rootninja

Avoid the iptables firewall rules or edit sysctl.conf?

Which is better? Which is faster? For a desktop system, I don’t think it really matters if you have to process a bunch of rules. How many can there be, and how much network traffic are you seeing anyway? It’s probably more efficient to modify your sysctl.conf, but it seems more organized to do it all with iptables.

The sysctl.conf method

Add these lines to sysctl.conf

net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

# sysctl -p /etc/sysctl.conf

net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

The iptables method

# iptables -I FORWARD -m physdev –physdev-is-bridged -j ACCEPT
# /etc/init.d/iptables save

iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]