diff --git a/broker/scripts/bridge_functions.sh b/broker/scripts/bridge_functions.sh
index da88c62d..5348794c 100644
--- a/broker/scripts/bridge_functions.sh
+++ b/broker/scripts/bridge_functions.sh
@@ -7,7 +7,7 @@ ensure_policy()
 ensure_bridge()
 {
   local brname="$1"
-  brctl addbr $brname 2>/dev/null
+  ip link add $brname type bridge 2>/dev/null
   
   if [[ "$?" == "0" ]]; then
     # Bridge did not exist before, we have to initialize it
@@ -16,8 +16,6 @@ ensure_bridge()
     ip addr add 10.254.0.2/16 dev $brname
     # TODO Policy routing should probably not be hardcoded here?
     ensure_policy from all iif $brname lookup mesh prio 1000
-    # Disable forwarding between bridge ports
-    ebtables -A FORWARD --logical-in $brname -j DROP
   fi
 }
 
diff --git a/broker/scripts/session.down.sh b/broker/scripts/session.down.sh
index 79e0854b..94aba486 100755
--- a/broker/scripts/session.down.sh
+++ b/broker/scripts/session.down.sh
@@ -9,5 +9,5 @@ UUID="$8"
 LOCAL_BROKER_PORT="$9"
 
 # Remove the interface from our bridge
-brctl delif digger${MTU} $INTERFACE
+ip link set dev $INTERFACE nomaster
 
diff --git a/broker/scripts/session.mtu-changed.sh b/broker/scripts/session.mtu-changed.sh
index 8a8094ce..8f1577e1 100755
--- a/broker/scripts/session.mtu-changed.sh
+++ b/broker/scripts/session.mtu-changed.sh
@@ -7,12 +7,14 @@ NEW_MTU="$5"
 . scripts/bridge_functions.sh
 
 # Remove interface from old bridge
-brctl delif digger${OLD_MTU} $INTERFACE
+ip link set dev $INTERFACE nomaster
 
-# Change interface MTU
-ip link set dev $INTERFACE mtu $NEW_MTU
-
-# Add interface to new bridge
+# Change interface MTU and add to new bridge
 ensure_bridge digger${NEW_MTU}
-brctl addif digger${NEW_MTU} $INTERFACE
+ip link set dev $INTERFACE master digger${NEW_MTU} mtu $NEW_MTU
+
+# Turn on bridge port isolation
+bridge link set dev $INTERFACE isolated on
 
+# Bring the tunnel interface up only after port isolation is enabled
+ip link set dev $INTERFACE up
diff --git a/broker/scripts/session.up.sh b/broker/scripts/session.up.sh
index 9684742f..d07032eb 100755
--- a/broker/scripts/session.up.sh
+++ b/broker/scripts/session.up.sh
@@ -11,10 +11,12 @@ LOCAL_BROKER_PORT="$9"
 
 . scripts/bridge_functions.sh
 
-# Set the interface to UP state
-ip link set dev $INTERFACE up mtu $MTU
-
 # Add the interface to our bridge
 ensure_bridge digger${MTU}
-brctl addif digger${MTU} $INTERFACE
+ip link set dev $INTERFACE master digger${MTU} mtu $MTU
+
+# Turn on bridge port isolation
+bridge link set dev $INTERFACE isolated on
 
+# Bring the tunnel interface up only after port isolation is enabled
+ip link set dev $INTERFACE up