[pve-devel] disabling iptables on bridge by default (like rhel6 and rhev) ?
Alexandre DERUMIER
aderumier at odiso.com
Wed Mar 7 08:09:55 CET 2012
Hi,
RHEL6 and RHEV3 disable iptables filter on bridge by default
/etc/sysctl.conf
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
net.bridge.bridge-nf-filter-vlan-tagged = 0
I think it's a good idea, as last year I have networks problems on bridge with many vm and many connections.
The bridge table can be easily filled to saturation then network stop respond in the VM.
iptables on bridge is use to filter network between vms on the same bridge.
I use these parameters since 1 year now, witthout any problem.
What do you think about it ?
- Alexandre
More information about the pve-devel
mailing list