neutron/releasenotes/notes/iptables-fail-on-missing-sy...

15 lines
757 B
YAML

---
deprecations:
- The ``iptables`` firewall driver will no longer enable bridge firewalling
in next versions of Neutron. If your distribution overrides the default
value for any of relevant sysctl settings
(``net.bridge.bridge-nf-call-arptables``,
``net.bridge.bridge-nf-call-ip6tables``, and
``net.bridge.bridge-nf-call-iptables``) then make sure you set them back
to upstream kernel default (``1``) using /etc/sysctl.conf or
/etc/sysctl.d/* configuration files.
upgrades:
- On newer Linux kernels (3.18+) you will need to load the ``br_netfilter``
kernel module before starting an Open vSwitch or Linuxbridge agent using
``iptables`` firewall driver. Otherwise the agent will fail to start.