iptables: don't enable arptables firewall

Neutron doesn't use any arptables based firewall rules. This should somewhat optimize kernel packet processing performance. I think the setting came from: http://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf but does not apply to the way we use iptables. Change-Id: I41796c76172f5243e4f9c4902363abb1f19d0d12 Closes-Bug: #1651765
2016-12-17 04:12:24 +00:00
parent 72af0d1cab
commit 3f771b7bcb
1 changed files with 1 additions and 1 deletions
--- a/2
+++ b/2
@@ -658,7 +658,7 @@ function enable_kernel_bridge_firewall {
    # Enable bridge firewalling in case it's disabled in kernel (upstream
    # default is enabled, but some distributions may decide to change it).
    # This is at least needed for RHEL 7.2 and earlier releases.
-    for proto in arp ip ip6; do
+    for proto in ip ip6; do
        sudo sysctl -w net.bridge.bridge-nf-call-${proto}tables=1
    done
 }