Re: [PATCH] netfilter: Fix br_nf_pre_routing() in conjunction with bridge-nf-call-ip(6)tables=0
From: Stephen Hemminger <hidden>
Date: 2012-01-03 16:15:28
Also in:
bridge, lkml, netfilter-devel
From: Stephen Hemminger <hidden>
Date: 2012-01-03 16:15:28
Also in:
bridge, lkml, netfilter-devel
On Tue, 3 Jan 2012 14:26:04 +0100 Richard Weinberger [off-list ref] wrote:
If net.bridge.bridge-nf-call-iptables or net.bridge.bridge-nf-call-ip6tables are set to zero xt_physdev has no effect because skb->nf_bridge has not been set up. Signed-off-by: Richard Weinberger <richard@nod.at>
I am not sure if this is a valid configuration. The setting of sysctl is saying "don't do iptables on bridge (since I won't be using it)" and then you are later doing iptables and expecting the settings as if the iptables setup was being done. Instead, you should just enable the net.bridge.bridge-nf-call-iptables sysctl. If a distro chooses to disable it then you may have to do it explicitly.