Simon Walter <si...@gikaku.com> writes:
> After some testing, I have a question about an option in
> /etc/default/shorewall:
> wait_interface
> If I add the bridge interface to that line, shorewall will not start
> unless a container is brought up. I suppose that is why I was thinking
> of bridging the bridge inerface with a tap interface so that it's
> always available.
>
> It seems that bridges do not start with ifup (-a) unless one of their
> bridged interfaces are up.
Quoting from bridge-utils-interfaces(5)
bridge_ports interface specification
this option must exist for the scripts to setup the
bridge, with it you specify the ports you want to add to
your bridge, either using "none" if you want a bridge
without any interfaces or you want to add them later using
brctl, or a list of the interfaces you want to add
separated by spaces
IOW, the way to configure a bridge with no interfaces assigned by
default via /etc/network/interface is
auto bridge
iface bridge inet manual
bridge_fd 0
bridge_stp 0
bridge_ports none
The additional two lines disable the spanning-tree protocol. That's
usually sensible unless one deal with a complicated, physicial topology
which may or does contain loops. Then, it's needed so that the bridge
can work out a loop-less virtual topology utilizing the existing
physical one.
Interfaces supposed to be used as bridge ports don't have to be up. The
bridge manages this, IOW, it will initially disable all newly assigned
ports and enable or disable them as required to implement the
negotiated, virtual topology (if STP is being used) after the
'forwarding delay' (bridge_fd) has passed.
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
