Commit 3404e5d0 authored by bertagaz's avatar bertagaz

Fix DHCP from $vmz.

On newer kernel (tested on 3.16), the libvirt and shorewall iptables
rules have conflicts that need to be fixed by enabling back
--checksum-fill on $vmz, otherwise the VMs can't get a DHCP lease.
parent 06c50587
......@@ -2,6 +2,8 @@ class shorewall::rules::libvirt::host (
$vmz = 'vmz',
$masq_iface = 'eth0',
$debproxy_port = 8000,
$accept_dhcp = true,
$vmz_iface = 'virbr0',
) {
define shorewall::rule::accept::from_vmz (
......@@ -49,6 +51,15 @@ class shorewall::rules::libvirt::host (
action => 'ACCEPT';
}
if $accept_dhcp {
shorewall::mangle { 'CHECKSUM:T':
source => '-',
destination => $vmz_iface,
proto => 'udp',
destinationport => '68';
}
}
if $debproxy_port {
shorewall::rule::accept::from_vmz { 'accept_debproxy_from_vmz':
proto => 'tcp',
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment