Re: [PATCH 2/2] network: allow tftp port if tftp is defined

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sat, Jun 19, 2010 at 08:08:26PM +0200, apevec@xxxxxxxxx wrote:
> From: Alan Pevec <apevec@xxxxxxxxxx>
> 
> add iptables rules to allow TFTP from the virtual network if <tftp>
> element is defined in the network definition.
> 
> Fedora bz#580215
> 
> * src/network/bridge_driver.c: open UDP port 69 for TFTP traffic if
>   tftproot is defined
> ---
>  src/network/bridge_driver.c |   14 ++++++++++++++
>  1 files changed, 14 insertions(+), 0 deletions(-)
> 
> diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
> index 0cd0978..72255c1 100644
> --- a/src/network/bridge_driver.c
> +++ b/src/network/bridge_driver.c
> @@ -737,6 +737,15 @@ networkAddIptablesRules(struct network_driver *driver,
>          goto err4;
>      }
>  
> +    /* allow TFTP requests through to dnsmasq */
> +    if (network->def->tftproot &&
> +        (err = iptablesAddUdpInput(driver->iptables, network->def->bridge, 69))) {
> +        virReportSystemError(err,
> +                             _("failed to add iptables rule to allow TFTP requests from '%s'"),
> +                             network->def->bridge);
> +        goto err4tftp;
> +    }
> +
>  
>      /* Catch all rules to block forwarding to/from bridges */
>  
> @@ -784,6 +793,10 @@ networkAddIptablesRules(struct network_driver *driver,
>      iptablesRemoveForwardRejectOut(driver->iptables,
>                                     network->def->bridge);
>   err5:
> +    if (network->def->tftproot) {
> +        iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 69);
> +    }
> + err4tftp:
>      iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 53);
>   err4:
>      iptablesRemoveTcpInput(driver->iptables, network->def->bridge, 53);
> @@ -821,6 +834,7 @@ networkRemoveIptablesRules(struct network_driver *driver,
>      iptablesRemoveForwardAllowCross(driver->iptables, network->def->bridge);
>      iptablesRemoveForwardRejectIn(driver->iptables, network->def->bridge);
>      iptablesRemoveForwardRejectOut(driver->iptables, network->def->bridge);
> +    iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 69);
>      iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 53);
>      iptablesRemoveTcpInput(driver->iptables, network->def->bridge, 53);
>      iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 67);

ACK


Daniel
-- 
|: Red Hat, Engineering, London    -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :|
|: http://autobuild.org        -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-   F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]