~mdw
/
firewall
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
829bc4b
)
bookends.m4: Better check for bridging.
author
Mark Wooding
<mdw@distorted.org.uk>
Tue, 8 Jan 2013 16:07:22 +0000
(16:07 +0000)
committer
Mark Wooding
<mdw@distorted.org.uk>
Tue, 8 Jan 2013 16:07:22 +0000
(16:07 +0000)
bookends.m4
patch
|
blob
|
blame
|
history
diff --git
a/bookends.m4
b/bookends.m4
index
699a966
..
1004b76
100644
(file)
--- a/
bookends.m4
+++ b/
bookends.m4
@@
-137,13
+137,13
@@
setopt icmp_echo_ignore_broadcasts 0
## Turn off iptables filtering for bridges. We'll use ebtables if we need
## to; but right now the model is that we do filtering at the borders, and
## are tolerant of things which are local.
## Turn off iptables filtering for bridges. We'll use ebtables if we need
## to; but right now the model is that we do filtering at the borders, and
## are tolerant of things which are local.
-if [ -x /sbin/brctl ]; then
+if [ -x /sbin/brctl ]
|| [ -x /usr/sbin/brctl ]
; then
modprobe bridge || :
modprobe bridge || :
- if [ -d /proc/sys/net/bridge ]; then
- for filter in arptables iptables ip6tables; do
- run sysctl -q net.bridge.bridge-nf-call-$filter=0
- done
- fi
+fi
+if [ -d /proc/sys/net/bridge ]; then
+ for filter in arptables iptables ip6tables; do
+ run sysctl -q net.bridge.bridge-nf-call-$filter=0
+ done
fi
## Turn off the reverse-path filter. It's basically useless: the filter does
fi
## Turn off the reverse-path filter. It's basically useless: the filter does