Hi,
I have recently upgraded the kernel (2.6.32-042stab061.2 -> 2.6.32-042stab094.7) and I was affected by the connection tracking issue described in this bug - hxxps://bugzilla.openvz.org/show_bug.cgi?id=2755
I currently use firewall rules that allows per-container configuration with connection tracking disabled so I can't use stateful IPtable rules so my question is what's the best way to configure firewall on host in that case?
# cat /sys/module/nf_conntrack/parameters/ip_conntrack_disable_ve0
1