Disable netfilter on all bridges per default

author Jonatan Schlag <jonatan.schlag@ipfire.org>

Sat, 11 Mar 2017 08:10:39 +0000 (09:10 +0100)

committer Michael Tremer <michael.tremer@ipfire.org>

Sat, 11 Mar 2017 10:08:16 +0000 (10:08 +0000)
author Jonatan Schlag <jonatan.schlag@ipfire.org>
Sat, 11 Mar 2017 08:10:39 +0000 (09:10 +0100)
committer Michael Tremer <michael.tremer@ipfire.org>
Sat, 11 Mar 2017 10:08:16 +0000 (10:08 +0000)
diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf

index e2e3d81b032ab1877e6c76e0136b8be165b23775..ad562404fb5f92857f8b4186cff40da57d28811c 100644 (file)
--- a/config/etc/sysctl.conf
+++ b/config/etc/sysctl.conf
@@ -34,3 +34,8 @@ net.ipv6.conf.default.disable_ipv6 = 1
  
  # Enable netfilter accounting
  net.netfilter.nf_conntrack_acct=1
+
+# Disable netfilter on bridges.
+net.bridge.bridge-nf-call-ip6tables = 0
+net.bridge.bridge-nf-call-iptables = 0
+net.bridge.bridge-nf-call-arptables = 0
diff --git a/config/rootfiles/core/110/filelists/files b/config/rootfiles/core/110/filelists/files

index b996e48aa4481fa133317346931001467aee2107..f06b6d5de5cdadf4c8cdcf931a9eeffd549426ce 100644 (file)
--- a/config/rootfiles/core/110/filelists/files
+++ b/config/rootfiles/core/110/filelists/files
@@ -2,6 +2,7 @@ etc/system-release
  etc/issue
  etc/httpd/conf/server-tuning.conf
  etc/rc.d/init.d/unbound
+etc/sysctl.conf
  srv/web/ipfire/cgi-bin/index.cgi
  srv/web/ipfire/cgi-bin/vpnmain.cgi
  usr/lib/libssp.so.0
author	Jonatan Schlag <jonatan.schlag@ipfire.org>
	Sat, 11 Mar 2017 08:10:39 +0000 (09:10 +0100)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Sat, 11 Mar 2017 10:08:16 +0000 (10:08 +0000)
config/etc/sysctl.conf		patch \| blob \| blame \| history
config/rootfiles/core/110/filelists/files		patch \| blob \| blame \| history