mirror of
https://abf.rosa.ru/djam/xen.git
synced 2025-02-23 18:12:49 +00:00
28 lines
1 KiB
Diff
28 lines
1 KiB
Diff
|
--- xen-3.3.0-orig/tools/hotplug/Linux/vif-bridge 2008-08-22 10:49:07.000000000 +0100
|
||
|
|
+++ xen-3.3.0-new/tools/hotplug/Linux/vif-bridge 2008-08-29 11:29:38.000000000 +0100
|
||
|
|
@@ -91,8 +91,6 @@ case "$command" in
|
||
|
|
;;
|
||
|
|
esac
|
||
|
|
|
||
|
|
-handle_iptable
|
||
|
|
-
|
||
|
|
log debug "Successful vif-bridge $command for $vif, bridge $bridge."
|
||
|
|
if [ "$command" == "online" ]
|
||
|
|
then
|
||
|
|
--- xen-3.3.0-orig/tools/hotplug/Linux/xen-network-common.sh 2008-08-22 10:49:07.000000000 +0100
|
||
|
|
+++ xen-3.3.0-new/tools/hotplug/Linux/xen-network-common.sh 2008-08-29 11:29:38.000000000 +0100
|
||
|
|
@@ -99,6 +99,13 @@ create_bridge () {
|
||
|
|
brctl addbr ${bridge}
|
||
|
|
brctl stp ${bridge} off
|
||
|
|
brctl setfd ${bridge} 0
|
||
|
|
+ # Setting these to zero stops guest<->LAN traffic
|
||
|
|
+ # traversing the bridge from hitting the *tables
|
||
|
|
+ # rulesets. guest<->host traffic still gets processed
|
||
|
|
+ # by the host's iptables rules so this isn't a hole
|
||
|
|
+ sysctl -q -w "net.bridge.bridge-nf-call-arptables=0"
|
||
|
|
+ sysctl -q -w "net.bridge.bridge-nf-call-ip6tables=0"
|
||
|
|
+ sysctl -q -w "net.bridge.bridge-nf-call-iptables=0"
|
||
|
|
fi
|
||
|
|
}
|
||
|
|
|