On Fri, Jun 19, 2015 at 10:41:21AM -0500, Eric W. Biederman wrote: > > Currenlty nf_tables chains added in one network namespace are being > run in all network namespace. The issues are myriad with the simplest > being an unprivileged user can cause any network packets to be dropped. > > Address this by simply not running nf_tables chains in the wrong > network namespace. > > Cc: sta...@vger.kernel.org > Signed-off-by: "Eric W. Biederman" <ebied...@xmission.com>
Acked-by: Pablo Neira Ayuso <pa...@netfilter.org> @David: Patrick sent a similar patch to address this, if you can get this into the net tree, I'll make sure this propagates to -stable. Thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in