NSXV: allow DHCP reply on DHCP edges

Work around DHCP edge's behavior where firewall is blocking DHCP unicast
replies.

Change-Id: I2ed3de8d665166fed3bc42da56d2a180b070ca0d
This commit is contained in:
Kobi Samoray 2020-05-21 18:42:13 +03:00
parent c0da5a9c44
commit b376ad6ffd
1 changed files with 14 additions and 2 deletions

View File

@ -3277,7 +3277,13 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
"enabled": True, "enabled": True,
"action": "allow", "action": "allow",
"application": { "application": {
"applicationId": application_ids}}] "applicationId": application_ids}},
{"name": "DHCPReply",
"action": "allow",
"enabled": True,
"protocol": "udp",
"source_port": "68",
"destination_port": "67"}]
except Exception as e: except Exception as e:
LOG.error( LOG.error(
@ -3289,7 +3295,13 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
"enabled": True, "enabled": True,
"action": "allow", "action": "allow",
"protocol": "icmp", "protocol": "icmp",
"icmp_type": 8}] "icmp_type": 8},
{"name": "DHCPReply",
"action": "allow",
"enabled": True,
"protocol": "udp",
"source_port": "68",
"destination_port": "67"}]
if plugin.metadata_proxy_handler: if plugin.metadata_proxy_handler:
rules += nsx_v_md_proxy.get_router_fw_rules() rules += nsx_v_md_proxy.get_router_fw_rules()