vz-postinstall: enabled iptables for bridges
In RHEL6/CentOS 6, iptables are disabled for bridges. This breaks
setups such as the one described in bug #2641, where iptables commlimit
is used to limit number of connections between containers.
Initially, RHEL6 added the following to /etc/sysctl.conf
(see https://bugzilla.redhat.com/show_bug.cgi?id=512206)
# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
It looks like Parallels Cloud Server 6 is changing these parameters,
so we should, too.
NOTE that vz-postinstall script is now only executed for new installs
(i.e. if vzctl is not yet installed on the system), so upgrading vzctl
will not change your /etc/sysctl.conf.
Reported-by: Dan Bassett <dbassett@oreillyschool.com>
1 file changed