On Tue, 3 Jan 2012 14:26:04 +0100 Richard Weinberger <richard@xxxxxx> wrote: > If net.bridge.bridge-nf-call-iptables or net.bridge.bridge-nf-call-ip6tables > are set to zero xt_physdev has no effect because skb->nf_bridge has not been set up. > > Signed-off-by: Richard Weinberger <richard@xxxxxx> I am not sure if this is a valid configuration. The setting of sysctl is saying "don't do iptables on bridge (since I won't be using it)" and then you are later doing iptables and expecting the settings as if the iptables setup was being done. Instead, you should just enable the net.bridge.bridge-nf-call-iptables sysctl. If a distro chooses to disable it then you may have to do it explicitly. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
