1 --- xen-4.1.0-orig/tools/hotplug/Linux/vif-bridge 2008-08-22 10:49:07.000000000 +0100
2 +++ xen-4.1.0-new/tools/hotplug/Linux/vif-bridge 2008-08-29 11:29:38.000000000 +0100
3 @@ -96,10 +96,6 @@ case "$command" in
7 -if [ "$type_if" = vif ]; then
11 log debug "Successful vif-bridge $command for $dev, bridge $bridge."
12 if [ "$type_if" = vif -a "$command" = "online" ]
14 --- xen-3.3.0-orig/tools/hotplug/Linux/xen-network-common.sh 2008-08-22 10:49:07.000000000 +0100
15 +++ xen-3.3.0-new/tools/hotplug/Linux/xen-network-common.sh 2008-08-29 11:29:38.000000000 +0100
16 @@ -99,6 +99,13 @@ create_bridge () {
18 brctl stp ${bridge} off
19 brctl setfd ${bridge} 0
20 + # Setting these to zero stops guest<->LAN traffic
21 + # traversing the bridge from hitting the *tables
22 + # rulesets. guest<->host traffic still gets processed
23 + # by the host's iptables rules so this isn't a hole
24 + sysctl -q -w "net.bridge.bridge-nf-call-arptables=0"
25 + sysctl -q -w "net.bridge.bridge-nf-call-ip6tables=0"
26 + sysctl -q -w "net.bridge.bridge-nf-call-iptables=0"