Browse code
iptables: don't enable arptables firewall
Neutron doesn't use any arptables based firewall rules. This should
somewhat optimize kernel packet processing performance.
I think the setting came from:
http://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf
but does not apply to the way we use iptables.
Change-Id: I41796c76172f5243e4f9c4902363abb1f19d0d12
Closes-Bug: #1651765
Ihar Hrachyshka authored on 2016/12/17 13:12:24Showing 1 changed files
| ... | ... |
@@ -658,7 +658,7 @@ function enable_kernel_bridge_firewall {
|
| 658 | 658 |
# Enable bridge firewalling in case it's disabled in kernel (upstream |
| 659 | 659 |
# default is enabled, but some distributions may decide to change it). |
| 660 | 660 |
# This is at least needed for RHEL 7.2 and earlier releases. |
| 661 |
- for proto in arp ip ip6; do |
|
| 661 |
+ for proto in ip ip6; do |
|
| 662 | 662 |
sudo sysctl -w net.bridge.bridge-nf-call-${proto}tables=1
|
| 663 | 663 |
done |
| 664 | 664 |
} |