Revision f6f980d5

b/kvm-vif-bridge
85 85
EOF
86 86
}
87 87

  
88
function make_ebtables {
88
function reset_ebtables {
89 89
  TAP=$INTERFACE
90 90
  FROM=FROM${TAP^^}
91 91
  TO=TO${TAP^^}
......
97 97
  
98 98
  ebtables -X $FROM
99 99
  ebtables -X $TO
100
}
101

  
102
function set_ebtables {
103
  TAP=$INTERFACE
104
  FROM=FROM${TAP^^}
105
  TO=TO${TAP^^}
100 106

  
101 107
  ebtables -N $FROM
102 108
  ebtables -A $FROM --ip-source \! $IP -p ipv4 -j DROP
......
106 112
  ebtables -N $TO
107 113
  ebtables -A FORWARD -o $TAP -j $TO
108 114
  ebtables -A OUTPUT -o $TAP -j $TO
115
  #accept dhcp responses from host (nfdhcpd)
116
  ebtables -A $TO -p ipv4 --ip-protocol=udp  --ip-destination-port=68 -j ACCEPT
109 117
  if [ $TYPE == "private" ]; then 
110 118
    ebtables -A $TO -s \! $MAC/$MAC_MASK -j DROP 
111 119
    if [ ! -z $GATEWAY ]; then 
......
140 148
	routed_setup_ipv6
141 149
	routed_setup_firewall
142 150
	routed_setup_nfdhcpd $INTERFACE
151
  reset_ebtables
143 152
elif [ "$MODE" = "bridged" ]; then
144 153
  while ip rule del dev $INTERFACE; do :; done
145 154
	ifconfig $INTERFACE 0.0.0.0 up
146 155
	brctl addif $BRIDGE $INTERFACE
147 156
	routed_setup_nfdhcpd $BRIDGE
148
  make_ebtables
157
  reset_ebtables
158
  set_ebtables
149 159
fi   

Also available in: Unified diff