|
Hi,
What is it you really want to achieve?
Inbound should be allowed through (that's why you set up lvs in the
first place). If you want to block outbound connections you can do it
even without conntrack by blocking outbound SYNs.
Regards
Bgs
Siim Põder wrote:
> Yo!
>
> I'll ask again, as I think someone might yet have an opinion on this:
>
> Would it make sense in having a netfilter match that would look up
> connections on ipvs connection table? That would allow for filtering
> outbound packets in FORWARD without having to export the connections to
> conntrack and for a more consistent action as the outbound check would
> be the same as the inbound check (based on ipvs knowledge of the
> connection).
>
> And also, are there maybe peculiarities of ipvs connection tables that
> would make this infeasible? I'd be willing to look into it, if there was
> some opinion of it making sense.
>
> Siim
>
>
> _______________________________________________
> LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
> Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
> or go to http://lists.graemef.net/mailman/listinfo/lvs-users
>
|
