From 916adf3094d6249cf49b4ff154ebf52bc94f36fb Mon Sep 17 00:00:00 2001
From: Sam Berning <bernings@amazon.com>
Date: Thu, 17 Aug 2023 16:57:30 -0700
Subject: [PATCH] fix: enables bridge-nf-call-iptables by default

Signed-off-by: Sam Berning <bernings@amazon.com>
---
 finch.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/finch.yaml b/finch.yaml
index 6aad51d9a..27c206862 100644
--- a/finch.yaml
+++ b/finch.yaml
@@ -143,6 +143,15 @@ provision:
 - mode: boot
   script: |
     modprobe virtiofs
+- mode: boot
+  script: |
+    modprobe br_netfilter
+    cat <<EOF > /etc/sysctl.d/99-finch.conf
+    net.bridge.bridge-nf-call-iptables = 1
+    net.bridge.bridge-nf-call-ip6tables = 1
+    net.ipv4.ip_forward = 1
+    EOF
+    sysctl --system
 # # `user` is executed without the root privilege
 - mode: user
   script: |