mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-09-19 06:00:54 +00:00
25 lines
841 B
XML
25 lines
841 B
XML
|
<filter name='allow-dhcp-server' chain='ipv4'>
|
||
|
|
|
||
|
|
<!-- accept outgoing DHCP requests -->
|
||
|
|
<!-- note, this rule must be evaluated before general MAC broadcast
|
||
|
|
traffic is discarded since DHCP requests use MAC broadcast -->
|
||
|
|
<rule action='accept' direction='out' priority='100'>
|
||
|
|
<ip srcipaddr='0.0.0.0'
|
||
|
|
dstipaddr='255.255.255.255'
|
||
|
|
protocol='udp'
|
||
|
|
srcportstart='68'
|
||
|
|
dstportstart='67' />
|
||
|
|
</rule>
|
||
|
|
|
||
|
|
<!-- accept incoming DHCP responses from a specific DHCP server
|
||
|
|
parameter DHPCSERVER needs to be passed from where this filter is
|
||
|
|
referenced -->
|
||
|
|
<rule action='accept' direction='in' priority='100' >
|
||
|
|
<ip srcipaddr='$DHCPSERVER'
|
||
|
|
protocol='udp'
|
||
|
|
srcportstart='67'
|
||
|
|
dstportstart='68'/>
|
||
|
|
</rule>
|
||
|
|
|
||
|
|
</filter>
|