Merge "Fix security group rules created for dhcpv6"
This commit is contained in:
commit
13a32a1297
@ -349,6 +349,9 @@ class SecurityGroupServerRpcMixin(sg_db.SecurityGroupDbMixin):
|
||||
if ip_version == 4:
|
||||
# v4 dhcp servers can also talk to broadcast
|
||||
dests.append('255.255.255.255/32')
|
||||
elif ip_version == 6:
|
||||
# v6 dhcp responses can target link-local addresses
|
||||
dests.append('fe80::/64')
|
||||
source_port, dest_port, ethertype = DHCP_RULE_PORT[ip_version]
|
||||
for dest in dests:
|
||||
dhcp_rule = {'direction': 'ingress',
|
||||
|
@ -87,6 +87,15 @@ def ingress_address_assignment_rules(port):
|
||||
'source_port_range_max': 547,
|
||||
'source_port_range_min': 547,
|
||||
'dest_ip_prefix': '%s/128' % dest})
|
||||
for dest in ['fe80::/64']:
|
||||
rules.append({'direction': 'ingress',
|
||||
'ethertype': 'IPv6',
|
||||
'port_range_max': 546,
|
||||
'port_range_min': 546,
|
||||
'protocol': 'udp',
|
||||
'source_port_range_max': 547,
|
||||
'source_port_range_min': 547,
|
||||
'dest_ip_prefix': '%s' % dest})
|
||||
return rules
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user