The default linux kernel parameters are as follows. If i switch to 0, how can I affect the lxd container or vm network behaviour or what are the benefits or harms? Can someone clarify or explain as simple terms, thanks.
net.bridge.bridge-nf-call-arptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
Disabling those settings will mean that loop back forwarding of
proxy devices in
nat=true will stop working, and any firewall rules that you are relying on for intra-bridge security policy will stop working.
Thanks @tomp for the clarification, does it mean if any firewall is not used that doesnt affect the vm/container side.
Yes should be fine in that case as long as you’re not expecting loop-back proxy nat forwards to work either.