From 4efaf77b19d63c0dea888846b3390f5a396ac547 Mon Sep 17 00:00:00 2001
From: Alan Pevec <apevec@redhat.com>
Date: Sat, 19 Jun 2010 20:08:26 +0200
Subject: [PATCH] network: allow tftp port if tftp is defined

add iptables rules to allow TFTP from the virtual network if <tftp>
element is defined in the network definition.

Fedora bz#580215

* src/network/bridge_driver.c: open UDP port 69 for TFTP traffic if
  tftproot is defined
---
 src/network/bridge_driver.c | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index 0cd0978460..72255c102f 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -737,6 +737,15 @@ networkAddIptablesRules(struct network_driver *driver,
         goto err4;
     }
 
+    /* allow TFTP requests through to dnsmasq */
+    if (network->def->tftproot &&
+        (err = iptablesAddUdpInput(driver->iptables, network->def->bridge, 69))) {
+        virReportSystemError(err,
+                             _("failed to add iptables rule to allow TFTP requests from '%s'"),
+                             network->def->bridge);
+        goto err4tftp;
+    }
+
 
     /* Catch all rules to block forwarding to/from bridges */
 
@@ -784,6 +793,10 @@ networkAddIptablesRules(struct network_driver *driver,
     iptablesRemoveForwardRejectOut(driver->iptables,
                                    network->def->bridge);
  err5:
+    if (network->def->tftproot) {
+        iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 69);
+    }
+ err4tftp:
     iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 53);
  err4:
     iptablesRemoveTcpInput(driver->iptables, network->def->bridge, 53);
@@ -821,6 +834,7 @@ networkRemoveIptablesRules(struct network_driver *driver,
     iptablesRemoveForwardAllowCross(driver->iptables, network->def->bridge);
     iptablesRemoveForwardRejectIn(driver->iptables, network->def->bridge);
     iptablesRemoveForwardRejectOut(driver->iptables, network->def->bridge);
+    iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 69);
     iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 53);
     iptablesRemoveTcpInput(driver->iptables, network->def->bridge, 53);
     iptablesRemoveUdpInput(driver->iptables, network->def->bridge, 67);
-- 
GitLab