On Thu, Dec 17, 2009 at 11:36:29AM -0500, Laine Stump wrote: > On 12/07/2009 01:43 PM, David Lutterkort wrote: > > Hi Dale, > > > > On Sat, 2009-12-05 at 11:33 -0800, Dale Bewley wrote: > > > >> [r...@localhost ~]# NETCF_DEBUG=1 ncftool > >> warning: augeas initialization had errors > >> please file a bug with the following lines in the bug report: > >> /augeas/files/etc/sysconfig/iptables/error = "parse_failed" > >> /augeas/files/etc/sysconfig/iptables/error/pos = "0" > >> /augeas/files/etc/sysconfig/iptables/error/line = "1" > >> /augeas/files/etc/sysconfig/iptables/error/char = "0" > >> /augeas/files/etc/sysconfig/iptables/error/lens = > >> "/usr/share/augeas/lenses/dist/iptables.aug:59.10-.32" > >> /augeas/files/etc/sysconfig/iptables/error/message = "Iterated lens > >> matched less than it should" > >> Failed to initialize netcf > >> error: unspecified error > >> error: errors in loading some config files > >> > > The mystery to me is why netcf even looks at your iptables config - > > since you have the bridge module loaded, the > > file /proc/sys/net/bridge/bridge-nf-call-iptables should exist, and per > > the F12 defaults, should have a 0 in it. That tells netcf not to bother > > with iptables. > > > > I have the same behavior captured on my F12 box. > /proc/sys/net/bridge/bridge-nf-call-iptables does contain a 1, even > though the bridge module is loaded. I just checked on my F11 machine, > and it also has bridge-nf-call-iptables set to 1, even though the bridge > module is loaded (in the case of F11, initialization is successful, though). > > So it looks like we can't assume bridge-nf-call-iptables will be set to > 0 if the bridge module is loaded. Do we need to find another way to test > for this?
The default setting is specified in a config file /etc/sysctl.conf This file is loaded at system bootup by the initscript. The trouble is, if the bridge module is not loaded at boot, then ... # sysctl -w net.bridge.bridge-nf-call-iptable=0 error: "net.bridge.bridge-nf-call-iptable" is an unknown key ...when you then load bridge module later during boot this setting is never loaded. The only way around this I see is either - Change the default in the kernel module itself - Add a post load rule to /etc/modprobe.conf to set the sysctls Regards, Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| _______________________________________________ netcf-devel mailing list netcf-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/netcf-devel