diff options
author | Nicolas Fort <nicolasfort1988@gmail.com> | 2024-07-24 17:40:28 +0000 |
---|---|---|
committer | Nicolas Fort <nicolasfort1988@gmail.com> | 2024-08-01 13:25:39 -0300 |
commit | a8a9cfe750da719605ab90ce8c83c42276ab07f3 (patch) | |
tree | abbb27d6b224a216bf9f19eecfa233d6f72d97ba /src/etc/sysctl.d | |
parent | 7a18c719df1b3f2515baff8bdecc8784f1d935b1 (diff) | |
download | vyos-1x-a8a9cfe750da719605ab90ce8c83c42276ab07f3.tar.gz vyos-1x-a8a9cfe750da719605ab90ce8c83c42276ab07f3.zip |
T6570: firewall: add global-option to configure sysctl parameter for enabling/disabling sending traffic from bridge layer to ipvX layer
Diffstat (limited to 'src/etc/sysctl.d')
-rw-r--r-- | src/etc/sysctl.d/30-vyos-router.conf | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/etc/sysctl.d/30-vyos-router.conf b/src/etc/sysctl.d/30-vyos-router.conf index c9b8ef8fe..76be41ddc 100644 --- a/src/etc/sysctl.d/30-vyos-router.conf +++ b/src/etc/sysctl.d/30-vyos-router.conf @@ -110,3 +110,8 @@ net.ipv6.conf.all.seg6_enabled = 0 net.ipv6.conf.default.seg6_enabled = 0 net.vrf.strict_mode = 1 + +# https://vyos.dev/T6570 +# By default, do not forward traffic from bridge to IPvX layer +net.bridge.bridge-nf-call-iptables = 0 +net.bridge.bridge-nf-call-ip6tables = 0
\ No newline at end of file |