From 4cb4628bec80e17f8bdec256f0e64f839412261c Mon Sep 17 00:00:00 2001
From: Anthony Xu <anthony@cloud.com>
Date: Thu, 27 Sep 2012 14:28:06 -0700
Subject: [PATCH] CS-16049 : VPC, VR provides metadata and user data through
 port 80, this port should be only open for targeting to this VR ip

---
 .../systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh    | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh b/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
index faf62c6ff0c..e5845fa5040 100755
--- a/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
+++ b/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
@@ -132,6 +132,11 @@ create_guest_network() {
   sudo ip addr add dev $dev $ip/$mask brd +
   sudo ip link set $dev up
   sudo arping -c 3 -I $dev -A -U -s $ip $ip
+  # setup rules to allow dhcp/dns request
+  sudo iptables -D INPUT -i $dev -d $ip -p udp -m udp --dport 67 -j ACCEPT
+  sudo iptables -D INPUT -i $dev -d $ip -p udp -m udp --dport 53 -j ACCEPT
+  sudo iptables -A INPUT -i $dev -d $ip -p udp -m udp --dport 67 -j ACCEPT
+  sudo iptables -A INPUT -i $dev -d $ip -p udp -m udp --dport 53 -j ACCEPT
   # restore mark from  connection mark
   local tableName="Table_$dev"
   sudo ip route add $subnet/$mask dev $dev table $tableName proto static
@@ -150,6 +155,8 @@ destroy_guest_network() {
   logger -t cloud " $(basename $0): Create network on interface $dev,  gateway $gw, network $ip/$mask "
 
   sudo ip addr del dev $dev $ip/$mask
+  sudo iptables -D INPUT -i $dev -d $ip -p udp -m udp --dport 67 -j ACCEPT
+  sudo iptables -D INPUT -i $dev -d $ip -p udp -m udp --dport 53 -j ACCEPT
   sudo iptables -t mangle -D PREROUTING -i $dev -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
   sudo iptables -t nat -D POSTROUTING -s $subnet/$mask -o $dev -j SNAT --to-source $ip
   destroy_acl_chain