Hello, I've noticed that when creating a new network namespace (using the lxc tools) that ipsets (userspace v6.11 on kernel 3.3.1) are still global, i.e. an ipset created in the container is visible in the host and vice versa. Iptables rulesets, however, are isolated. Is this an as of yet unimplemented feature or a conscious design decision? Thanks, gvs -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
