Hello,
using nft from nftables, I created some IP filter rules inside a
partially virtualized (Linux Vserver, www.linux-vserver.org) machine.
Almost all rules are working as desired, but rules that need connection
tracking helpers, like ftp and tftp, do not . some ip packets are
blocked though they should be allowed. As the same tftp rules - I am
sure that I made no mistake - work on a real host, there is probably
some requirement for these helpers to work correctly and that is not
fulfilled inside a Vserver.
Any suggestion what this requirement is and how it can be fulfilled?
Maybe adding some Linux capability . Vservers have only a restricted set
of capabiliies?
Kind regards
Christoph
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
