Re: [PATCH] Remove broken netfilter binary sysctls from bridgingcode

[Patrick McHardy]

Stephen Hemminger wrote:
> On Tue, 25 Sep 2007 06:07:24 +0200
> Patrick McHardy <kaber@xxxxxxxxx> wrote:
>
>   
> > I meant removing brnf_sysctl_call_tables function, not the sysctls
> > themselves, all it does is change values != 0 to 1. Or did you
> > actually mean that something in userspace might depend on reading
> > back the value 1 after writing a value != 0?
> >     
>
> I was going farther, because don't really see the value of having
> a sysctl for this. It seems better to just not load filters if
> they aren't going to be used. Having another enable/disable hook
> just adds needless complexity.
>   

These sysctls control whether bridged packets will be handled
by iptables and friends. The bridge netfilter code always
handles bridged packets, and iptables might be loaded for
different reasons. So I don't see how that would work.

I think it should be specified in the ebtables ruleset, but
the current netfilter infrastructure doesn't allow to do that
cleanly.


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/