Merge lp://staging/~vishvananda/nova/dnsmasq-accept-rules-ms into lp://staging/~hudson-openstack/nova/milestone-proposed
Proposed by
Vish Ishaya
| Status: | Merged |
|---|---|
| Approved by: | Vish Ishaya |
| Approved revision: | 1193 |
| Merged at revision: | 1191 |
| Proposed branch: | lp://staging/~vishvananda/nova/dnsmasq-accept-rules-ms |
| Merge into: | lp://staging/~hudson-openstack/nova/milestone-proposed |
| Diff against target: |
38 lines (+14/-1) 1 file modified
nova/network/linux_net.py (+14/-1) |
| To merge this branch: | bzr merge lp://staging/~vishvananda/nova/dnsmasq-accept-rules-ms |
| Related bugs: |
| Reviewer | Review Type | Date Requested | Status |
|---|---|---|---|
| OpenStack release team | Pending | ||
|
Review via email:
|
|||
Description of the change
Add iptables filter rules for dnsmasq (lp:844935)
On Fedora, the default policy for the INPUT chain in the filter table
is DROP. This means that DHCP and DNS request packets from the guest
get dropped.
Add these rules to allow the traffic through:
$> sudo iptables -t filter -A nova-network-INPUT -i br0 -p udp -m udp --dport 67 -j ACCEPT
$> sudo iptables -t filter -A nova-network-INPUT -i br0 -p tcp -m tcp --dport 67 -j ACCEPT
$> sudo iptables -t filter -A nova-network-INPUT -i br0 -p udp -m udp --dport 53 -j ACCEPT
$> sudo iptables -t filter -A nova-network-INPUT -i br0 -p tcp -m tcp --dport 53 -j ACCEPT
To post a comment you must log in.
Preview Diff
[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
