| Message ID | ce794ec8-c1a1-a81c-22fa-73927ae4ce67@ncentric.com |
|---|---|
| State | Rejected |
| Headers | show |
On 2016-08-23 12:36, Koen Vandeputte wrote: > Since kernel 3.18, br_netfilter is not loaded by default on boot > > As <3.18 kernels are not supported anymore in LEDE, > these settings are useless. > > This also removes the following bootprint whining about it: > > bridge: automatic filtering via arp/ip/ip6tables has been deprecated. > Update your scripts to load br_netfilter if you need this. When the package is installed, br_netfilter is loaded on boot. Since the ebtables module depends on br_netfilter, this could still lead to unwanted cases of netfilter calls from the bridge layer. Also, I don't see how this affects the boot time message at all, I don't see any condition in the kernel code. NACK from me on this one... - Felix
diff --git a/package/base-files/files/etc/sysctl.conf b/package/base-files/files/etc/sysctl.conf index 91a3ac9..9ddfe0e 100644 --- a/package/base-files/files/etc/sysctl.conf +++ b/package/base-files/files/etc/sysctl.conf @@ -23,8 +23,3 @@ net.netfilter.nf_conntrack_max=16384 net.netfilter.nf_conntrack_tcp_timeout_established=7440 net.netfilter.nf_conntrack_udp_timeout=60 net.netfilter.nf_conntrack_udp_timeout_stream=180 - -# disable bridge firewalling by default -net.bridge.bridge-nf-call-arptables=0 -net.bridge.bridge-nf-call-ip6tables=0 -net.bridge.bridge-nf-call-iptables=0
Since kernel 3.18, br_netfilter is not loaded by default on boot As <3.18 kernels are not supported anymore in LEDE, these settings are useless. This also removes the following bootprint whining about it: bridge: automatic filtering via arp/ip/ip6tables has been deprecated. Update your scripts to load br_netfilter if you need this. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com>