--- zzzz-none-000/linux-4.9.279/net/bridge/br_netfilter_hooks.c	2021-08-08 06:38:54.000000000 +0000
+++ puma7-atom-6591-750/linux-4.9.279/net/bridge/br_netfilter_hooks.c	2023-02-08 11:43:43.000000000 +0000
@@ -484,14 +484,18 @@
 	br = p->br;
 
 	if (IS_IPV6(skb) || IS_VLAN_IPV6(skb) || IS_PPPOE_IPV6(skb)) {
-		if (!brnf_call_ip6tables && !br->nf_call_ip6tables)
+		/* If the flag is set for this bridge to disable bridge-netfilter hooks, 
+		   that will override the global flag which enables / disables the hooks */
+		if (br->nf_disable_ip6tables || (!brnf_call_ip6tables && !br->nf_call_ip6tables))
 			return NF_ACCEPT;
 
 		nf_bridge_pull_encap_header_rcsum(skb);
 		return br_nf_pre_routing_ipv6(priv, skb, state);
 	}
 
-	if (!brnf_call_iptables && !br->nf_call_iptables)
+	/* If the flag is set for this bridge to disable bridge-netfilter hooks, 
+	   that will override the global flag which enables / disables the hooks */
+	if (br->nf_disable_iptables || (!brnf_call_iptables && !br->nf_call_iptables))
 		return NF_ACCEPT;
 
 	if (!IS_IP(skb) && !IS_VLAN_IP(skb) && !IS_PPPOE_IP(skb))
@@ -634,7 +638,9 @@
 		return NF_ACCEPT;
 	br = p->br;
 
-	if (!brnf_call_arptables && !br->nf_call_arptables)
+	/* If the flag is set for this bridge to disable bridge-netfilter hooks, 
+	   that will override the global flag which enables / disables the hooks */
+	if (br->nf_disable_arptables || (!brnf_call_arptables && !br->nf_call_arptables))
 		return NF_ACCEPT;
 
 	if (!IS_ARP(skb)) {