[Devel] [PATCH rh7 1/2] net: Add rules for new {ip, ip6, x}table modules

Kirill Tkhai ktkhai at odin.com
Tue May 26 04:46:08 PDT 2015 

Cyrill, please, review the series.

В Вт, 26/05/2015 в 14:09 +0300, Kirill Tkhai пишет:
> Here are the modules, which need extended permittions
> (see module_payload_allowed() for details).
> 
> https://jira.sw.ru/browse/PSBM-33631
> 
> Signed-off-by: Kirill Tkhai <ktkhai at odin.com>
> ---
>  kernel/kmod.c |   13 +++++++++++++
>  1 file changed, 13 insertions(+)
> 
> diff --git a/kernel/kmod.c b/kernel/kmod.c
> index b77bbc5..a213533 100644
> --- a/kernel/kmod.c
> +++ b/kernel/kmod.c
> @@ -211,6 +211,7 @@ static struct {
>  	{ "iptable_nat",	VE_IP_NAT	},
>  	{ "iptable_mangle",	VE_IP_MANGLE	},
>  	{ "ip6table_filter",	VE_IP_FILTER6	},
> +	{ "ip6table_nat",	VE_IP_NAT	},
>  	{ "ip6table_mangle",	VE_IP_MANGLE6	},
>  
>  	{ "xt_CONNMARK",	VE_NF_CONNTRACK|VE_IP_CONNTRACK },
> @@ -225,6 +226,8 @@ static struct {
>  	{ "xt_state",		VE_NF_CONNTRACK|VE_IP_CONNTRACK },
>  	{ "xt_socket",		VE_NF_CONNTRACK|VE_IP_CONNTRACK|
>  				VE_IP_IPTABLES6			},
> +	{ "xt_connlabel",	VE_NF_CONNTRACK|VE_IP_CONNTRACK|
> +				VE_IP_IPTABLES6			},
>  
>  	{ "ipt_CLUSTERIP",	VE_NF_CONNTRACK|VE_IP_CONNTRACK },
>  	{ "ipt_CONNMARK",	VE_NF_CONNTRACK|VE_IP_CONNTRACK },
> @@ -245,6 +248,9 @@ static struct {
>  				VE_IP_NAT			},
>  	{ "ipt_REDIRECT",	VE_NF_CONNTRACK|VE_IP_CONNTRACK|
>  				VE_IP_NAT			},
> +	{ "ipt_connlabel",	VE_NF_CONNTRACK|VE_IP_CONNTRACK|
> +				VE_IP_IPTABLES6			},
> +	{ "ipt_SYNPROXY",	VE_NF_CONNTRACK|VE_IP_CONNTRACK },
>  
>  	{ "ip6t_CONNMARK",	VE_NF_CONNTRACK|VE_IP_CONNTRACK },
>  	{ "ip6t_CONNSECMARK",	VE_NF_CONNTRACK|VE_IP_CONNTRACK },
> @@ -258,6 +264,13 @@ static struct {
>  	{ "ip6t_state",		VE_NF_CONNTRACK|VE_IP_CONNTRACK },
>  	{ "ip6t_socket",	VE_NF_CONNTRACK|VE_IP_CONNTRACK|
>  				VE_IP_IPTABLES6			},
> +	{ "ip6t_MASQUERADE",	VE_NF_CONNTRACK|VE_IP_CONNTRACK|
> +				VE_IP_NAT|VE_IP_IPTABLES6	},
> +	{ "ip6t_connlabel",	VE_NF_CONNTRACK|VE_IP_CONNTRACK|
> +				VE_IP_IPTABLES6			},
> +	{ "ip6t_SYNPROXY",	VE_NF_CONNTRACK|VE_IP_CONNTRACK|
> +				VE_IP_IPTABLES6			},
> +
>  	{ "nf-nat-ipv4",	VE_NF_CONNTRACK|VE_IP_CONNTRACK|
>  				VE_IP_NAT			},
>  	{ "nf-nat",		VE_NF_CONNTRACK|VE_IP_CONNTRACK|
> 
> _______________________________________________
> Devel mailing list
> Devel at openvz.org
> https://lists.openvz.org/mailman/listinfo/devel

More information about the Devel mailing list