[pve-devel] [PATCH] disable iptables filter on bridge
Lars Wilke
lw at lwilke.de
Wed Mar 7 12:03:56 CET 2012
Hi,
sorry if this is a dumb question, but what happens with this patch applied when
i use i.e. shorewall to filter on a bridge (vmbrXY)?
Thanks
--lars
* Derumier Alexandre wrote:
>
> Signed-off-by: Derumier Alexandre <aderumier at odiso.com>
> ---
> debian/rules | 1 +
> debian/sysctl.conf | 4 ++++
> 2 files changed, 5 insertions(+), 0 deletions(-)
> create mode 100644 debian/sysctl.conf
>
> diff --git a/debian/rules b/debian/rules
> index a999d9b..a433c17 100755
> --- a/debian/rules
> +++ b/debian/rules
> @@ -26,6 +26,7 @@ override_dh_install:
> # we do not install this, because we don't want to break
> # existing tools which parse syslog entries
> #install -m 0644 -D debian/pve-rsyslog.conf debian/pve-cluster/etc/rsyslog.d/pve-rsyslog.conf
> + install -m 0644 -D debian/sysctl.conf debian/pve-cluster/etc/sysctl.d/pve.conf
>
> override_dh_installinit:
>
> diff --git a/debian/sysctl.conf b/debian/sysctl.conf
> new file mode 100644
> index 0000000..59bfce5
> --- /dev/null
> +++ b/debian/sysctl.conf
> @@ -0,0 +1,4 @@
> +net.bridge.bridge-nf-call-ip6tables = 0
> +net.bridge.bridge-nf-call-iptables = 0
> +net.bridge.bridge-nf-call-arptables = 0
> +net.bridge.bridge-nf-filter-vlan-tagged = 0
> --
> 1.7.2.5
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
More information about the pve-devel
mailing list