Commit 1807c9e0 authored by Jerome Charaoui's avatar Jerome Charaoui

Merge branch 'bugfix/Fix_DHCP_for_libvirt' into 'master'

Fix dhcp for libvirt

This branch uses the mangle table support added by the feature/Add_support_for_mangle_table branch to fix the libvirt DHCP when broken by recent kernel. It fills the checksum of this kind of packets on the libvirt interface.

This patch shouldn't break older setup, and is implemented so that it can be disabled.

See merge request !2
parents 4e86d819 3404e5d0
......@@ -2,6 +2,8 @@ class shorewall::rules::libvirt::host (
$vmz = 'vmz',
$masq_iface = 'eth0',
$debproxy_port = 8000,
$accept_dhcp = true,
$vmz_iface = 'virbr0',
) {
define shorewall::rule::accept::from_vmz (
......@@ -49,6 +51,15 @@ class shorewall::rules::libvirt::host (
action => 'ACCEPT';
}
if $accept_dhcp {
shorewall::mangle { 'CHECKSUM:T':
source => '-',
destination => $vmz_iface,
proto => 'udp',
destinationport => '68';
}
}
if $debproxy_port {
shorewall::rule::accept::from_vmz { 'accept_debproxy_from_vmz':
proto => 'tcp',
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment