Merge pull request #3901 from nicolas-fort/T4072-extend-bridge-fwall

T4072: firewall extend bridge firewall
author: Christian Breunig <christian@breunig.cc> 2024-08-04 09:07:15 +0200
committer: GitHub <noreply@github.com> 2024-08-04 09:07:15 +0200
commit: 15c77978f30bebe7c6d4f4e9a87c56e12e1382cd (patch)
tree: b27bd1e95b512a341a6591ef1435b73ff9531865 /src/etc/sysctl.d/30-vyos-router.conf
parent: 998df24dc4ed0c1ccd572d09c438d96fe6b79ba8 (diff)
parent: c33cd6157ebc5c08dc1e3ff1aa36f2d2fbb9ca83 (diff)
download: vyos-1x-15c77978f30bebe7c6d4f4e9a87c56e12e1382cd.tar.gz
vyos-1x-15c77978f30bebe7c6d4f4e9a87c56e12e1382cd.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/src/etc/sysctl.d/30-vyos-router.conf b/src/etc/sysctl.d/30-vyos-router.conf
index c9b8ef8fe..76be41ddc 100644
--- a/src/etc/sysctl.d/30-vyos-router.conf
+++ b/src/etc/sysctl.d/30-vyos-router.conf
@@ -110,3 +110,8 @@ net.ipv6.conf.all.seg6_enabled = 0
 net.ipv6.conf.default.seg6_enabled = 0
 
 net.vrf.strict_mode = 1
+
+# https://vyos.dev/T6570
+# By default, do not forward traffic from bridge to IPvX layer
+net.bridge.bridge-nf-call-iptables = 0
+net.bridge.bridge-nf-call-ip6tables = 0
+\ No newline at end of file
author	Christian Breunig <christian@breunig.cc>	2024-08-04 09:07:15 +0200
committer	GitHub <noreply@github.com>	2024-08-04 09:07:15 +0200
commit	15c77978f30bebe7c6d4f4e9a87c56e12e1382cd (patch)
tree	b27bd1e95b512a341a6591ef1435b73ff9531865 /src/etc/sysctl.d/30-vyos-router.conf
parent	998df24dc4ed0c1ccd572d09c438d96fe6b79ba8 (diff)
parent	c33cd6157ebc5c08dc1e3ff1aa36f2d2fbb9ca83 (diff)
download	vyos-1x-15c77978f30bebe7c6d4f4e9a87c56e12e1382cd.tar.gz vyos-1x-15c77978f30bebe7c6d4f4e9a87c56e12e1382cd.zip