On Sunday, August 25, 2013 01:11:20 PM Mateusz Marzantowicz wrote: > > Take a look at > > > > > > > > http://wiki.libvirt.org/page/Networking#Fedora.2FRHEL_Bridging > > https://bugzilla.redhat.com/show_bug.cgi?id=512206 > > > > > > > > I believe the default now is to set the following to disable netfiltering > > > > traffic for the bridge: > > > > > > sysctl > > > > net.bridge.bridge-nf-call-ip6tables = 0 > > net.bridge.bridge-nf-call-iptables = 0 > > net.bridge.bridge-nf-call-arptables = 0 > > > > > > Then your firewall only needs to consider p3p1. The hosts on the VM side > > of the bridge will need their own firewalls. -A > > > > > > > > > > Thanks, now I understand what is going on there but I've encountered > another problem. I've net.* entries in /etc/sysctl.conf that you > mentioned above but they're not applied on system startup (or they're > changes later by something - maybe firewalld?). I have to run sysctl > manually. This may be because of the way systemd now handles sysctl.conf. On a fresh Fedora 19 install, my /etc/sysctl.conf reads: # System default settings live in /usr/lib/sysctl.d/00-system.conf. # To override those settings, enter new settings here, or in an /etc/sysctl.d/<name>.conf file # # For more information, see sysctl.conf(5) and sysctl.d(5). For me, I didn't need to do anything special, since https://bugzilla.redhat.com/show_bug.cgi?id=512206 has been the default for a while. -A -- Anthony - http://messinet.com - http://messinet.com/~amessina/gallery 8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
Attachment:
signature.asc
Description: This is a digitally signed message part.
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
