libvirt/examples/xml/nwfilter/allow-dhcp.xml

<filter name='allow-dhcp' chain='ipv4'>

    <!-- accept outgoing DHCP requests -->
    <!-- not, this rule must be evaluated before general MAC broadcast
         traffic is discarded since DHCP requests use MAC broadcast -->
    <rule action='accept' direction='out' priority='100'>
        <ip srcipaddr='0.0.0.0'
            dstipaddr='255.255.255.255'
            protocol='udp'
            srcportstart='68'
            dstportstart='67' />
    </rule>

    <!-- accept incoming DHCP responses from any DHCP server -->
    <rule action='accept' direction='in' priority='100' >
        <ip protocol='udp'
            srcportstart='67'
            dstportstart='68'/>
    </rule>

</filter>
Add some examples filters This patch adds some example filters to libvirt. They are automatically installed into the proper directory for libvirt to pick them up. 2010-03-25 17:46:13 +00:00			`<filter name='allow-dhcp' chain='ipv4'>`

			`<!-- accept outgoing DHCP requests -->`
			`<!-- not, this rule must be evaluated before general MAC broadcast`
			`traffic is discarded since DHCP requests use MAC broadcast -->`
			`<rule action='accept' direction='out' priority='100'>`
			`<ip srcipaddr='0.0.0.0'`
			`dstipaddr='255.255.255.255'`
			`protocol='udp'`
			`srcportstart='68'`
			`dstportstart='67' />`
			`</rule>`

			`<!-- accept incoming DHCP responses from any DHCP server -->`
			`<rule action='accept' direction='in' priority='100' >`
			`<ip protocol='udp'`
			`srcportstart='67'`
			`dstportstart='68'/>`
			`</rule>`

			`</filter>`