On 1/18/19 10:34 AM, mark wrote:
Does someone have a link to a how-to-do-it with firewalld, not "disable
firewalld and use iptables"?
Are you trying to filter the packets crossing the bridge device?
If so, you should need three files:
1. /etc/dracut.conf.d/br_netfilter.conf:
add_drivers+=" br_netfilter"
2. /etc/modprobe.d/br_netfilter.conf:
softdep bridge post: br_netfilter
3. /etc/sysctl.d/90-br_netfilter.conf:
# Enable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 1
You'll want to rebuild your initrd so that br_netfilter is included and
loaded at boot. From there, filtering the bridge is the same as
filtering FORWARD rules, generally (IIRC).
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
