[libvirt] [PATCH 2/2] network: allow tftp port if tftp is defined
Daniel P. Berrange
berrange at redhat.com
Mon Jun 21 11:43:16 UTC 2010
On Sat, Jun 19, 2010 at 08:08:26PM +0200, apevec at gmail.com wrote:
> From: Alan Pevec <apevec at redhat.com>
>
> add iptables rules to allow TFTP from the virtual network if <tftp>
> element is defined in the network definition.
>
> Fedora bz#580215
>
> * src/network/bridge_driver.c: open UDP port 69 for TFTP traffic if
> tftproot is defined
> ---
> src/network/bridge_driver.c | 14 ++++++++++++++
> 1 files changed, 14 insertions(+), 0 deletions(-)
>
> diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
> index 0cd0978..72255c1 100644
> --- a/src/network/bridge_driver.c
> +++ b/src/network/bridge_driver.c
> @@ -737,6 +737,15 @@ networkAddIptablesRules(struct network_driver *driver,
> goto err4;
> }
>
> + /* allow TFTP requests through to dnsmasq */
> + if (network->def->tftproot &&
> + (err = iptablesAddUdpInput(driver->iptables, network->def->bridge, 69))) {
> + virReportSystemError(err,
> + _("failed to add iptables rule to allow TFTP requests from '%s'"),
> + network->def->bridge);
> + goto err4tftp;
> + }
> +
>
> /* Catch all rules to block forwarding to/from bridges */
>
> @@ -784,6 +793,10 @@ networkAddIptablesRules(struct network_driver *driver,
> iptablesRemoveForwardRejectOut(driver->iptables,
> network->def->bridge);
> err5:
> + if (network->def->tftproot) {
> + iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 69);
> + }
> + err4tftp:
> iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 53);
> err4:
> iptablesRemoveTcpInput(driver->iptables, network->def->bridge, 53);
> @@ -821,6 +834,7 @@ networkRemoveIptablesRules(struct network_driver *driver,
> iptablesRemoveForwardAllowCross(driver->iptables, network->def->bridge);
> iptablesRemoveForwardRejectIn(driver->iptables, network->def->bridge);
> iptablesRemoveForwardRejectOut(driver->iptables, network->def->bridge);
> + iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 69);
> iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 53);
> iptablesRemoveTcpInput(driver->iptables, network->def->bridge, 53);
> iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 67);
ACK
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
More information about the libvir-list
mailing list