Ubuntu: How to make sysctl network bridge settings persist after a reboot?


I am setting up a notebook for software demo purpose. The machine has 8GB RAM, a Core i7 Intel CPU, a 128GB SSD, and runs Ubuntu 12.04 LTS 64bit. The notebook is used as a KVM host and runs a few KVM guests.

All such guests use the virbr0 default bridge. To enable them to communicate with each other using multicast, I added the following to the host's /etc/sysctl.conf, as shown below

net.bridge.bridge-nf-call-ip6tables = 0  net.bridge.bridge-nf-call-iptables = 0  net.bridge.bridge-nf-call-arptables = 0  

Afterwards, following man sysctl(8), I issued the following:

sudo /sbin/sysctl -p /etc/sysctl.conf  

My understanding is that this should make these settings persist over reboots. I tested it, and was surprised to find out the following:

root@sdn1 :/proc/sys/net/bridge# more *tables  ::::::::::::::  bridge-nf-call-arptables  ::::::::::::::  1  ::::::::::::::  bridge-nf-call-ip6tables  ::::::::::::::  1  ::::::::::::::  bridge-nf-call-iptables  ::::::::::::::  1  

All defaults are coming back!

Yes. I can use some kludgy "get arounds" such as putting a /sbin/sysctl -p /etc/sysctl.conf into the host's /etc/rc.local but I would rather "do it right". Did I misunderstand the man page or is there something that I missed?

Thanks for any hints.

-- Zack


By serendipity, I ran into some additional info. Even the "kludgy get around" I first thought about is a "suggested solution" in the Debain wiki, it doesn't work on my Ubuntu 12.04 machine! Sigh :-(

Please see Some sysctl's are ignored on boot - someone reported this bug back in 2006 and it's still not fixed!

Note that Setting up bridge-related kernel variables is also referenced in the 2nd link above.

A rather disappointing situation, IMHO.

-- Zack


Still hit this issue on my Debian Jessie installation. I've written the systemd script below as workaround. Note that it will be executed later that the sysctl configs would have been read, but that is no issue in my case.

[Unit]  Description=Bridge configuration  After=network.target    [Service]  WorkingDirectory=/root  User=root  Type=oneshot  ExecStart=/bin/bash -c "/bin/echo 0 > /proc/sys/net/bridge/bridge-nf-call-iptables"  ExecStart=/bin/bash -c "/bin/echo 0 > /proc/sys/net/bridge/bridge-nf-call-ip6tables"    [Install]  WantedBy=multi-user.target  

Don't forget to enable it with systemctl enable bridge-config.service.

Note:If u also have question or solution just comment us below or mail us on toontricks1994@gmail.com
Next Post »