]>
Commit | Line | Data |
---|---|---|
bf4f47e8 JK |
1 | diff -dur -x '*.orig' -x '*.rej' -x '*~' xen-4.2.0.orig/tools/hotplug/Linux/vif-bridge xen-4.2.0/tools/hotplug/Linux/vif-bridge |
2 | --- xen-4.2.0.orig/tools/hotplug/Linux/vif-bridge 2012-09-17 12:21:18.000000000 +0200 | |
3 | +++ xen-4.2.0/tools/hotplug/Linux/vif-bridge 2012-10-22 13:05:43.000000000 +0200 | |
4 | @@ -101,10 +101,6 @@ | |
94ddf9c9 JR |
5 | ;; |
6 | esac | |
7 | ||
8 | -if [ "$type_if" = vif ]; then | |
9 | - handle_iptable | |
10 | -fi | |
11 | - | |
bf4f47e8 JK |
12 | call_hooks vif post |
13 | ||
94ddf9c9 | 14 | log debug "Successful vif-bridge $command for $dev, bridge $bridge." |
bf4f47e8 JK |
15 | diff -dur -x '*.orig' -x '*.rej' -x '*~' xen-4.2.0.orig/tools/hotplug/Linux/xen-network-common.sh xen-4.2.0/tools/hotplug/Linux/xen-network-common.sh |
16 | --- xen-4.2.0.orig/tools/hotplug/Linux/xen-network-common.sh 2012-09-17 12:21:18.000000000 +0200 | |
17 | +++ xen-4.2.0/tools/hotplug/Linux/xen-network-common.sh 2012-10-22 13:05:02.000000000 +0200 | |
18 | @@ -115,6 +115,13 @@ | |
94ddf9c9 JR |
19 | brctl addbr ${bridge} |
20 | brctl stp ${bridge} off | |
21 | brctl setfd ${bridge} 0 | |
22 | + # Setting these to zero stops guest<->LAN traffic | |
23 | + # traversing the bridge from hitting the *tables | |
24 | + # rulesets. guest<->host traffic still gets processed | |
25 | + # by the host's iptables rules so this isn't a hole | |
26 | + sysctl -q -w "net.bridge.bridge-nf-call-arptables=0" | |
27 | + sysctl -q -w "net.bridge.bridge-nf-call-ip6tables=0" | |
28 | + sysctl -q -w "net.bridge.bridge-nf-call-iptables=0" | |
29 | fi | |
30 | } | |
31 |