OpenVZ Forum


Home » General » Support » ipt_recent is now missing?
Re: ipt_recent is now missing? [message #28759 is a reply to message #28754] Fri, 28 March 2008 05:34 Go to previous messageGo to previous message
vaverin is currently offline  vaverin
Messages: 708
Registered: September 2005
Senior Member
Matt,

in 2.6.18 kernels we have changed iptables support and now all targets/matches loaded on the node are accessible inside VE.

But all targets and matches should be accessible inside VE, I've checked it on your node: Wink

[root@vz18 ~]# vzctl exec 122 cat /proc/net/ip_tables_matches
Warning: Unknown iptable module: ipt_recent, skipped
Warning: Unknown iptable module: ipt_recent, skipped
udp
tcp
recent <<<<<<< Smile
helper
state
conntrack
length
ttl
tcpmss
tos
multiport
multiport
limit
icmp


Warning is produced by vzctl, it knows nothing about this module. Just remove this module from per-ve IPTABLES variable.

Also I would note that semantic of IPTABLES variable in ve.conf was changed: now you are not need to add any new target/matches into default list.

Via per-ve IPTABLES variable you can restrict now only access to tables and disable conntarcks inside VE:
ipv4 filter and mangle
ipv6 filter and mangle
nat
conntracks
other known modules siletly ignored, but unknown are generates warning message.

How do you mean is it correct or we need to change something?

thank you,
Vasily Averin

Report message to a moderator

[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Services inside container very slow to start
Next Topic: netmask and broadcast addresses
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Sun Feb 15 19:34:58 GMT 2026

Total time taken to generate the page: 0.79568 seconds
Powered by FUDforum Powered by Virtuozzo Containers