It only reduces the constant time overhead per rule a bit, so it doesn't help for short rule sets.
Totally understand what you mean. I'm saying their access should be only to a virtual netfilter...
-
-
...running in userspace as the uid that created the container with no special access to real kernel.
-
Virtual machines would end up being faster. Really hoping that https://lwn.net/Articles/644675/ … is a success.
-
I don't think so, and they seriously require kernel-level facilities (MMU virtualization).
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.