Linked to https://bugzilla.redhat.com/show_bug.cgi?id=634736 and https://bugzilla.redhat.com/show_bug.cgi?id=512206 , that are closed today.

This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle.
Changing version to '31'.

This bug appears to have been reported against 'rawhide' during the Fedora 31 development cycle.
Changing version to 31.

Hi, I am sorry, I updated to the correct OS where this really happened: Red Hat 7.6 (3.10.0-957.5.1.el7.x86_64).
Originally, this happened on a CentOs 7.4, but I reproduced in Red Hat.
Steps to reproduce:
1/ Create a clean VM Red Hat 7.3
2/ Update Red Hat to latest 7.7 with yum
3/ sudo modprobe br_netfilter
# to make appear the sysctl. Source: https://github.com/saltstack/salt/issues/20570
4/ sudo sysctl -a|grep table
=> will show value set to 1
5/ sudo systemctl restart network
6/ sudo sysctl -a|grep table
=> will show value set to 0

(*typo: I said 7.7, I meant 7.6)

I can't edit, here is the corrected steps to reproduce:

Steps to reproduce:
1/ Create a clean VM Red Hat 7.3
2/ Update Red Hat to latest 7.6 with yum
2.1/ sudo yum install bridge-utils
# Updates to latest 1.5-9.el7
3/ sudo modprobe br_netfilter
# to make appear the sysctl. Source: https://github.com/saltstack/salt/issues/20570
4/ sudo sysctl -a|grep table
=> will show value set to 1
5/ sudo systemctl restart network
6/ sudo sysctl -a|grep table
=> will show value set to 0

This is not a bridge-utils bug. It's cause by the systemd service "systemd-sysctl" which gets restarted when the "network" service is restarted. The file is provided by the `initscripts` package.

# cat /usr/lib/sysctl.d/00-system.conf 
# Kernel sysctl configuration file
#
# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and
# sysctl.conf(5) for more details.

# Disable netfilter on bridges.
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

You can address this by setting your own values for these in `/etc/sysctl.d/`. Create a file and set them to 1.

The values are initially 1 when br_netfilter is loaded because that's what the kernel defaults to. I don't know why initscripts is changing the defaults.

Reassigning to initscripts. But at the same time closing because this has a simple workaround and changing the defaults provided by initscripts is not an option.

Hi,
I understand the answer but I differ on the conclusion.
If initscripts is responsible for overriding sysctl default value for whatever reason, then it should force the same value at a systemctl restart network. Or initscript rpm should override the default sysctl value by adding a /etc/sysctl.d/initscript.conf override, to avoid the confusion. I am not asking for iniscript to remove the value of 1, obviously that would break a lot of system. And now that I know bridgeutil did not set the value to 1, I am not asking them to put 1 as default. But I am asking if initscript dev can be consistent and put 1 as value both in startup (done) and in sysctl (not done).

Reopening, hoping this would be understood.

I can add that in our project we did systemctl restart network and that break some network feature, unless we add sysctl override. One would not expect a systemctl restart network would change lowlevel kernel option. But we spent time we shouldn't have and other projects might encounter the same issue.

After evaluating this issue, there are no plans to address it further or fix it in an upcoming release.  Therefore, it is being closed.  If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.