Viewing all changes in revision 1191.
- Committer: Tarmac
- Date: 2011-09-20 10:18:14 UTC
- mfrom: (1190.1.3 dnsmasq-accept-rules-ms)
- Revision ID: tarmac-20110920101814-chdxgxc00ni42ukf
Add iptables filter rules for dnsmasq (lp:844935)
On Fedora, the default policy for the INPUT chain in the filter table
is DROP. This means that DHCP and DNS request packets from the guest
get dropped.
Add these rules to allow the traffic through:
$> sudo iptables -t filter -A nova-network-INPUT -i br0 -p udp -m udp --dport 67 -j ACCEPT
$> sudo iptables -t filter -A nova-network-INPUT -i br0 -p tcp -m tcp --dport 67 -j ACCEPT
$> sudo iptables -t filter -A nova-network-INPUT -i br0 -p udp -m udp --dport 53 -j ACCEPT
$> sudo iptables -t filter -A nova-network-INPUT -i br0 -p tcp -m tcp --dport 53 -j ACCEPT
On Fedora, the default policy for the INPUT chain in the filter table
is DROP. This means that DHCP and DNS request packets from the guest
get dropped.
Add these rules to allow the traffic through:
$> sudo iptables -t filter -A nova-network-INPUT -i br0 -p udp -m udp --dport 67 -j ACCEPT
$> sudo iptables -t filter -A nova-network-INPUT -i br0 -p tcp -m tcp --dport 67 -j ACCEPT
$> sudo iptables -t filter -A nova-network-INPUT -i br0 -p udp -m udp --dport 53 -j ACCEPT
$> sudo iptables -t filter -A nova-network-INPUT -i br0 -p tcp -m tcp --dport 53 -j ACCEPT
- files modified:
- nova/network/linux_net.py
expand all
collapse all
added
removed
