Include comment in DHCP ip6tables rules

author Dustin Lundquist <dustin@null-ptr.net>

Fri, 10 Jul 2015 19:36:44 +0000 (12:36 -0700)

committer Dustin Lundquist <dustin@null-ptr.net>

Mon, 13 Jul 2015 16:55:45 +0000 (09:55 -0700)
author Dustin Lundquist <dustin@null-ptr.net>
Fri, 10 Jul 2015 19:36:44 +0000 (12:36 -0700)
committer Dustin Lundquist <dustin@null-ptr.net>
Mon, 13 Jul 2015 16:55:45 +0000 (09:55 -0700)
diff --git a/neutron/agent/linux/iptables_firewall.py b/neutron/agent/linux/iptables_firewall.py

index ff12802e1631f9d1fec73d8a40ae4482042954df..1381dee13fc76538a028b62d004479485b66de72 100644 (file)
--- a/neutron/agent/linux/iptables_firewall.py
+++ b/neutron/agent/linux/iptables_firewall.py
@@ -358,7 +358,7 @@ class IptablesFirewallDriver(firewall.FirewallDriver):
          ipv6_rules += [comment_rule('-p icmpv6 -j RETURN',
                                      comment=ic.IPV6_ICMP_ALLOW)]
          ipv6_rules += [comment_rule('-p udp -m udp --sport 546 --dport 547 '
-                                    '-j RETURN', comment=None)]
+                                    '-j RETURN', comment=ic.DHCP_CLIENT)]
          mac_ipv4_pairs = []
          mac_ipv6_pairs = []
  
@@ -386,7 +386,7 @@ class IptablesFirewallDriver(firewall.FirewallDriver):
          ipv4_rules += [comment_rule('-p udp -m udp --sport 67 --dport 68 '
                                      '-j DROP', comment=ic.DHCP_SPOOF)]
          ipv6_rules += [comment_rule('-p udp -m udp --sport 547 --dport 546 '
-                                    '-j DROP', comment=None)]
+                                    '-j DROP', comment=ic.DHCP_SPOOF)]
  
      def _accept_inbound_icmpv6(self):
          # Allow multicast listener, neighbor solicitation and
author	Dustin Lundquist <dustin@null-ptr.net>
	Fri, 10 Jul 2015 19:36:44 +0000 (12:36 -0700)
committer	Dustin Lundquist <dustin@null-ptr.net>
	Mon, 13 Jul 2015 16:55:45 +0000 (09:55 -0700)