1 --- xen-4.5.1/tools/hotplug/Linux/vif-bridge.orig 2015-10-01 17:51:47.613981230 +0200
2 +++ xen-4.5.1/tools/hotplug/Linux/vif-bridge 2015-10-01 17:51:51.330647734 +0200
11 log debug "Successful vif-bridge $command for $dev, bridge $bridge."
12 diff -dur -x '*.orig' -x '*.rej' -x '*~' xen-4.2.0.orig/tools/hotplug/Linux/xen-network-common.sh xen-4.2.0/tools/hotplug/Linux/xen-network-common.sh
13 --- xen-4.2.0.orig/tools/hotplug/Linux/xen-network-common.sh 2012-09-17 12:21:18.000000000 +0200
14 +++ xen-4.2.0/tools/hotplug/Linux/xen-network-common.sh 2012-10-22 13:05:02.000000000 +0200
17 brctl stp ${bridge} off
18 brctl setfd ${bridge} 0
19 + # Setting these to zero stops guest<->LAN traffic
20 + # traversing the bridge from hitting the *tables
21 + # rulesets. guest<->host traffic still gets processed
22 + # by the host's iptables rules so this isn't a hole
23 + sysctl -q -w "net.bridge.bridge-nf-call-arptables=0"
24 + sysctl -q -w "net.bridge.bridge-nf-call-ip6tables=0"
25 + sysctl -q -w "net.bridge.bridge-nf-call-iptables=0"