[pve-devel] sysctl warnings with new kernel

Dietmar Maurer dietmar at proxmox.com
Tue Dec 17 09:30:30 CET 2013


> >>The patch does not really mention why we need this?
> >>https://git.proxmox.com/?p=pve-
> cluster.git;a=blob;f=debian/sysctl.conf;hb=501839cac97f68d4dcba21df6fb3797
> b976e9e56
> >>How can we avoid that warning?
> 
> If I remember, by default netfilter is running on bridge. (without any rules).
> And I had problem with packets dropped, because of too much traffic.
> 
> They are also security problem if it's enabled by default
> see here : https://bugzilla.redhat.com/show_bug.cgi?id=512206

But it does not work with new kernel, so

/proc/sys/net/bridge/bridge-nf-call-iptables
/proc/sys/net/bridge/bridge-nf-call-ip6tables
/proc/sys/net/bridge/bridge-nf-call-arptables

those values are set to 1 after boot!


More information about the pve-devel mailing list