Leonardo Bras <leonardo@xxxxxxxxxxxxx> wrote: > > There are two solutions: > > 1. The above patch, but use NF_ACCEPT instead > > 2. keep the DROP, but move it below the call_ip6tables test, > > so that users can tweak call-ip6tables to accept packets. > > Q: Does 2 mean that it will only be dropped if bridge intents to use > host's ip6tables? Else, it will be accepted by previous if? Yes, thats the idea: Let users decide if ipv6.disable or call-ip6tables is more important to them.
