iptables: don't enable arptables firewall Neutron doesn't use any arptables based firewall rules. This should somewhat optimize kernel packet processing performance. I think the setting came from: http://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf but does not apply to the way we use iptables. Change-Id: I41796c76172f5243e4f9c4902363abb1f19d0d12 Closes-Bug: #1651765

commit: 3f771b7bcb04a22c056f87e9e9bae76209fd3555 [log] [tgz]
author: Ihar Hrachyshka <ihrachys@redhat.com> Sat Dec 17 04:12:24 2016 +0000
committer: Ihar Hrachyshka <ihrachys@redhat.com> Sat Dec 17 04:14:42 2016 +0000
tree: e137a6cd06d0a7bc1522e8482a2318d5cb15ce5a
parent: 72af0d1cab71a03790688a4b7d9274440fcc3275 [diff] [blame]
diff --git a/functions b/functions
index 6a0ac67..0be9794 100644
--- a/functions
+++ b/functions

@@ -658,7 +658,7 @@
     # Enable bridge firewalling in case it's disabled in kernel (upstream
     # default is enabled, but some distributions may decide to change it).
     # This is at least needed for RHEL 7.2 and earlier releases.
-    for proto in arp ip ip6; do
+    for proto in ip ip6; do
         sudo sysctl -w net.bridge.bridge-nf-call-${proto}tables=1
     done
 }
commit	3f771b7bcb04a22c056f87e9e9bae76209fd3555	[log] [tgz]
author	Ihar Hrachyshka <ihrachys@redhat.com>	Sat Dec 17 04:12:24 2016 +0000
committer	Ihar Hrachyshka <ihrachys@redhat.com>	Sat Dec 17 04:14:42 2016 +0000
tree	e137a6cd06d0a7bc1522e8482a2318d5cb15ce5a
parent	72af0d1cab71a03790688a4b7d9274440fcc3275 [diff] [blame]