From 76a2d1e7112d630d94cfb260ba43313c182d8682 Mon Sep 17 00:00:00 2001
From: Dietmar Maurer <dietmar@proxmox.com>
Date: Wed, 19 Mar 2014 12:30:28 +0100
Subject: [PATCH] fix dhcp rule

As suggested by Alexandre.
---
 src/PVE/Firewall.pm | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/PVE/Firewall.pm b/src/PVE/Firewall.pm
index 1946381..2d834b7 100644
--- a/src/PVE/Firewall.pm
+++ b/src/PVE/Firewall.pm
@@ -969,7 +969,11 @@ sub ruleset_create_vm_chain {
     }
 
     if (!(defined($options->{dhcp}) && $options->{dhcp} == 0)) {
-	ruleset_addrule($ruleset, $chain, "-p udp -m udp --dport 67:68 -j ACCEPT");
+	if ($direction eq 'OUT') {
+	    ruleset_addrule($ruleset, $chain, "-p udp -m udp --sport 68 --dport 67 -j PVEFW-SET-ACCEPT-MARK");
+	} else {
+	    ruleset_addrule($ruleset, $chain, "-p udp -m udp --sport 67 --dport 68 -j ACCEPT");
+	}
     }
 
     if ($options->{tcpflags}) {
-- 
2.39.2