network: bridge: don't change forwarding sysctl for internal bridges

That's simplfy not neccessary, because the whole point of internal networks is to not have any forwardings or firewall rules. Signed-off-by: Michael Zimmermann <[email protected]>
containers · Nov 19, 2024 · 2900e92 · 2900e92
1 parent 4dae6d0
commit 2900e92
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/src/network/bridge.rs b/src/network/bridge.rs
@@ -146,9 +146,11 @@ impl driver::NetworkDriver for Bridge<'_> {
         );
 
         if let BridgeMode::Managed = data.mode {
-            setup_ipv4_fw_sysctl()?;
-            if data.ipam.ipv6_enabled {
-                setup_ipv6_fw_sysctl()?;
+            if !self.info.network.internal {
+                setup_ipv4_fw_sysctl()?;
+                if data.ipam.ipv6_enabled {
+                    setup_ipv6_fw_sysctl()?;
+                }
             }
         }