NSXV: allow DHCP reply on DHCP edges
Work around DHCP edge's behavior where firewall is blocking DHCP unicast replies. Change-Id: I2ed3de8d665166fed3bc42da56d2a180b070ca0d
This commit is contained in:
parent
c0da5a9c44
commit
b376ad6ffd
|
@ -3277,7 +3277,13 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
|
||||||
"enabled": True,
|
"enabled": True,
|
||||||
"action": "allow",
|
"action": "allow",
|
||||||
"application": {
|
"application": {
|
||||||
"applicationId": application_ids}}]
|
"applicationId": application_ids}},
|
||||||
|
{"name": "DHCPReply",
|
||||||
|
"action": "allow",
|
||||||
|
"enabled": True,
|
||||||
|
"protocol": "udp",
|
||||||
|
"source_port": "68",
|
||||||
|
"destination_port": "67"}]
|
||||||
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
LOG.error(
|
LOG.error(
|
||||||
|
@ -3289,7 +3295,13 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
|
||||||
"enabled": True,
|
"enabled": True,
|
||||||
"action": "allow",
|
"action": "allow",
|
||||||
"protocol": "icmp",
|
"protocol": "icmp",
|
||||||
"icmp_type": 8}]
|
"icmp_type": 8},
|
||||||
|
{"name": "DHCPReply",
|
||||||
|
"action": "allow",
|
||||||
|
"enabled": True,
|
||||||
|
"protocol": "udp",
|
||||||
|
"source_port": "68",
|
||||||
|
"destination_port": "67"}]
|
||||||
|
|
||||||
if plugin.metadata_proxy_handler:
|
if plugin.metadata_proxy_handler:
|
||||||
rules += nsx_v_md_proxy.get_router_fw_rules()
|
rules += nsx_v_md_proxy.get_router_fw_rules()
|
||||||
|
|
Loading…
Reference in New Issue