Skip to content

Commit

Permalink
net: disable BRIDGE_NETFILTER by default
Browse files Browse the repository at this point in the history 
The description says 'If unsure, say N.' but
the module is built as M by default (once
the dependencies are satisfied).

When the module is selected (Y or M), it enables
NETFILTER_FAMILY_BRIDGE and SKB_EXTENSIONS
which alter kernel internal structures.

We (Android Studio Emulator) currently do not
use this module and think this it is more consistent
to have it disabled by default as opposite to
disabling it explicitly to prevent enabling
NETFILTER_FAMILY_BRIDGE and SKB_EXTENSIONS.

Signed-off-by: Roman Kiryanov <[email protected]>
Acked-by: Florian Westphal <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
  • Loading branch information
@davem330
Roman Kiryanov authored and davem330 committed Feb 20, 2020
1 parent ac2fcfa commit 98bda63
Showing 1 changed file with 0 additions and 1 deletion.
1 change: 0 additions & 1 deletion net/Kconfig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -189,7 +189,6 @@ config BRIDGE_NETFILTER
depends on NETFILTER_ADVANCED
select NETFILTER_FAMILY_BRIDGE
select SKB_EXTENSIONS
default m
---help---
Enabling this option will let arptables resp. iptables see bridged
ARP resp. IP traffic. If you want a bridging firewall, you probably
Expand Down

0 comments on commit 98bda63

Please sign in to comment.