aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Berger <stefanb@linux.vnet.ibm.com>2012-01-17 12:47:41 -0500
committerStefan Berger <stefanb@us.ibm.com>2012-01-17 12:47:41 -0500
commitaf5594c88b5473d51be29294952fd9a6a2591fd4 (patch)
tree8b8165d09274b211ce50b836406f83e77029a3dd /examples
parentRemove dmidecode dependancy outside PC arches (diff)
downloadlibvirt-af5594c88b5473d51be29294952fd9a6a2591fd4.tar.gz
libvirt-af5594c88b5473d51be29294952fd9a6a2591fd4.tar.bz2
libvirt-af5594c88b5473d51be29294952fd9a6a2591fd4.zip
nwfilter: fix typing error in filter
Fix a typing error in the no-ip-spoofing filter. Return DHCP request packets passing through this filter. Have the user use another filter to actually allow DHCP requests to be sent (action='accept').
Diffstat (limited to 'examples')
-rw-r--r--examples/xml/nwfilter/no-ip-spoofing.xml6
1 files changed, 3 insertions, 3 deletions
diff --git a/examples/xml/nwfilter/no-ip-spoofing.xml b/examples/xml/nwfilter/no-ip-spoofing.xml
index cbed03083..f8c957333 100644
--- a/examples/xml/nwfilter/no-ip-spoofing.xml
+++ b/examples/xml/nwfilter/no-ip-spoofing.xml
@@ -1,7 +1,7 @@
<filter name='no-ip-spoofing' chain='ipv4-ip' priority='-710'>
- <!-- allow DHCP requests -->
- <rule action='accept' direction='out' priority='100'>
- <ip srcipaddr='0.0.0.0' protocol='udp' srcportstart='68' srcportend='68'/>
+ <!-- allow UDP sent from 0.0.0.0 (DHCP); filter more exact later -->
+ <rule action='return' direction='out' priority='100'>
+ <ip srcipaddr='0.0.0.0' protocol='udp'/>
</rule>
<!-- allow all known IP addresses -->