Discussion:
Some net.link.bridge entries in sysctl.conf appear ignored after upgrade to 13.0-RELEASE
Darryn Nicol
2021-04-14 14:22:04 UTC
Permalink
I have the following entries in /etc/sysctl.conf to facilitate the use of
IPFW within VNET jails:

# Only pass IP packets when pfil is enabled
net.link.bridge.pfil_onlyip=0
# Packet filter on the bridge interface
net.link.bridge.pfil_bridge=0
# Packet filter on the member interface
net.link.bridge.pfil_member=0

These worked fine in 12.2-RELEASE but since the upgrade after every reboot
these are all set to 1. If I set them manually they work, but are reset to
1 after another reboot. I have other entries in sysctl.conf that work, did
these sysctls change in 13?
Marek Zarychta
2021-04-14 19:12:07 UTC
Permalink
Post by Darryn Nicol
I have the following entries in /etc/sysctl.conf to facilitate the use of
# Only pass IP packets when pfil is enabled
net.link.bridge.pfil_onlyip=0
# Packet filter on the bridge interface
net.link.bridge.pfil_bridge=0
# Packet filter on the member interface
net.link.bridge.pfil_member=0
These worked fine in 12.2-RELEASE but since the upgrade after every reboot
these are all set to 1. If I set them manually they work, but are reset
to
Post by Darryn Nicol
1 after another reboot. I have other entries in sysctl.conf that work, did
these sysctls change in 13?
Please try loading if_bridge from /boot/loader.conf to make it working.
According to rcorder(8) it looks like /etc/rc.d/sysctl is executed prior
to /etc/rc.d/kld.
--
Marek Zarychta
Darryn Nicol
2021-04-15 09:38:33 UTC
Permalink
* I have the following entries in /etc/sysctl.conf to facilitate the use of
*>>* IPFW within VNET jails:
*>> >>* # Only pass IP packets when pfil is enabled
*>>* net.link.bridge.pfil_onlyip=0
*>>* # Packet filter on the bridge interface
*>>* net.link.bridge.pfil_bridge=0
*>>* # Packet filter on the member interface
*>>* net.link.bridge.pfil_member=0
*>> >>* These worked fine in 12.2-RELEASE but since the upgrade after
every reboot
*>>* these are all set to 1. If I set them manually they work, but are reset *to
* 1 after another reboot. I have other entries in sysctl.conf that work, did
*>>* these sysctls change in 13?
*>> >Please try loading if_bridge from /boot/loader.conf to make it >working.
According to rcorder(8) it looks like /etc/rc.d/sysctl is executed >prior
to /etc/rc.d/kld.
Thank you, it's working now.

Loading...