fix dhcp rule

author Dietmar Maurer <dietmar@proxmox.com>

Wed, 19 Mar 2014 11:30:28 +0000 (12:30 +0100)

committer Dietmar Maurer <dietmar@proxmox.com>

Wed, 19 Mar 2014 11:30:28 +0000 (12:30 +0100)
author Dietmar Maurer <dietmar@proxmox.com>
Wed, 19 Mar 2014 11:30:28 +0000 (12:30 +0100)
committer Dietmar Maurer <dietmar@proxmox.com>
Wed, 19 Mar 2014 11:30:28 +0000 (12:30 +0100)
diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm

index 1946381cb88faa39b64727cea68da3e89be9e127..2d834b7c88b965070b05f766ce2e3c2bbbf425c8 100644 (file)
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -969,7 +969,11 @@ sub ruleset_create_vm_chain {
      }
  
      if (!(defined($options->{dhcp}) && $options->{dhcp} == 0)) {
-       ruleset_addrule($ruleset, $chain, "-p udp -m udp --dport 67:68 -j ACCEPT");
+       if ($direction eq 'OUT') {
+           ruleset_addrule($ruleset, $chain, "-p udp -m udp --sport 68 --dport 67 -j PVEFW-SET-ACCEPT-MARK");
+       } else {
+           ruleset_addrule($ruleset, $chain, "-p udp -m udp --sport 67 --dport 68 -j ACCEPT");
+       }
      }
  
      if ($options->{tcpflags}) {
author	Dietmar Maurer <dietmar@proxmox.com>
	Wed, 19 Mar 2014 11:30:28 +0000 (12:30 +0100)
committer	Dietmar Maurer <dietmar@proxmox.com>
	Wed, 19 Mar 2014 11:30:28 +0000 (12:30 +0100)