From 3f771b7bcb04a22c056f87e9e9bae76209fd3555 Mon Sep 17 00:00:00 2001
From: Ihar Hrachyshka <ihrachys@redhat.com>
Date: Sat, 17 Dec 2016 04:12:24 +0000
Subject: [PATCH] iptables: don't enable arptables firewall

Neutron doesn't use any arptables based firewall rules. This should
somewhat optimize kernel packet processing performance.

I think the setting came from:
http://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf

but does not apply to the way we use iptables.

Change-Id: I41796c76172f5243e4f9c4902363abb1f19d0d12
Closes-Bug: #1651765
---
 functions | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/functions b/functions
index 6a0ac67b69..0be9794d9a 100644
--- a/functions
+++ b/functions
@@ -658,7 +658,7 @@ function enable_kernel_bridge_firewall {
     # Enable bridge firewalling in case it's disabled in kernel (upstream
     # default is enabled, but some distributions may decide to change it).
     # This is at least needed for RHEL 7.2 and earlier releases.
-    for proto in arp ip ip6; do
+    for proto in ip ip6; do
         sudo sysctl -w net.bridge.bridge-nf-call-${proto}tables=1
     done
 }