Hide Forgot
Description of problem: [ 8.221107] systemd-sysctl[345]: Failed to write '0' to '/proc/sys/net/bridge/bridge-nf-call-ip6tables': No such file or directory [ 8.223041] systemd-sysctl[345]: Failed to write '0' to '/proc/sys/net/bridge/bridge-nf-call-iptables': No such file or directory [ 8.224921] systemd-sysctl[345]: Failed to write '0' to '/proc/sys/net/bridge/bridge-nf-call-arptables': No such file or directory systemd uses his own implementation of sysctl (why?) which can't ignore non-existing keys as /sbin/sysctl -e does which was used in legacy rc.sysinit. you can read about net.bridge.bridge-nf-call-*tables here #512206 Version-Release number of selected component (if applicable): systemd-15-1.fc15.x86_64
The problem here is somewhere else : $ ls -la /proc/sys/net/ total 0 dr-xr-xr-x 0 root root 0 2 janv. 12:47 . dr-xr-xr-x. 1 root root 0 2 janv. 12:41 .. dr-xr-xr-x 0 root root 0 2 janv. 12:57 core dr-xr-xr-x 0 root root 0 2 janv. 12:47 ipv4 dr-xr-xr-x 0 root root 0 2 janv. 12:47 ipv6 dr-xr-xr-x 0 root root 0 2 janv. 12:57 netfilter -rw-r--r-- 1 root root 0 2 janv. 12:57 nf_conntrack_max dr-xr-xr-x 0 root root 0 2 janv. 12:57 unix /proc/sys/net/bridge doesn't exist anymore (since when? I don't know), but initscript still provides the net.bridge.bridge-nf-call-*tables custom hints.
If you setup bridge network device according to [1] you will see: $ ls -l /proc/sys/net/bridge -rw-r--r-- 1 root root 0 Jan 3 13:46 bridge-nf-call-arptables -rw-r--r-- 1 root root 0 Jan 3 13:46 bridge-nf-call-ip6tables -rw-r--r-- 1 root root 0 Jan 3 13:46 bridge-nf-call-iptables -rw-r--r-- 1 root root 0 Jan 3 13:47 bridge-nf-filter-pppoe-tagged -rw-r--r-- 1 root root 0 Jan 3 13:47 bridge-nf-filter-vlan-tagged Conclusion from #512206 is to prevent bridged traffic getting pushed through the host's iptables rules by default which is done by setting mentioned variables to 0. Since these variables don't exist without bridge it should be ignored by utility which sets it like it was in rc.sysinit - sysctl -e -p /etc/sysctl.conf [1] http://docs.fedoraproject.org/en-US/Fedora/13/html/Virtualization_Guide/sect-Virtualization-Network_Configuration-Bridged_networking_with_libvirt.html
systemd git will no longer warn about sysctl settings that do not exist. The reason for the native implementation is mostly that other distributions (notably Debian/ubuntu) support /etc/sysctl.d, which is not supported in procps upstream. Since this is a useful feature we wanted to bring to all distros, we were considering three things: a) add this feature to procps upstream or b) add a tool to systemd which invokes procps' sysctl for each file found or c) simply reimplement this in systemd. We ended up choosing c) since the sysctl binary is actually one of the most trivial tools around and can be implemented in a handful of lines only and this was the only reason for the dep of systemd on procps. You can now prep a minimal embedded system with little more than glibc, systemd, util-linux, udev, dbus, which is kinda nice.