bug 13734: allow dhcp requests and responses all the time

Reviewed-by: Anthony
2012-02-15 15:32:01 -08:00 · 2012-02-15 15:32:01 -08:00 · e89eec45b6
parent b64de05ef5
commit e89eec45b6
1 changed files with 2 additions and 0 deletions
--- a/scripts/vm/hypervisor/xenserver/vmops
+++ b/scripts/vm/hypervisor/xenserver/vmops
@ -403,6 +403,8 @@ def can_bridge_firewall(session, args):
    try:
        util.pread2(['iptables', '-N', 'BRIDGE-FIREWALL'])
        util.pread2(['iptables', '-I', 'BRIDGE-FIREWALL', '-m', 'state', '--state', 'RELATED,ESTABLISHED', '-j', 'ACCEPT'])
+        util.pread2(['iptables', '-A', 'BRIDGE-FIREWALL', '-m', 'physdev', '--physdev-is-bridged',  '-p', 'udp', '--dport', '67', '--sport', '68',  '-j', 'ACCEPT'])
+        util.pread2(['iptables', '-A', 'BRIDGE-FIREWALL', '-m', 'physdev', '--physdev-is-bridged',  '-p', 'udp', '--dport', '68', '--sport', '67',  '-j', 'ACCEPT'])
        util.pread2(['iptables', '-D', 'FORWARD',  '-j', 'RH-Firewall-1-INPUT'])
    except:
        util.SMlog('Chain BRIDGE-FIREWALL already exists')