|
Horms wrote:
>
> > While you're rearranging everything, will you be able to have firewall
> > rules at the same time (ie handle the Antefacto patch problem)?
>
> Generally speaking you can have neftfilter rules in place.
> One of the cood things about having LVS where it is (LOCAL IN)
> is that a lot of the netfilter hooks get passed through
> on a packets journey to LVS. I must confess that I have not
> played with this heavily but isn't the main problem that
> you can't use connection tracking because LVS does its own.
> Isn't this the problem that the antefacto patches address?
haven't dealt with it myself. I thought iptables filter rules
could collide with ip_vs rules under certain circumstances.
Julian seems to understand the problem.
Ben, Vinnie, Julian, what's the problem here?
Joe
--
Joseph Mack PhD, High Performance Computing & Scientific Visualization
SAIC, Supporting the EPA Research Triangle Park, NC 919-541-0007
Federal Contact - John B. Smith 919-541-1087 - smith.johnb@xxxxxxx
|
