diff options
| author | Jerome Charaoui <jcharaoui@cmaisonneuve.qc.ca> | 2015-03-02 15:37:58 +0000 |
|---|---|---|
| committer | Jerome Charaoui <jcharaoui@cmaisonneuve.qc.ca> | 2015-03-02 15:37:58 +0000 |
| commit | 1807c9e0d59f6b256926288836478da438911bb5 (patch) | |
| tree | 511bd2ee14a0b04daf5bbe92bb5bc7df6399d9d4 | |
| parent | 4e86d81936a54fdaa3cdbec71efd25297f9ede4e (diff) | |
| parent | 3404e5d09d41a3949c76e39f884e6a2d2db8cd48 (diff) | |
| download | puppet-shorewall-1807c9e0d59f6b256926288836478da438911bb5.tar.gz puppet-shorewall-1807c9e0d59f6b256926288836478da438911bb5.tar.bz2 | |
Merge branch 'bugfix/Fix_DHCP_for_libvirt' into 'master'
Fix dhcp for libvirt
This branch uses the mangle table support added by the feature/Add_support_for_mangle_table branch to fix the libvirt DHCP when broken by recent kernel. It fills the checksum of this kind of packets on the libvirt interface.
This patch shouldn't break older setup, and is implemented so that it can be disabled.
See merge request !2
| -rw-r--r-- | manifests/rules/libvirt/host.pp | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/manifests/rules/libvirt/host.pp b/manifests/rules/libvirt/host.pp index dfb753c..c226865 100644 --- a/manifests/rules/libvirt/host.pp +++ b/manifests/rules/libvirt/host.pp @@ -2,6 +2,8 @@ class shorewall::rules::libvirt::host ( $vmz = 'vmz', $masq_iface = 'eth0', $debproxy_port = 8000, + $accept_dhcp = true, + $vmz_iface = 'virbr0', ) { define shorewall::rule::accept::from_vmz ( @@ -49,6 +51,15 @@ class shorewall::rules::libvirt::host ( action => 'ACCEPT'; } + if $accept_dhcp { + shorewall::mangle { 'CHECKSUM:T': + source => '-', + destination => $vmz_iface, + proto => 'udp', + destinationport => '68'; + } + } + if $debproxy_port { shorewall::rule::accept::from_vmz { 'accept_debproxy_from_vmz': proto => 'tcp', |