Bug 710858 – NetworkManager controlled bridge overrides sysctl.d netfilter settings

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 710858 - NetworkManager controlled bridge overrides sysctl.d netfilter settings


Summary:	NetworkManager controlled bridge overrides sysctl.d netfilter settings


Status:	RESOLVED OBSOLETE

Product:	NetworkManager
Classification:	Platform
Component:	general
Version:	unspecified
Hardware:	Other Linux

Importance:	Normal normal
Target Milestone:	---
Assigned To:	NetworkManager maintainer(s)
QA Contact:	NetworkManager maintainer(s)

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2013-10-25 07:58 UTC by Paul Knox-Kennedy
Modified:	2020-11-12 14:32 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Paul Knox-Kennedy 2013-10-25 07:58:35 UTC

Using nm controlled bridge, with sysctl.conf containing:
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

After a reboot, all these have been set to 1. This then stops, for example, 
DHCP from working on virtual machines using the "shared physical device"
setup

Version-Release number of selected component (if applicable):
NetworkManager-0.9.9.0-14.git20131003.fc20.x86_64

Seen on Fedora 20:https://bugzilla.redhat.com/show_bug.cgi?id=1022977

Comment 1 Pavel Simerda 2013-10-25 08:59:37 UTC

I'm not aware of overriding them explicitly... maybe a kernel issue? Will need more investigation. Thank you for your report.

Comment 2 Paul Knox-Kennedy 2013-11-01 21:04:13 UTC

The main reason I am waving my finger in the direction of NM is that this box has been working as a virtual machine host since it was built. Because of previous issues with NM, it was configured with the standard "network" service, with NM disabled.

The box has recently been upgraded to F20, which advertises NM control for network bridges. As such, I disabled the network service, and enabled NetworkManager to try it out. NM correctly picks up all the existing configuration for the bridge, and reports it correctly through the user interface. However, my virtual machines couldn't get DHCP requests out.
 
After considerable messing around, I discovered that these bridge netfilter settings had been overridden.

Disabling network manager and re-enabling network cures the issue. 

Workaround is to create /etc/NetworkManager/dispatcher.d/00-sysctl with the following:
#!/bin/sh

/usr/lib/systemd/systemd-sysctl

exit 0

Comment 3 Martin Wilck 2013-11-15 17:37:55 UTC

As I wrote in  https://bugzilla.redhat.com/show_bug.cgi?id=1022977, this might be a generic systemd / system initialiation problem rather than a NetworkManager bug.

Comment 4 André Klapper 2020-11-12 14:32:13 UTC

bugzilla.gnome.org is being shut down in favor of a GitLab instance. 
We are closing all old bug reports and feature requests in GNOME Bugzilla which have not seen updates for a long time.

If you still use NetworkManager and if you still see this bug / want this feature in a recent and supported version of NetworkManager, then please feel free to report it at https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/

Thank you for creating this report and we are sorry it could not be implemented (workforce and time is unfortunately limited).