CentOS 6.7:无法禁用 Xen 桥的 netfilter

tag-icon tag-icon networking bridge xen
CentOS 6.7:无法禁用 Xen 桥的 netfilter

Xen 主机上的以下 sysctl.conf 设置不起作用:

net.bridge.bridge-nf-call-arptables = 0
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0

# sysctl -p

...
error: "net.bridge.bridge-nf-call-arptables" is an unknown key
error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key
error: "net.bridge.bridge-nf-call-iptables" is an unknown key

但桥接模块已加载:

# lsmod | grep bridge
bridge                 86778  0
stp                     1613  1 bridge
llc                     3721  2 bridge,stp
ipv6                  342149  50 bridge,nf_reject_ipv6,nf_conntrack_ipv6,nf_defrag_ipv6,[permanent]

我缺少什么?

内核3.18.20-2.el6xen.x86_64

答案1

回退到 3.14.42-1.el6xen.x86_64 解决了问题...

# sysctl -a | grep net.bridge
net.bridge.bridge-nf-call-arptables = 0
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0

相关内容