add: dhcp on firewall

2023-10-12 12:53:44 +02:00
parent 9995595a55
commit c044383fd0
6 changed files with 36 additions and 5 deletions
--- a/backend/modules/firewall/nftables.py
+++ b/backend/modules/firewall/nftables.py
@@ -135,6 +135,25 @@ class FiregexTables(NFTableManager):
                    ]
                }}},
            ])
+        if opt.allow_dhcp:
+            rules.extend([
+                { "add":{ "rule": {
+                    "family": "ip", "table": self.filter_table, "chain": self.rules_chain_in,
+                    "expr": [
+                        { 'match': {'left': {'payload': {'protocol': "udp", 'field': 'sport'}}, 'op': '==', 'right': 67} },
+                        { 'match': {'left': {'payload': {'protocol': "udp", 'field': 'dport'}}, 'op': '==', 'right': 68} },
+                        { "accept": None }
+                    ]
+                }}},
+                { "add":{ "rule": {
+                    "family": "ip6", "table": self.filter_table, "chain": self.rules_chain_in,
+                    "expr": [
+                        { 'match': {'left': {'payload': {'protocol': "udp", 'field': 'sport'}}, 'op': '==', 'right': 67} },
+                        { 'match': {'left': {'payload': {'protocol': "udp", 'field': 'dport'}}, 'op': '==', 'right': 68} },
+                        { "accept": None }
+                    ]
+                }}},
+            ])
        return rules
    
    def __init__(self):