mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-25 07:05:28 +00:00
network: allow tftp port if tftp is defined
add iptables rules to allow TFTP from the virtual network if <tftp> element is defined in the network definition. Fedora bz#580215 * src/network/bridge_driver.c: open UDP port 69 for TFTP traffic if tftproot is defined
This commit is contained in:
parent
0c141c893a
commit
4efaf77b19
@ -737,6 +737,15 @@ networkAddIptablesRules(struct network_driver *driver,
|
|||||||
goto err4;
|
goto err4;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* allow TFTP requests through to dnsmasq */
|
||||||
|
if (network->def->tftproot &&
|
||||||
|
(err = iptablesAddUdpInput(driver->iptables, network->def->bridge, 69))) {
|
||||||
|
virReportSystemError(err,
|
||||||
|
_("failed to add iptables rule to allow TFTP requests from '%s'"),
|
||||||
|
network->def->bridge);
|
||||||
|
goto err4tftp;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/* Catch all rules to block forwarding to/from bridges */
|
/* Catch all rules to block forwarding to/from bridges */
|
||||||
|
|
||||||
@ -784,6 +793,10 @@ networkAddIptablesRules(struct network_driver *driver,
|
|||||||
iptablesRemoveForwardRejectOut(driver->iptables,
|
iptablesRemoveForwardRejectOut(driver->iptables,
|
||||||
network->def->bridge);
|
network->def->bridge);
|
||||||
err5:
|
err5:
|
||||||
|
if (network->def->tftproot) {
|
||||||
|
iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 69);
|
||||||
|
}
|
||||||
|
err4tftp:
|
||||||
iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 53);
|
iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 53);
|
||||||
err4:
|
err4:
|
||||||
iptablesRemoveTcpInput(driver->iptables, network->def->bridge, 53);
|
iptablesRemoveTcpInput(driver->iptables, network->def->bridge, 53);
|
||||||
@ -821,6 +834,7 @@ networkRemoveIptablesRules(struct network_driver *driver,
|
|||||||
iptablesRemoveForwardAllowCross(driver->iptables, network->def->bridge);
|
iptablesRemoveForwardAllowCross(driver->iptables, network->def->bridge);
|
||||||
iptablesRemoveForwardRejectIn(driver->iptables, network->def->bridge);
|
iptablesRemoveForwardRejectIn(driver->iptables, network->def->bridge);
|
||||||
iptablesRemoveForwardRejectOut(driver->iptables, network->def->bridge);
|
iptablesRemoveForwardRejectOut(driver->iptables, network->def->bridge);
|
||||||
|
iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 69);
|
||||||
iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 53);
|
iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 53);
|
||||||
iptablesRemoveTcpInput(driver->iptables, network->def->bridge, 53);
|
iptablesRemoveTcpInput(driver->iptables, network->def->bridge, 53);
|
||||||
iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 67);
|
iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 67);
|
||||||
|
Loading…
Reference in New Issue
Block a user