NM controlled bridge turns on netfilter
Gene Czarcinski
gczarcinski at gmail.com
Sun Oct 5 17:50:46 UTC 2014
On 10/04/2014 01:35 PM, Adam Williamson wrote:
> On Fri, 2014-10-03 at 18:04 -0300, Bruno Medeiros wrote:
>> On Fri, Oct 3, 2014 at 2:36 PM, Adam Williamson <adamwill at fedoraproject.org>
>> wrote:
>>
>>> I don't know why you see it as an F19 to F20 regression, because I'm
>>> fairly sure it's been broken the whole time.
>>
>> I have two servers now running libvirtd + firewalld + NM, one is F19 and
>> the other (the newest) one is F20. I just checked here and the F19 server
>> has neither /etc/modules-load.d nor /etc/udev/rules.d files regarding the
>> workaround. So, for some reason, it works on F19! Maybe the order systemd
>> runs something.. I don't know. I just know that I followed the same
>> procedure I used to setup libvirt on F19 to setup F20 and it didn't work
>> (at least without the workaround).
> There's about a dozen other ways you could possibly work around it -
> there may be a script in rc.local or something? I'm fairly sure there's
> nothing in any Fedora release to 'fix' it.
>
>> Thank you for pointing the current bug, I think it should be linked to the
>> original one (https://bugzilla.redhat.com/show_bug.cgi?id=512206) because
>> it can drive someone crazy! ;)
> Sure, throw a comment in or something!
>
>> I also think that there should be a warning on libvirt doc pointing to your
>> write-up (or the bug) in case someone decides to use NM instead of network.
> The problem with adding docs to *everything* is you have to remember to
> take them out again when the bug is actually fixed...I'd probably rather
> just get the damn thing fixed, it really shouldn't be much trouble but
> it keeps winding up stuck between teams.
OK, I posted my suggested "temporary" solution to the BZ report:
https://bugzilla.redhat.com/show_bug.cgi?id=634736
Someone suggested a reasonable solution to the problem would be to
simply add the bridge module to the basic kernel. As a quick, simple fix
(and not really a horrible hack) I add to file to /etc/modules-load.d/
for bridge. Tested and works on Fedora 20 and Fedora 21 on all of my
systems. Without the early load some systems worked and some did not
(reliably and repeatable).
Adam, I suggest that you add this to your writeup on bridging.
BTW, a great big THANK YOU for working out how to do bridging when
running NetworkManager.
Gene
More information about the test
mailing list