From c33cd6157ebc5c08dc1e3ff1aa36f2d2fbb9ca83 Mon Sep 17 00:00:00 2001 From: Nicolas Fort Date: Wed, 31 Jul 2024 12:42:25 +0000 Subject: T4072: change same helpers in xml definitions; add notrack action for prerouting chain; re introduce in policy; change global options for passing traffic to IPvX firewall; update smoketest --- data/templates/firewall/sysctl-firewall.conf.j2 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'data/templates') diff --git a/data/templates/firewall/sysctl-firewall.conf.j2 b/data/templates/firewall/sysctl-firewall.conf.j2 index ae6a8969c..6c33ffdc8 100644 --- a/data/templates/firewall/sysctl-firewall.conf.j2 +++ b/data/templates/firewall/sysctl-firewall.conf.j2 @@ -13,9 +13,9 @@ net.ipv4.conf.*.send_redirects = {{ 1 if global_options.send_redirects == 'enabl net.ipv4.tcp_syncookies = {{ 1 if global_options.syn_cookies == 'enable' else 0 }} net.ipv4.tcp_rfc1337 = {{ 1 if global_options.twa_hazards_protection == 'enable' else 0 }} -{% if global_options.apply_for_bridge is vyos_defined %} -net.bridge.bridge-nf-call-iptables = {{ 1 if global_options.apply_for_bridge.ipv4 is vyos_defined else 0 }} -net.bridge.bridge-nf-call-ip6tables = {{ 1 if global_options.apply_for_bridge.ipv6 is vyos_defined else 0 }} +{% if global_options.apply_to_bridged_traffic is vyos_defined %} +net.bridge.bridge-nf-call-iptables = {{ 1 if global_options.apply_to_bridged_traffic.ipv4 is vyos_defined else 0 }} +net.bridge.bridge-nf-call-ip6tables = {{ 1 if global_options.apply_to_bridged_traffic.ipv6 is vyos_defined else 0 }} {% else %} net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-ip6tables = 0 -- cgit v1.2.3