This message was deleted.

To make the change valid across reboots, you need make the drop-in unit file persist by adding it at the location of

.stages.initramfs[0].files

in

/oem/{90,99}_custom.yaml

(depending on your Harvester version: if it’s older than v1.1.2, it’s `99_custom.yaml`; otherwise, it’s

90_custom.yaml

):

- path: /etc/systemd/system/rke2-server.service.d/bridge.conf
      permissions: 448
      owner: 0
      group: 0
      content: |
        [Service]
        ExecStartPost=/sbin/sysctl -w net.bridge.bridge-nf-call-iptables=0
      encoding: ""
      ownerstring: ""

Thanks, works like a charm!

It's kind of tricky too, because iirc the sysctl call will only be applied if the br_netfilter module is loaded. So if the sysctl call is triggered before it's loaded, the result is a no-op. And if it happens before rke2 starts, then rke2 actually sets it back to 1, which is why Zespre's systemd unit is required