[pve-devel] firewall : question about dhcp option rule

Alexandre DERUMIER aderumier at odiso.com
Wed Mar 19 11:32:52 CET 2014

Previous message (by thread): [pve-devel] pve-firewall : add ips feature v4
Next message (by thread): [pve-devel] firewall : question about dhcp option rule
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I just notice that in

ruleset_create_vm_chain{
...
    if (!(defined($options->{dhcp}) && $options->{dhcp} == 0)) {
        ruleset_addrule($ruleset, $chain, "-p udp -m udp --dport 67:68 -j ACCEPT");
    }
..

}


we create the rule in both direction, and with an ACCEPT.

is it normal ?

(we should never do an accept in tap-out chain)

Previous message (by thread): [pve-devel] pve-firewall : add ips feature v4
Next message (by thread): [pve-devel] firewall : question about dhcp option rule
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the pve-devel mailing list