[Devel] Re: [PATCH 33/33] Enable netfilter in netns
Patrick McHardy
kaber at trash.net
Thu Oct 2 02:12:08 PDT 2008
Alexey Dobriyan wrote:
> >From kernel perspective, allow entrance in nf_hook_slow().
>
> Stuff which uses nf_register_hook/nf_register_hooks, but otherwise not netns-ready:
>
> DECnet netfilter
> ipt_CLUSTERIP
> nf_nat_standalone.c together with XFRM (?)
> IPVS
> several individual match modules (like hashlimit)
> ctnetlink
> NOTRACK
> all sorts of queueing and reporting to userspace
> L3 and L4 protocol sysctls, bridge sysctls
> probably something else
>
> Anyway critical mass has been achieved, there is no reason to hide netfilter any longer.
>
> >From userspace perspective, allow to manipulate all sorts of
> iptables/ip6tables/arptables rules.
>
Applied. thanks Alexey.
Is there an easy way to test all this stuff?
_______________________________________________
Containers mailing list
Containers at lists.linux-foundation.org
https://lists.linux-foundation.org/mailman/listinfo/containers
More information about the Devel
mailing list