[lxc-devel] [lxd/master] lxd/networks: Skip DHCP mangle if firewall off
stgraber on Github
lxc-bot at linuxcontainers.org
Thu Jul 5 22:49:13 UTC 2018
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 370 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180705/5e5783ce/attachment.bin>
-------------- next part --------------
From a2db324875c74403d8f0a37d64fb815433bd4492 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Thu, 5 Jul 2018 18:47:56 -0400
Subject: [PATCH] lxd/networks: Skip DHCP mangle if firewall off
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Closes #4739
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
lxd/networks.go | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/lxd/networks.go b/lxd/networks.go
index 4bdc0dab1..61e7b2a74 100644
--- a/lxd/networks.go
+++ b/lxd/networks.go
@@ -1126,7 +1126,9 @@ func (n *network) Start() error {
}
// Attempt a workaround for broken DHCP clients
- networkIptablesPrepend("ipv4", n.name, "mangle", "POSTROUTING", "-o", n.name, "-p", "udp", "--dport", "68", "-j", "CHECKSUM", "--checksum-fill")
+ if n.config["ipv4.firewall"] == "" || shared.IsTrue(n.config["ipv4.firewall"] {
+ networkIptablesPrepend("ipv4", n.name, "mangle", "POSTROUTING", "-o", n.name, "-p", "udp", "--dport", "68", "-j", "CHECKSUM", "--checksum-fill")
+ }
// Allow forwarding
if n.config["bridge.mode"] == "fan" || n.config["ipv4.routing"] == "" || shared.IsTrue(n.config["ipv4.routing"]) {
More information about the lxc-devel
mailing list