From fe62530fbeef8de40e17d817d84d74511a22f02e Mon Sep 17 00:00:00 2001
From: cliimatta <cliimatta@users.noreply.github.com>
Date: Mon, 17 Jul 2017 14:47:34 -0500
Subject: [PATCH] Include setup documentation for bridged networks

iptables rules do not apply to traffic moving across bridged adapters by default in newer Linux kernels. I've included information on how to intercept this traffic on newer kernels
---
 README.md | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/README.md b/README.md
index 7574638..bc93eeb 100644
--- a/README.md
+++ b/README.md
@@ -60,6 +60,26 @@ Because we need to "hijack" traffic to the metadata API IP address `169.254.169.
 `iptables -t nat -A PREROUTING -d 169.254.169.254 -p tcp --dport 80 --syn -j REDIRECT --to-port 1024`  
 Don't forget to persist this iptables rule across reboots with some sort of script (`iptables-persistent` apt package is a good candidate)
 
+Kernel Parameters
+-----------------
+Newer kernels require kernel parameters to be set in order for iptables to intercept traffic over bridged networks
+
+You must enable the `br_netfilter` kernel module with this command:
+
+`modprobe br_netfilter`
+
+Then, enable the kernel settings:
+
+`sysctl -w net.bridge.bridge-nf-call-arptables=1`
+
+
+`sysctl -w net.bridge.bridge-nf-call-iptable=1`
+
+
+Make sure you set the parameters in `/etc/sysctl.conf` to persist across reboots
+
+See here for more info: http://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf
+
 Known issues
 ------------