Commits
Kir Kolyshkin authored a7aaea07a6c
vz-postinstall: enabled iptables for bridges In RHEL6/CentOS 6, iptables are disabled for bridges. This breaks setups such as the one described in bug #2641, where iptables commlimit is used to limit number of connections between containers. Initially, RHEL6 added the following to /etc/sysctl.conf (see https://bugzilla.redhat.com/show_bug.cgi?id=512206) # Disable netfilter on bridges. net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-arptables = 0 It looks like Parallels Cloud Server 6 is changing these parameters, so we should, too. NOTE that vz-postinstall script is now only executed for new installs (i.e. if vzctl is not yet installed on the system), so upgrading vzctl will not change your /etc/sysctl.conf. Reported-by: Dan Bassett <dbassett@oreillyschool.com>