[CentOS] C7 and firewalld and ethernet bridge
Gordon Messmer
gordon.messmer at gmail.comFri Jan 18 23:09:17 UTC 2019
- Previous message: [CentOS] C7 and firewalld and ethernet bridge
- Next message: [CentOS] how to activate the network after an installation
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 1/18/19 10:34 AM, mark wrote:
> Does someone have a link to a how-to-do-it with firewalld, not "disable
> firewalld and use iptables"?
Are you trying to filter the packets crossing the bridge device?
If so, you should need three files:
1. /etc/dracut.conf.d/br_netfilter.conf:
add_drivers+=" br_netfilter"
2. /etc/modprobe.d/br_netfilter.conf:
softdep bridge post: br_netfilter
3. /etc/sysctl.d/90-br_netfilter.conf:
# Enable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-arptables = 1
You'll want to rebuild your initrd so that br_netfilter is included and
loaded at boot. From there, filtering the bridge is the same as
filtering FORWARD rules, generally (IIRC).
- Previous message: [CentOS] C7 and firewalld and ethernet bridge
- Next message: [CentOS] how to activate the network after an installation
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list