Stephen Hemminger wrote:
quoted text
> On Tue, 25 Sep 2007 06:07:24 +0200
> Patrick McHardy <kaber@trash.net> wrote:
>
>   
>> I meant removing brnf_sysctl_call_tables function, not the sysctls
>> themselves, all it does is change values != 0 to 1. Or did you
>> actually mean that something in userspace might depend on reading
>> back the value 1 after writing a value != 0?
>>     
>
> I was going farther, because don't really see the value of having
> a sysctl for this. It seems better to just not load filters if
> they aren't going to be used. Having another enable/disable hook
> just adds needless complexity.
>   

These sysctls control whether bridged packets will be handled
by iptables and friends. The bridge netfilter code always
handles bridged packets, and iptables might be loaded for
different reasons. So I don't see how that would work.

I think it should be specified in the ebtables ruleset, but
the current netfilter infrastructure doesn't allow to do that
cleanly.


-
unsubscribe notice
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/