From 1f272f9c7e22d52d71c3954fc0e683f082d75e07 Mon Sep 17 00:00:00 2001
From: Dustin Lundquist <dustin@null-ptr.net>
Date: Fri, 10 Jul 2015 12:36:44 -0700
Subject: [PATCH] Include comment in DHCP ip6tables rules

Change-Id: I28531186c45477939618a01f17f6efed43f71c09
---
 neutron/agent/linux/iptables_firewall.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/neutron/agent/linux/iptables_firewall.py b/neutron/agent/linux/iptables_firewall.py
index ff12802e1..1381dee13 100644
--- a/neutron/agent/linux/iptables_firewall.py
+++ b/neutron/agent/linux/iptables_firewall.py
@@ -358,7 +358,7 @@ class IptablesFirewallDriver(firewall.FirewallDriver):
         ipv6_rules += [comment_rule('-p icmpv6 -j RETURN',
                                     comment=ic.IPV6_ICMP_ALLOW)]
         ipv6_rules += [comment_rule('-p udp -m udp --sport 546 --dport 547 '
-                                    '-j RETURN', comment=None)]
+                                    '-j RETURN', comment=ic.DHCP_CLIENT)]
         mac_ipv4_pairs = []
         mac_ipv6_pairs = []
 
@@ -386,7 +386,7 @@ class IptablesFirewallDriver(firewall.FirewallDriver):
         ipv4_rules += [comment_rule('-p udp -m udp --sport 67 --dport 68 '
                                     '-j DROP', comment=ic.DHCP_SPOOF)]
         ipv6_rules += [comment_rule('-p udp -m udp --sport 547 --dport 546 '
-                                    '-j DROP', comment=None)]
+                                    '-j DROP', comment=ic.DHCP_SPOOF)]
 
     def _accept_inbound_icmpv6(self):
         # Allow multicast listener, neighbor solicitation and
-- 
2.45.2