X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=PVE%2FFirewall.pm;h=5583ec061127d5d9fab31e89f474994c5db33f63;hb=ce15d90b3d4f30fa7ff210b6e84903f322687735;hp=05720d56ca24eaba7fd09eb3b5022723314a654f;hpb=2f906466833e8c19977a808e81dc9d5f5e217270;p=pve-firewall.git

diff --git a/PVE/Firewall.pm b/PVE/Firewall.pm
index 05720d5..5583ec0 100644
--- a/PVE/Firewall.pm
+++ b/PVE/Firewall.pm
@@ -836,6 +836,10 @@ sub generate_tap_rules_direction {
 	ruleset_addrule($ruleset, $tapchain, "-m conntrack --ctstate INVALID,NEW -j PVEFW-smurfs");
     }
 
+    if (!(defined($options->{dhcp}) && $options->{dhcp} == 0)) {
+	ruleset_addrule($ruleset, $tapchain, "-p udp -m udp --dport 67:68 -j ACCEPT");
+    }
+
     if ($options->{tcpflags}) {
 	ruleset_addrule($ruleset, $tapchain, "-p tcp -j PVEFW-tcpflags");
     }
@@ -1130,7 +1134,7 @@ sub parse_fw_option {
 
     my ($opt, $value);
 
-    if ($line =~ m/^(enable|macfilter|nosmurfs|tcpflags):\s*(0|1)\s*$/i) {
+    if ($line =~ m/^(enable|dhcp|macfilter|nosmurfs|tcpflags):\s*(0|1)\s*$/i) {
 	$opt = lc($1);
 	$value = int($2);
     } elsif ($line =~ m/^(policy-(in|out)):\s*(ACCEPT|DROP|REJECT)\s*$/i) {