Yes, it should be set to 0 if not using security groups, right? Unless I didn't understand something and security_group.py is called to fix things up even when you are not using security groups, but I didn't see that behavior. I just got an empty FORWARD table that rejected all bridge traffic due to that setting being 1. On Sep 14, 2012 12:25 AM, "Edison Su" <[email protected]> wrote:
> Security_group.py -> addfwframework will set bridge-nf-call-iptables to 1. > It should be called when agent starts. > > Sent from my iPhone > > On Sep 13, 2012, at 11:10 PM, "Marcus Sorensen" <[email protected]> > wrote: > > > Now that I'm not running security groups (VPC), I was running into > > issues with iptables filtering bridged traffic. I know the easy fixes > > (iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT or > > echo 1 > /proc/sys/net/bridge/bridge-nf-call-iptables), but in > > looking through the documentation and the code it doesn't seem like > > there's any provisions to help. Is there something in the advanced > > network code that should be doing this if security groups are > > disabled, or should it be in the install guide? >
