Skip to content

Commit 12d12ac

Browse files
anthonyxuanthonyxu
committed
CS-16409 : dhcp request doesn't have target ip, remove ip in the iptable rule
1 parent 87e6278 commit 12d12ac

1 file changed

Lines changed: 8 additions & 8 deletions

File tree

patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -80,6 +80,11 @@ desetup_apache2() {
8080

8181
setup_dnsmasq() {
8282
logger -t cloud "Setting up dnsmasq for network $ip/$mask "
83+
# setup rules to allow dhcp/dns request
84+
sudo iptables -D INPUT -i $dev -p udp -m udp --dport 67 -j ACCEPT
85+
sudo iptables -D INPUT -i $dev -d $ip -p udp -m udp --dport 53 -j ACCEPT
86+
sudo iptables -A INPUT -i $dev -p udp -m udp --dport 67 -j ACCEPT
87+
sudo iptables -A INPUT -i $dev -d $ip -p udp -m udp --dport 53 -j ACCEPT
8388
# setup static
8489
sed -i -e "/^[#]*dhcp-range=interface:$dev/d" /etc/dnsmasq.d/cloud.conf
8590
echo "dhcp-range=interface:$dev,set:interface-$dev,$ip,static" >> /etc/dnsmasq.d/cloud.conf
@@ -94,7 +99,9 @@ setup_dnsmasq() {
9499

95100
desetup_dnsmasq() {
96101
logger -t cloud "Desetting up dnsmasq for network $ip/$mask "
97-
102+
# remove rules to allow dhcp/dns request
103+
sudo iptables -D INPUT -i $dev -p udp -m udp --dport 67 -j ACCEPT
104+
sudo iptables -D INPUT -i $dev -d $ip -p udp -m udp --dport 53 -j ACCEPT
98105
sed -i -e "/^[#]*dhcp-option=tag:interface-$dev,option:router.*$/d" /etc/dnsmasq.d/cloud.conf
99106
sed -i -e "/^[#]*dhcp-option=tag:interface-$dev,6.*$/d" /etc/dnsmasq.d/cloud.conf
100107
sed -i -e "/^[#]*dhcp-range=interface:$dev/d" /etc/dnsmasq.d/cloud.conf
@@ -125,11 +132,6 @@ create_guest_network() {
125132
sudo ip addr add dev $dev $ip/$mask brd +
126133
sudo ip link set $dev up
127134
sudo arping -c 3 -I $dev -A -U -s $ip $ip
128-
# setup rules to allow dhcp/dns request
129-
sudo iptables -D INPUT -i $dev -d $ip -p udp -m udp --dport 67 -j ACCEPT
130-
sudo iptables -D INPUT -i $dev -d $ip -p udp -m udp --dport 53 -j ACCEPT
131-
sudo iptables -A INPUT -i $dev -d $ip -p udp -m udp --dport 67 -j ACCEPT
132-
sudo iptables -A INPUT -i $dev -d $ip -p udp -m udp --dport 53 -j ACCEPT
133135
# restore mark from connection mark
134136
local tableName="Table_$dev"
135137
sudo ip route add $subnet/$mask dev $dev table $tableName proto static
@@ -148,8 +150,6 @@ destroy_guest_network() {
148150
logger -t cloud " $(basename $0): Create network on interface $dev, gateway $gw, network $ip/$mask "
149151

150152
sudo ip addr del dev $dev $ip/$mask
151-
sudo iptables -D INPUT -i $dev -d $ip -p udp -m udp --dport 67 -j ACCEPT
152-
sudo iptables -D INPUT -i $dev -d $ip -p udp -m udp --dport 53 -j ACCEPT
153153
sudo iptables -t mangle -D PREROUTING -i $dev -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
154154
sudo iptables -t nat -D POSTROUTING -s $subnet/$mask -o $dev -j SNAT --to-source $ip
155155
destroy_acl_chain

0 commit comments

Comments
 (0)