[PATCH] x86/64: Iptables seems to lack support for cgroup v2
Supriya Mane
sm.supriya at globaledgesoft.com
Tue Mar 9 08:58:52 GMT 2021
FS#3574
Adding cgroup support enables adding rules on processes
to limit resources in terms of iptable policies
Signed-off-by: Supriya Mane <sm.supriya at globaledgesoft.com>
---
include/netfilter.mk | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/netfilter.mk b/include/netfilter.mk
index 889beb7a98..e0d9c5a197 100644
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -97,6 +97,7 @@ $(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_ADDRTYPE, $(if $(NF_KMO
$(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_OWNER, $(P_XT)xt_owner))
$(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_PKTTYPE, $(P_XT)xt_pkttype))
$(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_QUOTA, $(P_XT)xt_quota))
+$(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_CGROUP, $(P_XT)xt_cgroup))
#$(eval $(call nf_add,IPT_EXTRA,CONFIG_IP_NF_TARGET_ROUTE, $(P_V4)ipt_ROUTE))
--
2.17.1
--
Disclaimer:This message is intended only for the designated recipient(s).
It may contain confidential or proprietary information and may be subject
to other confidentiality protections. If you are not a designated
recipient, you may not review, copy or distribute this message. Please
notify the sender by e-mail and delete this message. GlobalEdge does not
accept any liability for virus infected mails.
More information about the openwrt-devel
mailing list