Commits
Cyrill Gorcunov authored and Pavel Emelyanov committed 2cf066b2d96
netfilter: Do not create NAT rules if not allowed In case if NAT is not allowed in particular VE we just drop the creation of tuples for such VE (this way dropping this functionality). Note that there is no need for setting up VE_NF_CONNTRACK_MOD in nf_conntrack_net_init. We are going to get rid of module dependency checking by completely switch to net-namespace functionality. Signed-off-by: Cyrill Gorcunov <gorcunov@openvz.org> Signed-off-by: Pavel Emelyanov <xemul@openvz.org>