- if ($proc_net_if_inet6) {
- while (defined ($line = <$proc_net_if_inet6>)) {
- if ($line =~ m/^[a-f0-9]{32}\s+[a-f0-9]{2}\s+[a-f0-9]{2}\s+[a-f0-9]{2}\s+[a-f0-9]{2}\s+(\S+)$/) {
- $ifaces->{$1}->{active} = 1 if defined($ifaces->{$1});
+ # OVS bridges create "allow-$BRIDGE $IFACE" lines which we need to remove
+ # from the {options} hash for them to be removed correctly.
+ @$options = grep {defined($_)} map {
+ my ($pri, $line) = @$_;
+ if ($line =~ /^allow-(\S+)\s+(.*)$/) {
+ my $bridge = $1;
+ my @ports = split(/\s+/, $2);
+ if (defined(my $br = $ifaces->{$bridge})) {
+ # if this port is part of a bridge, remove it
+ my %in_ovs_ports = map {$_=>1} split(/\s+/, $br->{ovs_ports});
+ @ports = grep { not $in_ovs_ports{$_} } @ports;
+ }
+ # create the allow line for the remaining ports, or delete if empty
+ if (@ports) {
+ [$pri, "allow-$bridge " . join(' ', @ports)];
+ } else {
+ undef;