Alexey Dobriyan wrote: > In fact all we want is per-netns set of rules, however doing that will > unnecessary complicate routines such as ipt_hook()/ipt_do_table, so > make full xt_table array per-netns. > > Every user stubbed with init_net for a while. Applied.