From: Dietmar Maurer <dietmar@proxmox.com>
Date: Wed, 19 Mar 2014 11:30:28 +0000 (+0100)
Subject: fix dhcp rule
X-Git-Url: https://git.proxmox.com/?p=pve-firewall.git;a=commitdiff_plain;h=76a2d1e7112d630d94cfb260ba43313c182d8682

fix dhcp rule

As suggested by Alexandre.
---

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 1946381..2d834b7 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -969,7 +969,11 @@ sub ruleset_create_vm_chain {
     }
 
     if (!(defined($options->{dhcp}) && $options->{dhcp} == 0)) {
-	ruleset_addrule($ruleset, $chain, "-p udp -m udp --dport 67:68 -j ACCEPT");
+	if ($direction eq 'OUT') {
+	    ruleset_addrule($ruleset, $chain, "-p udp -m udp --sport 68 --dport 67 -j PVEFW-SET-ACCEPT-MARK");
+	} else {
+	    ruleset_addrule($ruleset, $chain, "-p udp -m udp --sport 67 --dport 68 -j ACCEPT");
+	}
     }
 
     if ($options->{tcpflags}) {