diff options
author | Nicolas Fort <nicolasfort1988@gmail.com> | 2024-07-24 17:40:28 +0000 |
---|---|---|
committer | Nicolas Fort <nicolasfort1988@gmail.com> | 2024-08-01 13:25:39 -0300 |
commit | a8a9cfe750da719605ab90ce8c83c42276ab07f3 (patch) | |
tree | abbb27d6b224a216bf9f19eecfa233d6f72d97ba /data/templates/firewall | |
parent | 7a18c719df1b3f2515baff8bdecc8784f1d935b1 (diff) | |
download | vyos-1x-a8a9cfe750da719605ab90ce8c83c42276ab07f3.tar.gz vyos-1x-a8a9cfe750da719605ab90ce8c83c42276ab07f3.zip |
T6570: firewall: add global-option to configure sysctl parameter for enabling/disabling sending traffic from bridge layer to ipvX layer
Diffstat (limited to 'data/templates/firewall')
-rw-r--r-- | data/templates/firewall/sysctl-firewall.conf.j2 | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/data/templates/firewall/sysctl-firewall.conf.j2 b/data/templates/firewall/sysctl-firewall.conf.j2 index b9c3311e2..119c6577b 100644 --- a/data/templates/firewall/sysctl-firewall.conf.j2 +++ b/data/templates/firewall/sysctl-firewall.conf.j2 @@ -13,6 +13,14 @@ net.ipv4.conf.*.send_redirects = {{ 1 if global_options.send_redirects == 'enabl net.ipv4.tcp_syncookies = {{ 1 if global_options.syn_cookies == 'enable' else 0 }} net.ipv4.tcp_rfc1337 = {{ 1 if global_options.twa_hazards_protection == 'enable' else 0 }} +{% if global_options.apply_for_bridge is vyos_defined %} +net.bridge.bridge-nf-call-iptables = {{ 1 if global_options.apply_for_bridge.ipv4 is vyos_defined else 0 }} +net.bridge.bridge-nf-call-ip6tables = {{ 1 if global_options.apply_for_bridge.ipv6 is vyos_defined else 0 }} +{% else %} +net.bridge.bridge-nf-call-iptables =0 +net.bridge.bridge-nf-call-ip6tables = 0 +{% endif %} + ## Timeout values: net.netfilter.nf_conntrack_icmp_timeout = {{ global_options.timeout.icmp }} net.netfilter.nf_conntrack_generic_timeout = {{ global_options.timeout.other }} |