VE_IP_CONNTRACK },
>       { "xt_socket",          VE_NF_CONNTRACK|VE_IP_CONNTRACK|
>                               VE_IP_IPTABLES6                 },
> +     { "xt_connlabel",       VE_NF_CONNTRACK|VE_IP_CONNTRACK|
> +                             VE_IP_IPTABLES6                 },
>  
>       { "ipt_CLUSTERIP",      VE_NF_CONNTRACK|VE_IP_CONNTRACK },
>       { "ipt_CONNMARK",       VE_NF_CONNTRACK|VE_IP_CONNTRACK },
> @@ -245,6 +248,9 @@ static struct {
>                               VE_IP_NAT                       },
>       { "ipt_REDIRECT",       VE_NF_CONNTRACK|VE_IP_CONNTRACK|
>                               VE_IP_NAT                       },
> +     { "ipt_connlabel",      VE_NF_CONNTRACK|VE_IP_CONNTRACK|
> +                             VE_IP_IPTABLES6                 },
> +     { "ipt_SYNPROXY",       VE_NF_CONNTRACK|VE_IP_CONNTRACK },
>  
>       { "ip6t_CONNMARK",      VE_NF_CONNTRACK|VE_IP_CONNTRACK },
>       { "ip6t_CONNSECMARK",   VE_NF_CONNTRACK|VE_IP_CONNTRACK },
> @@ -258,6 +264,13 @@ static struct {
>       { "ip6t_state",         VE_NF_CONNTRACK|VE_IP_CONNTRACK },
>       { "ip6t_socket",        VE_NF_CONNTRACK|VE_IP_CONNTRACK|
>                               VE_IP_IPTABLES6                 },
> +     { "ip6t_MASQUERADE",    VE_NF_CONNTRACK|VE_IP_CONNTRACK|
> +                             VE_IP_NAT|VE_IP_IPTABLES6       },
> +     { "ip6t_connlabel",     VE_NF_CONNTRACK|VE_IP_CONNTRACK|
> +                             VE_IP_IPTABLES6                 },
> +     { "ip6t_SYNPROXY",      VE_NF_CONNTRACK|VE_IP_CONNTRACK|
> +                             VE_IP_IPTABLES6                 },
> +
>       { "nf-nat-ipv4",        VE_NF_CONNTRACK|VE_IP_CONNTRACK|
>                               VE_IP_NAT                       },
>       { "nf-nat",             VE_NF_CONNTRACK|VE_IP_CONNTRACK|
> 
> _______________________________________________
> Devel mailing list
> Devel@openvz.org
> https://lists.openvz.org/mailman/listinfo/devel


_______________________________________________
Devel mailing list
Devel@openvz.org
https://lists.openvz.org/mailman/listinfo/devel