From c05499ce3708da5bf94d3131fd5e7beb8c357497 Mon Sep 17 00:00:00 2001
From: Chris Chiu <chris.chiu@suse.com>
Date: Tue, 26 Nov 2024 18:12:08 +0800
Subject: [PATCH] files: persist the bridge-nf-call-iptables across rke2
 restart

The bridge-nf-call-iptables should be disabled by network-controller.
But rke2 will toggle it back to enable. Need to make sure it stays
at disabled.

Signed-off-by: Chris Chiu <chris.chiu@suse.com>
(cherry picked from commit 8ff5515ece9fc6cf349f51c942a1905c4e2d4db9)
---
 .../files/etc/systemd/system/rke2-agent.service.d/override.conf  | 1 +
 .../files/etc/systemd/system/rke2-server.service.d/override.conf | 1 +
 2 files changed, 2 insertions(+)

diff --git a/package/harvester-os/files/etc/systemd/system/rke2-agent.service.d/override.conf b/package/harvester-os/files/etc/systemd/system/rke2-agent.service.d/override.conf
index a8317a5a3..cfa181f53 100644
--- a/package/harvester-os/files/etc/systemd/system/rke2-agent.service.d/override.conf
+++ b/package/harvester-os/files/etc/systemd/system/rke2-agent.service.d/override.conf
@@ -4,3 +4,4 @@ Wants=time-sync.target
 
 [Service]
 ExecStartPre=/usr/sbin/harv-update-rke2-server-url agent
+ExecStartPost=/sbin/sysctl -w net.bridge.bridge-nf-call-iptables=0
diff --git a/package/harvester-os/files/etc/systemd/system/rke2-server.service.d/override.conf b/package/harvester-os/files/etc/systemd/system/rke2-server.service.d/override.conf
index 124bb2bce..e774ff5e7 100644
--- a/package/harvester-os/files/etc/systemd/system/rke2-server.service.d/override.conf
+++ b/package/harvester-os/files/etc/systemd/system/rke2-server.service.d/override.conf
@@ -4,3 +4,4 @@ Wants=time-sync.target
 
 [Service]
 ExecStartPre=/usr/sbin/harv-update-rke2-server-url server
+ExecStartPost=/sbin/sysctl -w net.bridge.bridge-nf-call-iptables=0