diff options
| author | Nicolas Fort <nicolasfort1988@gmail.com> | 2024-07-31 12:42:25 +0000 |
|---|---|---|
| committer | Nicolas Fort <nicolasfort1988@gmail.com> | 2024-08-02 12:50:26 +0000 |
| commit | c33cd6157ebc5c08dc1e3ff1aa36f2d2fbb9ca83 (patch) | |
| tree | 55454c478da7bc0cf6e2e9df11f520bbcefc7d26 /data | |
| parent | fa764927c14350104671edbb2bb3570ab267e416 (diff) | |
| download | vyos-1x-c33cd6157ebc5c08dc1e3ff1aa36f2d2fbb9ca83.tar.gz vyos-1x-c33cd6157ebc5c08dc1e3ff1aa36f2d2fbb9ca83.zip | |
T4072: change same helpers in xml definitions; add notrack action for prerouting chain; re introduce <set vrf> in policy; change global options for passing traffic to IPvX firewall; update smoketest
Diffstat (limited to 'data')
| -rw-r--r-- | data/templates/firewall/sysctl-firewall.conf.j2 | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/data/templates/firewall/sysctl-firewall.conf.j2 b/data/templates/firewall/sysctl-firewall.conf.j2 index ae6a8969c..6c33ffdc8 100644 --- a/data/templates/firewall/sysctl-firewall.conf.j2 +++ b/data/templates/firewall/sysctl-firewall.conf.j2 @@ -13,9 +13,9 @@ net.ipv4.conf.*.send_redirects = {{ 1 if global_options.send_redirects == 'enabl net.ipv4.tcp_syncookies = {{ 1 if global_options.syn_cookies == 'enable' else 0 }} net.ipv4.tcp_rfc1337 = {{ 1 if global_options.twa_hazards_protection == 'enable' else 0 }} -{% if global_options.apply_for_bridge is vyos_defined %} -net.bridge.bridge-nf-call-iptables = {{ 1 if global_options.apply_for_bridge.ipv4 is vyos_defined else 0 }} -net.bridge.bridge-nf-call-ip6tables = {{ 1 if global_options.apply_for_bridge.ipv6 is vyos_defined else 0 }} +{% if global_options.apply_to_bridged_traffic is vyos_defined %} +net.bridge.bridge-nf-call-iptables = {{ 1 if global_options.apply_to_bridged_traffic.ipv4 is vyos_defined else 0 }} +net.bridge.bridge-nf-call-ip6tables = {{ 1 if global_options.apply_to_bridged_traffic.ipv6 is vyos_defined else 0 }} {% else %} net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-ip6tables = 0 |