[libvirt] [PATCH 2/2] network: allow tftp port if tftp is defined

apevec at gmail.com apevec at gmail.com
Sat Jun 19 18:08:26 UTC 2010 

From: Alan Pevec <apevec at redhat.com>

add iptables rules to allow TFTP from the virtual network if <tftp>
element is defined in the network definition.

Fedora bz#580215

* src/network/bridge_driver.c: open UDP port 69 for TFTP traffic if
  tftproot is defined
---
 src/network/bridge_driver.c |   14 ++++++++++++++
 1 files changed, 14 insertions(+), 0 deletions(-)

diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 0cd0978..72255c1 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -737,6 +737,15 @@ networkAddIptablesRules(struct network_driver *driver,
         goto err4;
     }
 
+    /* allow TFTP requests through to dnsmasq */
+    if (network->def->tftproot &&
+        (err = iptablesAddUdpInput(driver->iptables, network->def->bridge, 69))) {
+        virReportSystemError(err,
+                             _("failed to add iptables rule to allow TFTP requests from '%s'"),
+                             network->def->bridge);
+        goto err4tftp;
+    }
+
 
     /* Catch all rules to block forwarding to/from bridges */
 
@@ -784,6 +793,10 @@ networkAddIptablesRules(struct network_driver *driver,
     iptablesRemoveForwardRejectOut(driver->iptables,
                                    network->def->bridge);
  err5:
+    if (network->def->tftproot) {
+        iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 69);
+    }
+ err4tftp:
     iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 53);
  err4:
     iptablesRemoveTcpInput(driver->iptables, network->def->bridge, 53);
@@ -821,6 +834,7 @@ networkRemoveIptablesRules(struct network_driver *driver,
     iptablesRemoveForwardAllowCross(driver->iptables, network->def->bridge);
     iptablesRemoveForwardRejectIn(driver->iptables, network->def->bridge);
     iptablesRemoveForwardRejectOut(driver->iptables, network->def->bridge);
+    iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 69);
     iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 53);
     iptablesRemoveTcpInput(driver->iptables, network->def->bridge, 53);
     iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 67);
-- 
1.7.0.1

More information about the libvir-list mailing list