From e95eedffe4a0c336b67772e8077e8a874a150252 Mon Sep 17 00:00:00 2001
From: Richie Cahill <Richie@tmmworkshop.com>
Date: Sun, 3 May 2026 16:30:51 -0400
Subject: [PATCH] updated br-nix-builder

---
 systems/jeeves/networking.nix | 30 +++++++++++++-----------------
 1 file changed, 13 insertions(+), 17 deletions(-)

diff --git a/systems/jeeves/networking.nix b/systems/jeeves/networking.nix
index eedac6a..8e5dd84 100644
--- a/systems/jeeves/networking.nix
+++ b/systems/jeeves/networking.nix
@@ -1,4 +1,13 @@
 {
+  # Docker loads br_netfilter on jeeves. Disable bridge netfilter so
+  # br-nix-builder behaves like a pure L2 bridge and bridged traffic
+  # does not hit the host firewall/rpfilter path.
+  boot.kernel.sysctl = {
+    "net.bridge.bridge-nf-call-arptables" = 0;
+    "net.bridge.bridge-nf-call-ip6tables" = 0;
+    "net.bridge.bridge-nf-call-iptables" = 0;
+  };
+
   networking = {
     hostName = "jeeves";
     hostId = "0e15ce35";
@@ -49,23 +58,10 @@
       "60-br-nix-builder" = {
         matchConfig.Name = "br-nix-builder";
         bridgeConfig = { };
-        address = [ "192.168.3.10/24" ];
-        routingPolicyRules = [
-          {
-            From = "192.168.3.0/24";
-            Table = 100;
-            Priority = 100;
-          }
-        ];
-        routes = [
-          {
-            Gateway = "192.168.3.1";
-            Table = 100;
-            GatewayOnLink = false;
-            Metric = 2048;
-            PreferredSource = "192.168.3.10";
-          }
-        ];
+        networkConfig = {
+          IPv6AcceptRA = false;
+          LinkLocalAddressing = "no";
+        };
         linkConfig.RequiredForOnline = "no";
       };
     };