]>
Commit | Line | Data |
---|---|---|
32d7e160 JB |
1 | --- xen-4.5.1/tools/hotplug/Linux/vif-bridge.orig 2015-10-01 17:51:47.613981230 +0200 |
2 | +++ xen-4.5.1/tools/hotplug/Linux/vif-bridge 2015-10-01 17:51:51.330647734 +0200 | |
3 | @@ -93,8 +93,6 @@ | |
94ddf9c9 JR |
4 | ;; |
5 | esac | |
6 | ||
32d7e160 | 7 | -handle_iptable |
94ddf9c9 | 8 | - |
bf4f47e8 JK |
9 | call_hooks vif post |
10 | ||
94ddf9c9 | 11 | log debug "Successful vif-bridge $command for $dev, bridge $bridge." |
a61f3252 JB |
12 | --- xen-4.14.3/tools/hotplug/Linux/xen-network-common.sh.orig 2021-11-06 16:48:34.064333399 +0100 |
13 | +++ xen-4.14.3/tools/hotplug/Linux/xen-network-common.sh 2021-11-06 16:52:40.099667177 +0100 | |
14 | @@ -118,6 +118,13 @@ create_bridge () { | |
15 | else | |
16 | ip link add name ${bridge} type bridge stp_state 0 forward_delay 0 | |
17 | fi | |
94ddf9c9 JR |
18 | + # Setting these to zero stops guest<->LAN traffic |
19 | + # traversing the bridge from hitting the *tables | |
20 | + # rulesets. guest<->host traffic still gets processed | |
21 | + # by the host's iptables rules so this isn't a hole | |
22 | + sysctl -q -w "net.bridge.bridge-nf-call-arptables=0" | |
23 | + sysctl -q -w "net.bridge.bridge-nf-call-ip6tables=0" | |
24 | + sysctl -q -w "net.bridge.bridge-nf-call-iptables=0" | |
25 | fi | |
26 | } | |
27 |