Otherwise rules like below can't applied from inside CT, when the module is not loaded.
$iptables -I FORWARD -m string --string "xxxxxx" --algo kmp --to 65535 -j DROP https://jira.sw.ru/browse/PSBM-97729 Signed-off-by: Kirill Tkhai <ktk...@virtuozzo.com> (cherry picked from vz7 commit 2e3b2c332d41 ("ve/modules: Add ts_kmp to allowed modules")) Signed-off-by: Konstantin Khorenko <khore...@virtuozzo.com> --- kernel/kmod.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/kernel/kmod.c b/kernel/kmod.c index da0e72fe7de7..68aeed6587d6 100644 --- a/kernel/kmod.c +++ b/kernel/kmod.c @@ -298,6 +298,9 @@ static const char * const ve0_allowed_mod[] = { "ip_vs_sh", "ip_vs_lblcr", "ip_vs_lc", + + /* string */ + "ts_kmp", }; /* _______________________________________________ Devel mailing list Devel@openvz.org https://lists.openvz.org/mailman/listinfo/devel
