On Mon, 15 Sep 2008, Simon Horman wrote:
Well, it would be a problem if it gets DNATed a second time.
Are you just being really safe? Are you trying to prevent
someone from adding DNAT rules to OUTPUT?
Would it be better (as much as possible) for LVS to appear
to be just another netfilter module, in which case if
someone wants to DNAT in OUTPUT, this should be allowed
(whether it's sensible or not). Currently LVS-NAT doesn't
allow SNAT on OUTPUT, which no-one thought about when
LVS-NAT was first written and it turns out to be useful.
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
To unsubscribe from this list: send the line "unsubscribe lvs-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html