[pve-devel] loading nf_conntrack_ftp module by default ?
Alexandre DERUMIER
aderumier at odiso.com
Mon May 19 12:43:04 CEST 2014
>>Users already complain, so it is maybe better to do not autoload that for now.
Maybe, can we simply add an helper section|options, in cluster.fw ?
ftp_helper :1|0
other_helper : 1|0
?
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER" <aderumier at odiso.com>, "Daniel Hunsaker" <danhunsaker at gmail.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Lundi 19 Mai 2014 12:35:52
Objet: RE: [pve-devel] loading nf_conntrack_ftp module by default ?
> >>It's probably a negligible difference in overhead and so forth, but it might be
> nice to only load the module if FTP rules actually exist. I, for one, never plan to
> support FTP in particular on my servers. Maybe a >>future optimization, at least?
>
> with kernel 3.10, we can autoload module with a simple rule
>
> iptables -A PREROUTING -t raw -p tcp --dport 21 -j CT --helper ftp
Users already complain, so it is maybe better to do not autoload that for now.
More information about the pve-devel
mailing list