bookends.m4: Better check for bridging.

author Mark Wooding <mdw@distorted.org.uk>

Tue, 8 Jan 2013 16:07:22 +0000 (16:07 +0000)

committer Mark Wooding <mdw@distorted.org.uk>

Tue, 8 Jan 2013 16:07:22 +0000 (16:07 +0000)
author Mark Wooding <mdw@distorted.org.uk>
Tue, 8 Jan 2013 16:07:22 +0000 (16:07 +0000)
committer Mark Wooding <mdw@distorted.org.uk>
Tue, 8 Jan 2013 16:07:22 +0000 (16:07 +0000)
diff --git a/bookends.m4 b/bookends.m4

index 699a966..1004b76 100644 (file)
--- a/bookends.m4
+++ b/bookends.m4
@@ -137,13 +137,13 @@ setopt icmp_echo_ignore_broadcasts 0
  ## Turn off iptables filtering for bridges.  We'll use ebtables if we need
  ## to; but right now the model is that we do filtering at the borders, and
  ## are tolerant of things which are local.
-if [ -x /sbin/brctl ]; then
+if [ -x /sbin/brctl ] || [ -x /usr/sbin/brctl ]; then
    modprobe bridge || :
-  if [ -d /proc/sys/net/bridge ]; then
-    for filter in arptables iptables ip6tables; do
-      run sysctl -q net.bridge.bridge-nf-call-$filter=0
-    done
-  fi
+fi
+if [ -d /proc/sys/net/bridge ]; then
+  for filter in arptables iptables ip6tables; do
+    run sysctl -q net.bridge.bridge-nf-call-$filter=0
+  done
  fi
  
  ## Turn off the reverse-path filter.  It's basically useless: the filter does
author	Mark Wooding <mdw@distorted.org.uk>
	Tue, 8 Jan 2013 16:07:22 +0000 (16:07 +0000)
committer	Mark Wooding <mdw@distorted.org.uk>
	Tue, 8 Jan 2013 16:07:22 +0000 (16:07 +0000)