Thanks for submitting this patch.
This is the default in IPFire 3, so it makes sense to backport that behaviour to IPFire 2 as well.
Best, -Michael
On Sat, 2017-03-11 at 09:10 +0100, Jonatan Schlag wrote:
Fixes: #11301
Signed-off-by: Jonatan Schlag jonatan.schlag@ipfire.org
config/etc/sysctl.conf | 5 +++++ config/rootfiles/core/110/filelists/files | 1 + 2 files changed, 6 insertions(+)
diff --git a/config/etc/sysctl.conf b/config/etc/sysctl.conf index e2e3d81..ad56240 100644 --- a/config/etc/sysctl.conf +++ b/config/etc/sysctl.conf @@ -34,3 +34,8 @@ net.ipv6.conf.default.disable_ipv6 = 1 # Enable netfilter accounting net.netfilter.nf_conntrack_acct=1
+# Disable netfilter on bridges. +net.bridge.bridge-nf-call-ip6tables = 0 +net.bridge.bridge-nf-call-iptables = 0 +net.bridge.bridge-nf-call-arptables = 0 diff --git a/config/rootfiles/core/110/filelists/files b/config/rootfiles/core/110/filelists/files index b996e48..f06b6d5 100644 --- a/config/rootfiles/core/110/filelists/files +++ b/config/rootfiles/core/110/filelists/files @@ -2,6 +2,7 @@ etc/system-release etc/issue etc/httpd/conf/server-tuning.conf etc/rc.d/init.d/unbound +etc/sysctl.conf srv/web/ipfire/cgi-bin/index.cgi srv/web/ipfire/cgi-bin/vpnmain.cgi usr/lib/libssp.so.0