[FS#1073] sysctl 'net.bridge.*' is an unkown key.

[LEDE Bugs]

The following task has a new comment added:

FS#1073 - sysctl 'net.bridge.*' is an unkown key.
User who did this - Mathias Kresin (mkresin)

----------
As it turned out, it isn't that easy to get rid of the sysctl parameters in /etc/sysctl.conf.

The reason behind disabling the net.bridge.bridge-nf-call-* is to prevent that a bridge hits the {ip,ip6,arp}tables overhead if kmod-br-netfilter is installed. kmod-br-netfilter is installed as a dependency of the physdev-match kernel module (via kmod-ipt-extra) for example. If someone only wants to filter based on the incoming or outgoing bridge port, the ip,ip6,arp}tables overhead penalty is something that should be prevented.

In theory it would be possible to add a file to /etc/sysctl.d/ which disables net.bridge.bridge-nf-call-* if kmod-ipt-extra gets installed. This way the full {ip,ip6,arp}tables power can be used if one only installs kmod-br-netfilter. As far as I can see, it isn't possible to bundle files with kmods at the moment. Hence, in theory.

Long story short, at the moment it isn't possible to drop the sysctl parameters from the default config.
----------

More information can be found at the following URL:
https://bugs.lede-project.org/index.php?do=details&task_id=1073#comment3640