You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ro...@apache.org on 2018/04/22 04:50:13 UTC
[cloudstack-docs-admin] branch 4.11 updated: sg: netfilters setting
for security groups
This is an automated email from the ASF dual-hosted git repository.
rohit pushed a commit to branch 4.11
in repository https://gitbox.apache.org/repos/asf/cloudstack-docs-admin.git
The following commit(s) were added to refs/heads/4.11 by this push:
new ea1edc3 sg: netfilters setting for security groups
ea1edc3 is described below
commit ea1edc31b25c94471a7abb15385ae3b33c45a69b
Author: Rohit Yadav <ro...@apache.org>
AuthorDate: Sun Apr 22 10:19:24 2018 +0530
sg: netfilters setting for security groups
Signed-off-by: Rohit Yadav <ro...@apache.org>
---
source/networking/security_groups.rst | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/source/networking/security_groups.rst b/source/networking/security_groups.rst
index 8ef58b8..262e6dd 100644
--- a/source/networking/security_groups.rst
+++ b/source/networking/security_groups.rst
@@ -86,6 +86,18 @@ advanced zone where KVM is the hypervisor. Using security groups in
advanced zones rather than multiple VLANs allows a greater range of
options for setting up guest isolation in a cloud.
+Setting for CentOS
+^^^^^^^^^^^^^^^^^^
+
+To use security groups on CentOS/RHEL/Fedora please enable bridge based
+filtering, ensure that default sysctl configuration file usually at
+/usr/lib/sysctl.d/00-system.conf set to following and run 'sysctl -p':
+
+.. note::
+ # Enable netfilter on bridges.
+ net.bridge.bridge-nf-call-ip6tables = 1
+ net.bridge.bridge-nf-call-iptables = 1
+ net.bridge.bridge-nf-call-arptables = 1
Limitations
^^^^^^^^^^^
--
To stop receiving notification emails like this one, please contact
rohit@apache.org.