> Von: lxc-users [mailto:lxc-users-boun...@lists.linuxcontainers.org] Im
> Auftrag von Fajar A. Nugraha
>
> On Wed, Mar 11, 2015 at 8:03 PM, Fiedler Roman
> wrote:
> > But the current issue is different: The guest can snoop on the NFLOG
> messages
> > generated on host and destined for the host a
> Von: lxc-users [mailto:lxc-users-boun...@lists.linuxcontainers.org] Im
> Auftrag
>
> On Wed, Mar 11, 2015 at 7:02 PM, Fiedler Roman
> wrote:
> > This should be exactly the configuration I have tested so far. But that
> > did
> > not yet solve my problem ...
> >
> > * If some process in guest
On Wed, Mar 11, 2015 at 8:03 PM, Fiedler Roman wrote:
> But the current issue is different: The guest can snoop on the NFLOG messages
> generated on host and destined for the host and hence can get knowledge of ANY
> NFLOGed connection of host or any guest, no matter if on same bridge or
> another
> Von: lxc-users [mailto:lxc-users-boun...@lists.linuxcontainers.org] Im
> Auftrag
>
> On Wed, Mar 11, 2015 at 7:22 PM, Fajar A. Nugraha wrote:
> > On Wed, Mar 11, 2015 at 7:02 PM, Fiedler Roman
> wrote:
> >> This should be exactly the configuration I have tested so far. But that
> >> did
> >>
On Wed, Mar 11, 2015 at 7:22 PM, Fajar A. Nugraha wrote:
> On Wed, Mar 11, 2015 at 7:02 PM, Fiedler Roman
> wrote:
>> This should be exactly the configuration I have tested so far. But that did
>> not yet solve my problem ...
>>
>> * If some process in guest registers for the same NFLOG queue,
On Wed, Mar 11, 2015 at 7:02 PM, Fiedler Roman wrote:
> This should be exactly the configuration I have tested so far. But that did
> not yet solve my problem ...
>
> * If some process in guest registers for the same NFLOG queue, he can "steal"
> the messages from the host queue, thus removing tr
> Von: lxc-users [mailto:lxc-users-boun...@lists.linuxcontainers.org] Im
> Auftrag
>
> On Wed, Mar 11, 2015 at 5:48 PM, Fiedler Roman
> wrote:
> > Hello list,
> >
> > Has someone managed to get reliable network traffic auditing with LXC up
> and
> > running? That means, that it is possible to wri
On Wed, Mar 11, 2015 at 5:48 PM, Fiedler Roman wrote:
> Hello list,
>
> Has someone managed to get reliable network traffic auditing with LXC up and
> running? That means, that it is possible to write a protocol of e.g. every
> new connection from and to host.
>
> On my setup (Ubuntu Trusty), both
Hello list,
Has someone managed to get reliable network traffic auditing with LXC up and
running? That means, that it is possible to write a protocol of e.g. every
new connection from and to host.
On my setup (Ubuntu Trusty), both host and guest may have different iptables
rulesets. But the guest