From 7e38fbb137543aa6a98af2be202885932b116985 Mon Sep 17 00:00:00 2001 From: Kevin Carter Date: Tue, 14 Aug 2018 20:40:19 -0500 Subject: [PATCH] Remove the checksum fills The checksum fill was created a long time ago in a cloud far far away. Checksums on the lxc bridge were needed back in the days when Icehouse was a popular band and Juno was a funny movie. These tasks are no longer required and should be removed as they do nothing but spam DMESG with kernel stacktraces and nothing about that is cute or funny. Change-Id: I2242725682056491106ab8012ad1fa9d0e7f9ecd Signed-off-by: Kevin Carter --- templates/lxc-system-manage.j2 | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/templates/lxc-system-manage.j2 b/templates/lxc-system-manage.j2 index 21df4f39..31d5ccef 100644 --- a/templates/lxc-system-manage.j2 +++ b/templates/lxc-system-manage.j2 @@ -66,17 +66,6 @@ function remove_rules { -d "${LXC_NETWORK}" \ -j MASQUERADE || true - # Remove rules from the mangle POSTROUTING chain - iptables ${USE_IPTABLES_LOCK} -t mangle \ - -D POSTROUTING \ - -s "${LXC_NETWORK}" \ - -o "${LXC_BRIDGE}" \ - -p udp \ - -m udp \ - --dport 68 \ - -j CHECKSUM \ - --checksum-fill - if [ "$LXC_IPV6_NAT" = "true" ]; then ip6tables ${USE_IPTABLES_LOCK} -t nat -D POSTROUTING -s ${LXC_IPV6_NETWORK} ! -d ${LXC_IPV6_NETWORK} -j MASQUERADE fi @@ -118,16 +107,6 @@ function add_rules { -d "${LXC_NETWORK}" \ -j MASQUERADE - # Add rules to the mangle POSTROUTING chain - iptables ${USE_IPTABLES_LOCK} -t mangle \ - -A POSTROUTING \ - -s "${LXC_NETWORK}" \ - -o "${LXC_BRIDGE}" \ - -p udp \ - -m udp \ - --dport 68 \ - -j CHECKSUM \ - --checksum-fill success "LXC IPtables rules created." }