Browse Source

NSXV: allow DHCP reply on DHCP edges

Work around DHCP edge's behavior where firewall is blocking DHCP unicast
replies.

Change-Id: I2ed3de8d665166fed3bc42da56d2a180b070ca0d
changes/28/732728/1
Kobi Samoray 1 month ago
parent
commit
f1d03cc96d
1 changed files with 14 additions and 2 deletions
  1. +14
    -2
      vmware_nsx/plugins/nsx_v/plugin.py

+ 14
- 2
vmware_nsx/plugins/nsx_v/plugin.py View File

@@ -3276,7 +3276,13 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
"enabled": True,
"action": "allow",
"application": {
"applicationId": application_ids}}]
"applicationId": application_ids}},
{"name": "DHCPReply",
"action": "allow",
"enabled": True,
"protocol": "udp",
"source_port": "68",
"destination_port": "67"}]

except Exception as e:
LOG.error(
@@ -3288,7 +3294,13 @@ class NsxVPluginV2(addr_pair_db.AllowedAddressPairsMixin,
"enabled": True,
"action": "allow",
"protocol": "icmp",
"icmp_type": 8}]
"icmp_type": 8},
{"name": "DHCPReply",
"action": "allow",
"enabled": True,
"protocol": "udp",
"source_port": "68",
"destination_port": "67"}]

if plugin.metadata_proxy_handler:
rules += nsx_v_md_proxy.get_router_fw_rules()


Loading…
Cancel
Save