From 5f1d2e86ffdc666004a84e291496bf956d23ea17 Mon Sep 17 00:00:00 2001
From: Ivan Chavero <ichavero@redhat.com>
Date: Wed, 25 Jun 2014 07:07:41 -0600
Subject: [PATCH] Fixes DHCP firewall protocol

Sets the firewall rules for DHCP to UDP, also simplified
the rules to allow requests from all hosts

Change-Id: Ia848315112cd53de530f7bf7eb487fce90605e3d
Fixes: rhbz#bug1112019
---
 packstack/plugins/neutron_350.py | 33 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 17 deletions(-)

diff --git a/packstack/plugins/neutron_350.py b/packstack/plugins/neutron_350.py
index fc80f7d10..de69af3d4 100644
--- a/packstack/plugins/neutron_350.py
+++ b/packstack/plugins/neutron_350.py
@@ -830,23 +830,22 @@ def create_dhcp_manifests(config, messages):
         config['CONFIG_NEUTRON_DHCP_INTERFACE_DRIVER'] = get_if_driver(config)
         manifest_data = getManifestTemplate("neutron_dhcp.pp")
         manifest_file = "%s_neutron.pp" % (host,)
-
-        # Firewall Rules
-        config['FIREWALL_PROTOCOL'] = 'tcp'
-        for f_host in q_hosts:
-            config['FIREWALL_ALLOWED'] = "'%s'" % f_host
-            config['FIREWALL_SERVICE_NAME'] = "neutron dhcp in"
-            config['FIREWALL_SERVICE_ID'] = ("neutron_dhcp_in_%s_%s"
-                                             % (host, f_host))
-            config['FIREWALL_PORTS'] = "'67'"
-            config['FIREWALL_CHAIN'] = "INPUT"
-            manifest_data += getManifestTemplate("firewall.pp")
-            config['FIREWALL_SERVICE_NAME'] = "neutron dhcp out"
-            config['FIREWALL_SERVICE_ID'] = ("neutron_dhcp_out_%s_%s"
-                                             % (host, f_host))
-            config['FIREWALL_PORTS'] = "'68'"
-            config['FIREWALL_CHAIN'] = "OUTPUT"
-            manifest_data += getManifestTemplate("firewall.pp")
+        # Firewall Rules for dhcp in
+        config['FIREWALL_PROTOCOL'] = 'udp'
+        config['FIREWALL_ALLOWED'] = "'ALL'"
+        config['FIREWALL_SERVICE_NAME'] = "neutron dhcp in: "
+        config['FIREWALL_SERVICE_ID'] = "neutron_dhcp_in_%s" % host
+        config['FIREWALL_PORTS'] = "'67'"
+        config['FIREWALL_CHAIN'] = "INPUT"
+        manifest_data += getManifestTemplate("firewall.pp")
+        # Firewall Rules for dhcp out
+        config['FIREWALL_PROTOCOL'] = 'udp'
+        config['FIREWALL_ALLOWED'] = "'ALL'"
+        config['FIREWALL_SERVICE_NAME'] = "neutron dhcp out: "
+        config['FIREWALL_SERVICE_ID'] = "neutron_dhcp_out_%s" % host
+        config['FIREWALL_PORTS'] = "'68'"
+        config['FIREWALL_CHAIN'] = "OUTPUT"
+        manifest_data += getManifestTemplate("firewall.pp")
 
         appendManifestFile(manifest_file, manifest_data, 'neutron')