Revision c7b580d5

b/common.sh
152 152
    runlocked $RUNLOCKED_OPTS ebtables -A $FROM --ip-source \! $IP -p ipv4 -j DROP
153 153
  fi
154 154
  runlocked $RUNLOCKED_OPTS ebtables -A $FROM -s \! $MAC -j DROP
155
  #accept dhcp responses from host (nfdhcpd)
156
  runlocked $RUNLOCKED_OPTS ebtables -A $TO -s $INDEV_MAC -p ipv4 --ip-protocol=udp  --ip-destination-port=68 -j ACCEPT
155
  # accept dhcp responses from host (nfdhcpd)
156
  # this is actually not needed because nfdhcpd opens a socket and binds is with
157
  # tap interface so dhcp response does not go through bridge
158
  # runlocked $RUNLOCKED_OPTS ebtables -A $TO -s $INDEV_MAC -p ipv4 --ip-protocol=udp  --ip-destination-port=68 -j ACCEPT
157 159
  # allow only packets from the same mac prefix
158 160
  runlocked $RUNLOCKED_OPTS ebtables -A $TO -s \! $MAC/$MAC_MASK -j DROP
159 161
}

Also available in: Unified diff