diff options
author | Stefan Berger <stefanb@linux.vnet.ibm.com> | 2012-01-17 12:47:41 -0500 |
---|---|---|
committer | Stefan Berger <stefanb@us.ibm.com> | 2012-01-17 12:47:41 -0500 |
commit | af5594c88b5473d51be29294952fd9a6a2591fd4 (patch) | |
tree | 8b8165d09274b211ce50b836406f83e77029a3dd /examples | |
parent | Remove dmidecode dependancy outside PC arches (diff) | |
download | libvirt-af5594c88b5473d51be29294952fd9a6a2591fd4.tar.gz libvirt-af5594c88b5473d51be29294952fd9a6a2591fd4.tar.bz2 libvirt-af5594c88b5473d51be29294952fd9a6a2591fd4.zip |
nwfilter: fix typing error in filter
Fix a typing error in the no-ip-spoofing filter.
Return DHCP request packets passing through this filter. Have
the user use another filter to actually allow DHCP requests to be
sent (action='accept').
Diffstat (limited to 'examples')
-rw-r--r-- | examples/xml/nwfilter/no-ip-spoofing.xml | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/examples/xml/nwfilter/no-ip-spoofing.xml b/examples/xml/nwfilter/no-ip-spoofing.xml index cbed03083..f8c957333 100644 --- a/examples/xml/nwfilter/no-ip-spoofing.xml +++ b/examples/xml/nwfilter/no-ip-spoofing.xml @@ -1,7 +1,7 @@ <filter name='no-ip-spoofing' chain='ipv4-ip' priority='-710'> - <!-- allow DHCP requests --> - <rule action='accept' direction='out' priority='100'> - <ip srcipaddr='0.0.0.0' protocol='udp' srcportstart='68' srcportend='68'/> + <!-- allow UDP sent from 0.0.0.0 (DHCP); filter more exact later --> + <rule action='return' direction='out' priority='100'> + <ip srcipaddr='0.0.0.0' protocol='udp'/> </rule> <!-- allow all known IP addresses --> |