[pve-devel] sysctl warnings with new kernel
Dietmar Maurer
dietmar at proxmox.com
Tue Dec 17 09:30:30 CET 2013
> >>The patch does not really mention why we need this?
> >>https://git.proxmox.com/?p=pve-
> cluster.git;a=blob;f=debian/sysctl.conf;hb=501839cac97f68d4dcba21df6fb3797
> b976e9e56
> >>How can we avoid that warning?
>
> If I remember, by default netfilter is running on bridge. (without any rules).
> And I had problem with packets dropped, because of too much traffic.
>
> They are also security problem if it's enabled by default
> see here : https://bugzilla.redhat.com/show_bug.cgi?id=512206
But it does not work with new kernel, so
/proc/sys/net/bridge/bridge-nf-call-iptables
/proc/sys/net/bridge/bridge-nf-call-ip6tables
/proc/sys/net/bridge/bridge-nf-call-arptables
those values are set to 1 after boot!
More information about the pve-devel
mailing list