Check for DHCP before RFC 1918

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@217 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
2002-08-24 15:09:34 +00:00 · 2002-08-24 15:09:34 +00:00 · 429b8e7d38
commit 429b8e7d38
parent 8f4ff3306e
1 changed files with 10 additions and 7 deletions
--- a/Shorewall/firewall
+++ b/Shorewall/firewall
@ -2851,6 +2851,16 @@ add_common_rules() {
    # BROADCASTS
    #
    drop_broadcasts `find_broadcasts`
+    ###########################################################################
+    # DHCP
+    #
+    echo "Adding rules for DHCP"
+
+    for interface in `find_interfaces_by_option dhcp`; do
+	run_iptables -A `input_chain $interface` -p udp --dport 67:68 -j ACCEPT
+	run_iptables -A OUTPUT	  -o $interface	 -p udp --dport 67:68 -j ACCEPT
+    done
+
    ###########################################################################
    # RFC 1918
    #
@ -3179,13 +3189,6 @@ define_firewall() # $1 = Command (Start or Restart)

    process_rules $rules

-    echo "Adding rules for DHCP"
-
-    for interface in `find_interfaces_by_option dhcp`; do
-	run_iptables -A `input_chain $interface` -p udp --dport 67:68 -j ACCEPT
-	run_iptables -A OUTPUT	  -o $interface	 -p udp --dport 67:68 -j ACCEPT
-    done
-
    echo "Setting up ICMP Echo handling..."

    filterping_interfaces="`find_interfaces_by_option filterping`"