]>
Commit | Line | Data |
---|---|---|
94ddf9c9 JR |
1 | --- xen-4.1.0-orig/tools/hotplug/Linux/vif-bridge 2008-08-22 10:49:07.000000000 +0100 |
2 | +++ xen-4.1.0-new/tools/hotplug/Linux/vif-bridge 2008-08-29 11:29:38.000000000 +0100 | |
3 | @@ -96,10 +96,6 @@ case "$command" in | |
4 | ;; | |
5 | esac | |
6 | ||
7 | -if [ "$type_if" = vif ]; then | |
8 | - handle_iptable | |
9 | -fi | |
10 | - | |
11 | log debug "Successful vif-bridge $command for $dev, bridge $bridge." | |
12 | if [ "$type_if" = vif -a "$command" = "online" ] | |
13 | then | |
14 | --- xen-3.3.0-orig/tools/hotplug/Linux/xen-network-common.sh 2008-08-22 10:49:07.000000000 +0100 | |
15 | +++ xen-3.3.0-new/tools/hotplug/Linux/xen-network-common.sh 2008-08-29 11:29:38.000000000 +0100 | |
16 | @@ -99,6 +99,13 @@ create_bridge () { | |
17 | brctl addbr ${bridge} | |
18 | brctl stp ${bridge} off | |
19 | brctl setfd ${bridge} 0 | |
20 | + # Setting these to zero stops guest<->LAN traffic | |
21 | + # traversing the bridge from hitting the *tables | |
22 | + # rulesets. guest<->host traffic still gets processed | |
23 | + # by the host's iptables rules so this isn't a hole | |
24 | + sysctl -q -w "net.bridge.bridge-nf-call-arptables=0" | |
25 | + sysctl -q -w "net.bridge.bridge-nf-call-ip6tables=0" | |
26 | + sysctl -q -w "net.bridge.bridge-nf-call-iptables=0" | |
27 | fi | |
28 | } | |
29 |