How to disable the bridge level firewall in PVE 9.1.1

ftzh75 · 2026-03-09T18:13:22+0100

Hi,

I created a file in /etc/sysclt.d/ as following :

net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-arptables = 0

Then i applied it using "sysctl --system". But every time i start the pve-firewall, the value of "net.bridge.bridge-nf-call-iptables" return to 1.

How to solve it with the pve-firewall enable ?

Thanks for your help !

UdoB · 2026-03-09T20:46:28+0100

ftzh75 said:
I created a file in /etc/sysclt.d/ as following :

First: typo? It is "sysctl.d"...

Second: what is the filename? Only *.conf is evaluated.

ftzh75 · 2026-03-09T21:10:26+0100

UdoB said:
First: typo? It is "sysctl.d"...

Yes, it's a typo. The filename is 99-bridge.conf.

I have the impression that pve-firewall monitors this setting and forces it to a value of 1 at each time interval.

ftzh75 · 2026-03-10T09:55:13+0100

ftzh75 said:
Yes, it's a typo. The filename is 99-bridge.conf.

I have the impression that pve-firewall monitors this setting and forces it to a value of 1 at each time interval.

Is this expected behavior from Proxmox? If so, how can it be disabled? I am currently blocked by this issue. Any help appreciated. Thanks

Search

Search

How to disable the bridge level firewall in PVE 9.1.1

ftzh75

New Member

UdoB

Distinguished Member

ftzh75

New Member

ftzh75

New Member

We value your privacy