yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1651765] Re: Don't enable net.bridge.bridge-nf-call-arptables for iptables firewall

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1651765@xxxxxxxxxxxxxxxxxx>
Date: Thu, 12 Jan 2017 09:31:56 -0000
Reply-to: Bug 1651765 <1651765@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/413645
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=af0c53887c24b155842bd29ca73dc3800b4b1ec4
Submitter: Jenkins
Branch:    master

commit af0c53887c24b155842bd29ca73dc3800b4b1ec4
Author: Ihar Hrachyshka <ihrachys@xxxxxxxxxx>
Date:   Sat Dec 17 01:35:29 2016 +0000

    iptables: don't enable arptables firewall
    
    We don't use any arptables based firewall rules. This should somewhat
    optimize kernel packet processing performance.
    
    I think the setting came from:
    http://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf
    
    but does not apply to the way we use iptables.
    
    Depends-On: I41796c76172f5243e4f9c4902363abb1f19d0d12
    Change-Id: I5de6cf0fac4d957ada816d3cd2ae1df9831f333d
    Closes-Bug: #1651765


** Changed in: neutron
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to neutron.
https://bugs.launchpad.net/bugs/1651765

Title:
  Don't enable net.bridge.bridge-nf-call-arptables for iptables firewall

Status in neutron:
  Fix Released

Bug description:
  This setting is of no use for neutron, because we don't use any
  arptables based firewall rules.

  More info at: https://bugzilla.redhat.com/show_bug.cgi?id=1357598

To manage notifications about this bug go to:
https://bugs.launchpad.net/neutron/+bug/1651765/+subscriptions

References

[Bug 1651765] [NEW] Don't enable net.bridge.bridge-nf-call-arptables for iptables firewall
From: Ihar Hrachyshka, 2016-12-21