[pve-devel] [PATCH] disable / filter dhcp traffic if dhcp is disabled
Dietmar Maurer
dietmar at proxmox.com
Fri Jul 4 05:58:51 CEST 2014
This is not how it works on shorewall, so I am not sure if we need this. why?l
> -----Original Message-----
> From: pve-devel [mailto:pve-devel-bounces at pve.proxmox.com] On Behalf Of
> Stefan Priebe
> Sent: Donnerstag, 03. Juli 2014 23:38
> To: pve-devel at pve.proxmox.com
> Subject: [pve-devel] [PATCH] disable / filter dhcp traffic if dhcp is disabled
>
>
> Signed-off-by: Stefan Priebe <s.priebe at profihost.ag>
> ---
> src/PVE/Firewall.pm | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm index 27cf1e6..615f233
> 100644
> --- a/src/PVE/Firewall.pm
> +++ b/src/PVE/Firewall.pm
> @@ -1643,6 +1643,14 @@ sub ruleset_create_vm_chain {
> ruleset_generate_rule($ruleset, $chain, { action => 'ACCEPT',
> proto => 'udp', sport => 67,
> dport => 68 });
> }
> + } else {
> + if ($direction eq 'OUT') {
> + ruleset_generate_rule($ruleset, $chain, { action => 'DROP',
> + proto => 'udp', sport => 68,
> dport => 67 });
> + } else {
> + ruleset_generate_rule($ruleset, $chain, { action => 'DROP',
> + proto => 'udp', sport => 67,
> dport => 68 });
> + }
> }
>
> if ($direction eq 'OUT') {
> --
> 1.7.10.4
>
> _______________________________________________
> pve-devel mailing list
> pve-devel at pve.proxmox.com
> http://pve.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
More information about the pve-devel
mailing list