Skip to content

Instantly share code, notes, and snippets.

@adamelliotfields

adamelliotfields/enable_bridge_netfilter.sh

Created November 11, 2019 06:07
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save adamelliotfields/aa9cfa2aacbb767dcf09860b112ee2ed to your computer and use it in GitHub Desktop.
Save adamelliotfields/aa9cfa2aacbb767dcf09860b112ee2ed to your computer and use it in GitHub Desktop.
Download ZIP
Persist bridge-nf-call-iptables on Reboot
Raw
enable_bridge_netfilter.sh
#!/bin/bash
set -e
# Running `modprobe br_netfilter` does not persist.
echo 'br_netfilter' >> /etc/modules
# Running `sysctl net.bridge.bridge-nf-call-iptables=1` does not persist.
echo 'net.bridge.bridge-nf-call-iptables=1' >> /etc/sysctl.conf
echo 'net.bridge.bridge-nf-call-ip6tables=1' >> /etc/sysctl.conf
@adamelliotfields
Copy link
Author

adamelliotfields commented Nov 11, 2019
edited

If this still doesn't work, try sudo apt remove --purge ufw, as ufw has rules that override sysctl.

If that still doesn't work, try sudo grep -rl net.bridge.bridge-nf-call-iptables /etc to find any other files that could be overriding it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment