fedora-add-bridge-sysctl-configuration.patch

From 30353eb466fe1ef768dc7bc1ccc1239b97dab70c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Tue, 7 Oct 2014 01:49:10 -0400
Subject: [PATCH] fedora: add bridge sysctl configuration

Udev rule is added to load those settings when the bridge
module is loaded.

https://bugzilla.redhat.com/show_bug.cgi?id=634736
---
 Makefile.am              | 8 ++++++--
 rules/.gitignore         | 1 +
 rules/99-bridge.rules.in | 9 +++++++++
 sysctl.d/50-bridge.conf  | 4 ++++
 4 files changed, 20 insertions(+), 2 deletions(-)
 create mode 100644 rules/99-bridge.rules.in
 create mode 100644 sysctl.d/50-bridge.conf

diff --git a/Makefile.am b/Makefile.am
index e52db1793b..41e94575ef 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -445,7 +445,8 @@ CLEANFILES += \
 	$(nodist_zshcompletion_DATA)
 
 dist_sysctl_DATA = \
-	sysctl.d/50-default.conf
+	sysctl.d/50-default.conf \
+	sysctl.d/50-bridge.conf
 
 dist_systemunit_DATA = \
 	units/graphical.target \
@@ -3281,7 +3282,8 @@ dist_udevrules_DATA += \
 	rules/95-udev-late.rules
 
 nodist_udevrules_DATA += \
-	rules/99-systemd.rules
+	rules/99-systemd.rules \
+	rules/99-bridge.rules
 
 dist_udevhwdb_DATA = \
 	hwdb/20-pci-vendor-model.hwdb \
@@ -3306,10 +3308,12 @@ sharepkgconfig_DATA = \
 
 EXTRA_DIST += \
 	rules/99-systemd.rules.in \
+	rules/99-bridge.rules.in \
 	src/udev/udev.pc.in
 
 CLEANFILES += \
 	rules/99-systemd.rules \
+	rules/99-bridge.rules \
 	src/udev/udev.pc
 
 EXTRA_DIST += \
diff --git a/rules/.gitignore b/rules/.gitignore
index 93a50ddd80..46c7f3ce91 100644
--- a/rules/.gitignore
+++ b/rules/.gitignore
@@ -1 +1,2 @@
 /99-systemd.rules
+/99-bridge.rules
diff --git a/rules/99-bridge.rules.in b/rules/99-bridge.rules.in
new file mode 100644
index 0000000000..f46f96bd2e
--- /dev/null
+++ b/rules/99-bridge.rules.in
@@ -0,0 +1,9 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+# Apply sysctl settings to bridges
+ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="@rootlibexecdir@/systemd-sysctl --prefix=/net/bridge"
diff --git a/sysctl.d/50-bridge.conf b/sysctl.d/50-bridge.conf
new file mode 100644
index 0000000000..b586bf15fa
--- /dev/null
+++ b/sysctl.d/50-bridge.conf
@@ -0,0 +1,4 @@
+# Disable netfilter on bridges.
+net.bridge.bridge-nf-call-ip6tables = 0
+net.bridge.bridge-nf-call-iptables = 0
+net.bridge.bridge-nf-call-arptables = 0