[pve-devel] [PATCH] disable / filter dhcp traffic if dhcp is disabled

Thu Jul 3 23:37:36 CEST 2014

Signed-off-by: Stefan Priebe <s.priebe at profihost.ag>
---
 src/PVE/Firewall.pm |    8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 27cf1e6..615f233 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -1643,6 +1643,14 @@ sub ruleset_create_vm_chain {
 	    ruleset_generate_rule($ruleset, $chain, { action => 'ACCEPT',
 						      proto => 'udp', sport => 67, dport => 68 });
 	}
+    } else {
+	if ($direction eq 'OUT') {
+	    ruleset_generate_rule($ruleset, $chain, { action => 'DROP',
+						      proto => 'udp', sport => 68, dport => 67 });
+	} else {
+	    ruleset_generate_rule($ruleset, $chain, { action => 'DROP',
+						      proto => 'udp', sport => 67, dport => 68 });
+	}
     }
 
     if ($direction eq 'OUT') {
-- 
1.7.10.4


