|
On Wed, Aug 27, 2003 at 01:17:33PM -0400, Joseph Mack wrote:
> Horms wrote:
>
> > > If IPVS likes the packets (according to the virtual server
> > > definition) he can grab them, else they go in their own way.
> > > I do not see other gains for the user settings by removing the
> > > local delivery.
>
> While you're rearranging everything, will you be able to have firewall
> rules at the same time (ie handle the Antefacto patch problem)?
Generally speaking you can have neftfilter rules in place.
One of the cood things about having LVS where it is (LOCAL IN)
is that a lot of the netfilter hooks get passed through
on a packets journey to LVS. I must confess that I have not
played with this heavily but isn't the main problem that
you can't use connection tracking because LVS does its own.
Isn't this the problem that the antefacto patches address?
--
Horms
|
