Revision 30db6769 common.sh
| b/common.sh | ||
|---|---|---|
| 171 | 171 |
# accept dhcp responses from host (nfdhcpd) |
| 172 | 172 |
# this is actually not needed because nfdhcpd opens a socket and binds is with |
| 173 | 173 |
# tap interface so dhcp response does not go through bridge |
| 174 |
# INDEV_MAC=$(cat /sys/class/net/$INDEV/address) |
|
| 174 | 175 |
# runlocked $RUNLOCKED_OPTS ebtables -A $TO -s $INDEV_MAC -p ipv4 --ip-protocol=udp --ip-destination-port=68 -j ACCEPT |
| 175 | 176 |
# allow only packets from the same mac prefix |
| 176 | 177 |
runlocked $RUNLOCKED_OPTS ebtables -A $TO -s \! $MAC/$MAC_MASK -j DROP |
Also available in: Unified diff