On Mon, 15 Sep 2008, Simon Horman wrote:
Well, it would be a problem if it gets DNATed a second time.
Are you just being really safe? Are you trying to prevent someone from adding DNAT rules to OUTPUT?
Would it be better (as much as possible) for LVS to appear to be just another netfilter module, in which case if someone wants to DNAT in OUTPUT, this should be allowed (whether it's sensible or not). Currently LVS-NAT doesn't allow SNAT on OUTPUT, which no-one thought about when LVS-NAT was first written and it turns out to be useful.
Joe -- Joseph Mack NA3T EME(B,D), FM05lw North Carolina jmack (at) wm7d (dot) net - azimuthal equidistant map generator at http://www.wm7d.net/azproj.shtml Homepage http://www.austintek.com/ It's GNU/Linux! -- To unsubscribe from this list: send the line "unsubscribe lvs-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
