From d746c3de16ad0b4da5d1e31940f2f19d351c0154 Mon Sep 17 00:00:00 2001
From: Mark Van de Vyver <1335713+taqtiqa-admin@users.noreply.github.com>
Date: Thu, 27 Feb 2020 14:12:28 +1100
Subject: [PATCH 1/2] Documentation: Closes issue-533

---
 docs/dependencies.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/dependencies.md b/docs/dependencies.md
index 4f9682a1a..28b544253 100644
--- a/docs/dependencies.md
+++ b/docs/dependencies.md
@@ -16,7 +16,7 @@ Everything apart from above, is not supported, and out of scope.
 - A host running Linux 4.14 or newer
 - `sysctl net.ipv4.ip_forward=1`
 - loaded kernel loop module: `modprobe -v loop`
-- Optional: `sysctl net.bridge.bridge-nf-call-iptables=0`
+- Optional: `sysctl net.bridge.bridge-nf-call-iptables=0`, which requires kernel module `br_netfilter`
 - One of the following CPUs:
 
 | CPU   | Architecture     | Support level | Notes                                                                                                                                                                         |

From 6b9ff7ed44abcee2cdea29593a50a34d823b7935 Mon Sep 17 00:00:00 2001
From: leigh capili <stealthybox@users.noreply.github.com>
Date: Mon, 2 Mar 2020 16:41:03 -0700
Subject: [PATCH 2/2] Update docs/dependencies.md for bridge-nf-call-iptables

---
 docs/dependencies.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/docs/dependencies.md b/docs/dependencies.md
index 28b544253..1f3b72b7a 100644
--- a/docs/dependencies.md
+++ b/docs/dependencies.md
@@ -16,7 +16,11 @@ Everything apart from above, is not supported, and out of scope.
 - A host running Linux 4.14 or newer
 - `sysctl net.ipv4.ip_forward=1`
 - loaded kernel loop module: `modprobe -v loop`
-- Optional: `sysctl net.bridge.bridge-nf-call-iptables=0`, which requires kernel module `br_netfilter`
+- Optional: `sysctl net.bridge.bridge-nf-call-iptables=0`
+  - set to 0 to ignore Host iptables rules for bridges
+  - set to 1 to apply Host iptables rules to bridges (common with container network policies)
+  - requires kernel module `br_netfilter`
+  - [libvirt reference](https://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf)
 - One of the following CPUs:
 
 | CPU   | Architecture     | Support level | Notes                                                                                                                                                                         |