Revision 95226ff3
b/kvm-vif-bridge | ||
---|---|---|
19 | 19 |
TABLE=$LINK |
20 | 20 |
ip link set $INTERFACE addr $TAP_CONSTANT_MAC up |
21 | 21 |
INDEV=$INTERFACE |
22 |
DROPDHCPREQCMD="iptables -A FORWARD -i $INTERFACE -p udp --dport 67 -j DROP" |
|
22 |
# DROPDHCPREQCMD="iptables -A FORWARD -i $INTERFACE -p udp --dport 67 -j DROP"
|
|
23 | 23 |
elif [ "$MODE" = "bridged" ]; then |
24 | 24 |
ip link set $INTERFACE up |
25 | 25 |
brctl addif $BRIDGE $INTERFACE |
26 | 26 |
INDEV=$BRIDGE |
27 |
try init_ebtables |
|
28 | 27 |
# nfdhcpd creates responses with src mac the mac of indec |
29 | 28 |
INDEV_MAC=$(cat /sys/class/net/$INDEV/address) |
30 |
DROPDHCPREQCMD="runlocked $RUNLOCKED_OPTS ebtables -A $FROM -p ipv4 --ip-protocol udp --ip-destination-port 67 -j DROP" |
|
29 |
# DROPDHCPREQCMD="runlocked $RUNLOCKED_OPTS ebtables -A $FROM -p ipv4 --ip-protocol udp --ip-destination-port 67 -j DROP"
|
|
31 | 30 |
fi |
32 | 31 |
|
33 | 32 |
|
... | ... | |
40 | 39 |
;; |
41 | 40 |
$NFDHCPD_TAG) |
42 | 41 |
# Drop unicast BOOTP/DHCP packets |
43 |
$DROPDHCPREQCMD |
|
42 |
# $DROPDHCPREQCMD
|
|
44 | 43 |
try setup_nfdhcpd |
45 | 44 |
;; |
46 | 45 |
$MAC_FILTERED_TAG) |
46 |
try init_ebtables |
|
47 | 47 |
try setup_ebtables |
48 | 48 |
;; |
49 | 49 |
$MASQ_TAG) |
Also available in: Unified diff