diff options
| -rw-r--r-- | man/sysctl.d.xml | 21 | 
1 files changed, 17 insertions, 4 deletions
| diff --git a/man/sysctl.d.xml b/man/sysctl.d.xml index 8a131791a5..e5b2bc0ac9 100644 --- a/man/sysctl.d.xml +++ b/man/sysctl.d.xml @@ -123,11 +123,12 @@      </example>      <example> -      <title>Disable packet filter on bridged packets (method one)</title> +      <title>Apply settings available only when a certain module is loaded (method one)</title>        <para><filename>/etc/udev/rules.d/99-bridge.rules</filename>:        </para> -      <programlisting>ACTION=="add", SUBSYSTEM=="module", KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/net/bridge" +      <programlisting>ACTION=="add", SUBSYSTEM=="module", KERNEL=="br_netfilter", \ +      RUN+="/usr/lib/systemd/systemd-sysctl --prefix=/net/bridge"  </programlisting>        <para><filename>/etc/sysctl.d/bridge.conf</filename>: @@ -137,14 +138,20 @@  net.bridge.bridge-nf-call-iptables = 0  net.bridge.bridge-nf-call-arptables = 0  </programlisting> + +      <para>This method applies settings when the module is +      loaded. Please note that unless the <filename>br_netfilter</filename> +      module is loaded, bridged packets will not be filtered by +      netfilter (starting with kernel 3.18), so simply not loading the +      module is suffient to avoid filtering.</para>      </example>      <example> -      <title>Disable packet filter on bridged packets (method two)</title> +      <title>Apply settings available only when a certain module is loaded (method two)</title>        <para><filename>/etc/modules-load.d/bridge.conf</filename>:        </para> -      <programlisting>bridge</programlisting> +      <programlisting>br_netfilter</programlisting>        <para><filename>/etc/sysctl.d/bridge.conf</filename>:        </para> @@ -153,6 +160,12 @@ net.bridge.bridge-nf-call-arptables = 0  net.bridge.bridge-nf-call-iptables = 0  net.bridge.bridge-nf-call-arptables = 0  </programlisting> + +      <para>This method forces the module to be always loaded. Please +      note that unless the <filename>br_netfilter</filename> module is +      loaded, bridged packets will not be filtered with netfilter +      (starting with kernel 3.18), so simply not loading the module is +      suffient to avoid filtering.</para>      </example>    </refsect1> | 
