Disable netfilter on bridge

This commit is contained in:
Jakub Filo 2021-08-18 16:02:11 +00:00
parent 9bd7af9c5a
commit 704b2de78d
2 changed files with 16 additions and 1 deletions

View File

@ -0,0 +1 @@
ACTION=="add", SUBSYSTEM=="module", KERNEL=="br_netfilter", RUN+="/usr/lib/systemd/systemd-sysctl --prefix=net/bridge

View File

@ -30,6 +30,7 @@
- etc/network/interfaces.d/
- etc/systemd/system/
- etc/libvirt/hooks/
- etc/udev/rules.d/
- usr/local/bin/
- name: hugepages config
@ -47,7 +48,7 @@
append: yes
become: yes
- name: kernel param tuning
- name: hugepages kernel params
sysctl:
state: present
name: "{{ item.name }}"
@ -61,6 +62,19 @@
- { name: 'vm.stat_interval', value: '120' }
- { name: 'kernel.watchdog', value: '0' }
- name: bridge networking kernel params
sysctl:
state: present
name: "{{ item.name }}"
value: "{{ item.value }}"
sysctl_file: /etc/sysctl.d/bridge.conf
reload: yes
become: yes
with_items:
- { name: 'net.bridge.bridge-nf-call-arptables', value: '0' }
- { name: 'net.bridge.bridge-nf-call-ip6tables', value: '0' }
- { name: 'net.bridge.bridge-nf-call-iptables', value: '0' }
- name: enable tuning service
systemd:
name: kvm-tuning