[pve-devel] loading nf_conntrack_ftp module by default ?
Alexandre DERUMIER
aderumier at odiso.com
Mon May 19 12:27:05 CEST 2014
>>It's probably a negligible difference in overhead and so forth, but it might be nice to only load the module if FTP rules actually exist. I, for one, never plan to support FTP in particular on my servers. Maybe a >>future optimization, at least?
with kernel 3.10, we can autoload module with a simple rule
iptables -A PREROUTING -t raw -p tcp --dport 21 -j CT --helper ftp
----- Mail original -----
De: "Daniel Hunsaker" <danhunsaker at gmail.com>
À: "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: "Dietmar Maurer" <dietmar at proxmox.com>, pve-devel at pve.proxmox.com
Envoyé: Lundi 19 Mai 2014 11:56:34
Objet: Re: [pve-devel] loading nf_conntrack_ftp module by default ?
It's probably a negligible difference in overhead and so forth, but it might be nice to only load the module if FTP rules actually exist. I, for one, never plan to support FTP in particular on my servers. Maybe a future optimization, at least?
On May 19, 2014 3:52 AM, "Alexandre DERUMIER" < aderumier at odiso.com > wrote:
ok, I'll send a patch this afternoon
----- Mail original -----
De: "Dietmar Maurer" < dietmar at proxmox.com >
À: "Alexandre DERUMIER" < aderumier at odiso.com >
Cc: "pve-devel" < pve-devel at pve.proxmox.com >
Envoyé: Lundi 19 Mai 2014 11:15:38
Objet: RE: [pve-devel] loading nf_conntrack_ftp module by default ?
> maybe in Firewall.pm, sub update() (which is called in run_server) ?
I just added an init() function - please use that:
https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff;h=8b453a09f302dd91db5c02c92da144df37503d79
_______________________________________________
pve-devel mailing list
pve-devel at pve.proxmox.com
http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
More information about the pve-devel
mailing list