This is an automated email from the ASF dual-hosted git repository. rohit pushed a commit to branch 4.11 in repository https://gitbox.apache.org/repos/asf/cloudstack-docs-admin.git
The following commit(s) were added to refs/heads/4.11 by this push: new ea1edc3 sg: netfilters setting for security groups ea1edc3 is described below commit ea1edc31b25c94471a7abb15385ae3b33c45a69b Author: Rohit Yadav <ro...@apache.org> AuthorDate: Sun Apr 22 10:19:24 2018 +0530 sg: netfilters setting for security groups Signed-off-by: Rohit Yadav <ro...@apache.org> --- source/networking/security_groups.rst | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/source/networking/security_groups.rst b/source/networking/security_groups.rst index 8ef58b8..262e6dd 100644 --- a/source/networking/security_groups.rst +++ b/source/networking/security_groups.rst @@ -86,6 +86,18 @@ advanced zone where KVM is the hypervisor. Using security groups in advanced zones rather than multiple VLANs allows a greater range of options for setting up guest isolation in a cloud. +Setting for CentOS +^^^^^^^^^^^^^^^^^^ + +To use security groups on CentOS/RHEL/Fedora please enable bridge based +filtering, ensure that default sysctl configuration file usually at +/usr/lib/sysctl.d/00-system.conf set to following and run 'sysctl -p': + +.. note:: + # Enable netfilter on bridges. + net.bridge.bridge-nf-call-ip6tables = 1 + net.bridge.bridge-nf-call-iptables = 1 + net.bridge.bridge-nf-call-arptables = 1 Limitations ^^^^^^^^^^^ -- To stop receiving notification emails like this one, please contact ro...@apache.org.