[pve-devel] firewall : question about dhcp option rule

Alexandre DERUMIER aderumier at odiso.com
Wed Mar 19 11:32:52 CET 2014


I just notice that in

ruleset_create_vm_chain{
...
    if (!(defined($options->{dhcp}) && $options->{dhcp} == 0)) {
        ruleset_addrule($ruleset, $chain, "-p udp -m udp --dport 67:68 -j ACCEPT");
    }
..

}


we create the rule in both direction, and with an ACCEPT.

is it normal ?

(we should never do an accept in tap-out chain)



More information about the pve-devel mailing list