I want to apply iptable rules to a particular cgroup classid and Iam running into problems. After creating a classid I couldnt proceed further with iptables. # echo 0x100001 > /sys/fs/cgroup/net_cls/0/net_cls.classid # cat /sys/fs/cgroup/net_cls/0/net_cls.classid 1048577 # iptables -t filter -A OUTPUT -m cgroup ! --cgroup 0x100001 -j DROP iptables: No chain/target/match by that name. # iptables -A OUTPUT -m cgroup ! --cgroup 0x100001 -j DROP iptables: No chain/target/match by that name. what I have : # cat /proc/net/ip_tables_targets ULOG REJECT REDIRECT NETMAP MASQUERADE LOG DNAT SNAT ERROR TCPMSS TTL # cat /proc/net/ip_tables_matches u32 time string state pkttype physdev owner helper conntrack conntrack conntrack icmp tcpmss multiport length iprange hashlimit udplite udp tcp What am I missing ? Please comment. Thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
