Revision c3d3d121
b/common.sh | ||
---|---|---|
152 | 152 |
runlocked $RUNLOCKED_OPTS ebtables -A $FROM --ip-source \! $IP -p ipv4 -j DROP |
153 | 153 |
fi |
154 | 154 |
runlocked $RUNLOCKED_OPTS ebtables -A $FROM -s \! $MAC -j DROP |
155 |
#accept dhcp responses from host (nfdhcpd) |
|
156 |
runlocked $RUNLOCKED_OPTS ebtables -A $TO -s $INDEV_MAC -p ipv4 --ip-protocol=udp --ip-destination-port=68 -j ACCEPT |
|
155 |
# accept dhcp responses from host (nfdhcpd) |
|
156 |
# this is actually not needed because nfdhcpd opens a socket and binds is with |
|
157 |
# tap interface so dhcp response does not go through bridge |
|
158 |
# runlocked $RUNLOCKED_OPTS ebtables -A $TO -s $INDEV_MAC -p ipv4 --ip-protocol=udp --ip-destination-port=68 -j ACCEPT |
|
157 | 159 |
# allow only packets from the same mac prefix |
158 | 160 |
runlocked $RUNLOCKED_OPTS ebtables -A $TO -s \! $MAC/$MAC_MASK -j DROP |
159 | 161 |
} |
Also available in: Unified diff