[pve-devel] loading nf_conntrack_ftp module by default ?

Alexandre DERUMIER aderumier at odiso.com
Mon May 19 12:27:05 CEST 2014


>>It's probably a negligible difference in overhead and so forth, but it might be nice to only load the module if FTP rules actually exist. I, for one, never plan to support FTP in particular on my servers. Maybe a >>future optimization, at least? 

with kernel 3.10, we can autoload module with a simple rule

iptables -A PREROUTING -t raw -p tcp --dport 21 -j CT --helper ftp


----- Mail original ----- 

De: "Daniel Hunsaker" <danhunsaker at gmail.com> 
À: "Alexandre DERUMIER" <aderumier at odiso.com> 
Cc: "Dietmar Maurer" <dietmar at proxmox.com>, pve-devel at pve.proxmox.com 
Envoyé: Lundi 19 Mai 2014 11:56:34 
Objet: Re: [pve-devel] loading nf_conntrack_ftp module by default ? 


It's probably a negligible difference in overhead and so forth, but it might be nice to only load the module if FTP rules actually exist. I, for one, never plan to support FTP in particular on my servers. Maybe a future optimization, at least? 
On May 19, 2014 3:52 AM, "Alexandre DERUMIER" < aderumier at odiso.com > wrote: 


ok, I'll send a patch this afternoon 
----- Mail original ----- 

De: "Dietmar Maurer" < dietmar at proxmox.com > 
À: "Alexandre DERUMIER" < aderumier at odiso.com > 
Cc: "pve-devel" < pve-devel at pve.proxmox.com > 
Envoyé: Lundi 19 Mai 2014 11:15:38 
Objet: RE: [pve-devel] loading nf_conntrack_ftp module by default ? 

> maybe in Firewall.pm, sub update() (which is called in run_server) ? 

I just added an init() function - please use that: 

https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff;h=8b453a09f302dd91db5c02c92da144df37503d79 
_______________________________________________ 
pve-devel mailing list 
pve-devel at pve.proxmox.com 
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel 



More information about the pve-devel mailing list