[Users] ipset netfilter extention virtualization
Konstantin Khorenko
khorenko at virtuozzo.com
Tue Oct 6 08:38:47 PDT 2015
By the way, this is a nice feature to contribute in case someone is looking for
one to start with. :)
i'm talking about Virtuozzo 7 (3.10-x kernel) of course.
--
Best regards,
Konstantin Khorenko,
Virtuozzo Linux Kernel Team
On 10/06/2015 06:15 PM, Konstantin Khorenko wrote:
> Hi Nick,
>
> On 09/30/2015 09:56 PM, Nick Knutov wrote:
>> I know ipset is not virtualized, but I have number of trusted CTs and I
>> want to use ipset inside them (and it's ok in my case to share all data
>> between CTs and node).
>>
>> Is it possible to enable ipset for selected CTs?
>
> surely you've already found the issue where ipset had been disabled previously:
> https://bugs.openvz.org/browse/OVZ-5736
>
> So currently you cannot use ipset inside Containers.
>
> What can you do now? You have 2 options:
>
> 1) just remove the patch which disables ipset managing inside Containers which
> was added in that bug, and you'll be able to manage ipset inside ALL Containers
> on the Hardware Node.
> Patch attached, just in case.
>
> 2) basing on the patch provided (so you know all the places you need fix), you
> can implement a feature to enable the ipset management for the defined list of
> CTs only, and send us patches.
>
> Hope that helps.
>
> --
> Best regards,
>
> Konstantin Khorenko,
> Virtuozzo Linux Kernel Team
More information about the Users
mailing list