[Users] ipset and openvz
Konstantin Khorenko
khorenko at virtuozzo.com
Tue Oct 6 08:15:14 PDT 2015
Hi Nick,
On 09/30/2015 09:56 PM, Nick Knutov wrote:
> I know ipset is not virtualized, but I have number of trusted CTs and I
> want to use ipset inside them (and it's ok in my case to share all data
> between CTs and node).
>
> Is it possible to enable ipset for selected CTs?
surely you've already found the issue where ipset had been disabled previously:
https://bugs.openvz.org/browse/OVZ-5736
So currently you cannot use ipset inside Containers.
What can you do now? You have 2 options:
1) just remove the patch which disables ipset managing inside Containers which
was added in that bug, and you'll be able to manage ipset inside ALL Containers
on the Hardware Node.
Patch attached, just in case.
2) basing on the patch provided (so you know all the places you need fix), you
can implement a feature to enable the ipset management for the defined list of
CTs only, and send us patches.
Hope that helps.
--
Best regards,
Konstantin Khorenko,
Virtuozzo Linux Kernel Team
-------------- next part --------------
An embedded message was scrubbed...
From: <khorenko at parallels.com>
Subject: [PATCH COMMIT]
diff-ve-netfilter-ipset-prohibit-ipset-from-the-inside-CT
Date: Thu, 7 Aug 2014 23:51:53 +0400
Size: 5696
URL: <http://lists.openvz.org/pipermail/users/attachments/20151006/be57b826/attachment.mht>
More information about the Users
mailing list