The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/6831
This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.
=== Description (from pull-request) ===
Signed-off-by: Thomas Parrott <thomas.parr...@canonical.com>
From 21a2b5bc869ffe785a5f0d10bd3727fa679695c4 Mon Sep 17 00:00:00 2001
From: Thomas Parrott <thomas.parr...@canonical.com>
Date: Tue, 4 Feb 2020 08:51:05 +0000
Subject: [PATCH] lxd/device/nic/bridged: Load br_netfilter kernel module when
using IPv6 filtering
Signed-off-by: Thomas Parrott <thomas.parr...@canonical.com>
---
lxd/device/nic_bridged.go | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/lxd/device/nic_bridged.go b/lxd/device/nic_bridged.go
index b30248fe33..18fb417076 100644
--- a/lxd/device/nic_bridged.go
+++ b/lxd/device/nic_bridged.go
@@ -17,6 +17,7 @@ import (
"github.com/google/gopacket"
"github.com/google/gopacket/layers"
"github.com/mdlayher/eui64"
+ "github.com/pkg/errors"
"github.com/lxc/lxd/lxd/db"
deviceConfig "github.com/lxc/lxd/lxd/device/config"
@@ -479,6 +480,13 @@ func (d *nicBridged) setFilters() (err error) {
}
if shared.IsTrue(d.config["security.ipv6_filtering"]) {
+ // Ensure the correct br_netfilter kernel module is loaded
before establishing checking for
+ // bridge filtering support in iptables.
+ err := util.LoadModule("br_netfilter")
+ if err != nil {
+ return errors.Wrapf(err, "Error loading %q module",
"br_netfilter")
+ }
+
// Check br_netfilter is loaded and enabled for IPv6.
sysctlPath := "net/bridge/bridge-nf-call-ip6tables"
sysctlVal, err := util.SysctlGet(sysctlPath)
_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
