From a8a9cfe750da719605ab90ce8c83c42276ab07f3 Mon Sep 17 00:00:00 2001
From: Nicolas Fort <nicolasfort1988@gmail.com>
Date: Wed, 24 Jul 2024 17:40:28 +0000
Subject: T6570: firewall: add global-option to configure sysctl parameter for
 enabling/disabling sending traffic from bridge layer to ipvX layer

---
 src/etc/sysctl.d/30-vyos-router.conf | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src/etc/sysctl.d/30-vyos-router.conf')

diff --git a/src/etc/sysctl.d/30-vyos-router.conf b/src/etc/sysctl.d/30-vyos-router.conf
index c9b8ef8fe..76be41ddc 100644
--- a/src/etc/sysctl.d/30-vyos-router.conf
+++ b/src/etc/sysctl.d/30-vyos-router.conf
@@ -110,3 +110,8 @@ net.ipv6.conf.all.seg6_enabled = 0
 net.ipv6.conf.default.seg6_enabled = 0
 
 net.vrf.strict_mode = 1
+
+# https://vyos.dev/T6570
+# By default, do not forward traffic from bridge to IPvX layer
+net.bridge.bridge-nf-call-iptables = 0
+net.bridge.bridge-nf-call-ip6tables = 0
\ No newline at end of file
-- 
cgit v1.2.3