--- /dev/null
+--- xen-4.1.0-orig/tools/hotplug/Linux/vif-bridge 2008-08-22 10:49:07.000000000 +0100
++++ xen-4.1.0-new/tools/hotplug/Linux/vif-bridge 2008-08-29 11:29:38.000000000 +0100
+@@ -96,10 +96,6 @@ case "$command" in
+ ;;
+ esac
+
+-if [ "$type_if" = vif ]; then
+- handle_iptable
+-fi
+-
+ log debug "Successful vif-bridge $command for $dev, bridge $bridge."
+ if [ "$type_if" = vif -a "$command" = "online" ]
+ then
+--- xen-3.3.0-orig/tools/hotplug/Linux/xen-network-common.sh 2008-08-22 10:49:07.000000000 +0100
++++ xen-3.3.0-new/tools/hotplug/Linux/xen-network-common.sh 2008-08-29 11:29:38.000000000 +0100
+@@ -99,6 +99,13 @@ create_bridge () {
+ brctl addbr ${bridge}
+ brctl stp ${bridge} off
+ brctl setfd ${bridge} 0
++ # Setting these to zero stops guest<->LAN traffic
++ # traversing the bridge from hitting the *tables
++ # rulesets. guest<->host traffic still gets processed
++ # by the host's iptables rules so this isn't a hole
++ sysctl -q -w "net.bridge.bridge-nf-call-arptables=0"
++ sysctl -q -w "net.bridge.bridge-nf-call-ip6tables=0"
++ sysctl -q -w "net.bridge.bridge-nf-call-iptables=0"
+ fi
+ }
+
Patch9: xend.empty.xml.patch
Patch10: xend-pci-loop.patch
Patch11: xen-dumpdir.patch
+Patch12: xen-net-disable-iptables-on-bridge.patch
# stubdom patch
Patch100: grub-ext4-support.patch
URL: http://www.cl.cam.ac.uk/Research/SRG/netos/xen/index.html
%patch9 -p1
%patch10 -p1
%patch11 -p1
+%patch12 -p1
%{__rm} -v tools/check/*.orig