> >>The patch does not really mention why we need this? > >>https://git.proxmox.com/?p=pve- > cluster.git;a=blob;f=debian/sysctl.conf;hb=501839cac97f68d4dcba21df6fb3797 > b976e9e56 > >>How can we avoid that warning? > > If I remember, by default netfilter is running on bridge. (without any rules). > And I had problem with packets dropped, because of too much traffic. > > They are also security problem if it's enabled by default > see here : https://bugzilla.redhat.com/show_bug.cgi?id=512206
But it does not work with new kernel, so /proc/sys/net/bridge/bridge-nf-call-iptables /proc/sys/net/bridge/bridge-nf-call-ip6tables /proc/sys/net/bridge/bridge-nf-call-arptables those values are set to 1 after boot! _______________________________________________ pve-devel mailing list [email protected] http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
