Merge "Ironic: Explicitly allow DHCP ports"

commit: 0ab9da1f7bfeb8b7210de5d43fc740287c84b9c0 [log] [tgz]
author: Jenkins <jenkins@review.openstack.org> Thu Nov 12 18:43:38 2015 +0000
committer: Gerrit Code Review <review@openstack.org> Thu Nov 12 18:43:38 2015 +0000
tree: 629053964a8e59f0be941c677e1576d1e942f572
parent: 808c2ab90ad5bcd5c0703261a4931efe4bd2e550 [diff]
parent: 63cac536efa3474af40ea24603fca5e1d0a74e13 [diff]
diff --git a/lib/ironic b/lib/ironic
index d786870..016e639 100644
--- a/lib/ironic
+++ b/lib/ironic

@@ -672,6 +672,8 @@
     # enable tftp natting for allowing connections to HOST_IP's tftp server
     sudo modprobe nf_conntrack_tftp
     sudo modprobe nf_nat_tftp
+    # explicitly allow DHCP - packets are occassionally being dropped here
+    sudo iptables -I INPUT -p udp --dport 67:68 --sport 67:68 -j ACCEPT || true
     # nodes boot from TFTP and callback to the API server listening on $HOST_IP
     sudo iptables -I INPUT -d $HOST_IP -p udp --dport 69 -j ACCEPT || true
     sudo iptables -I INPUT -d $HOST_IP -p tcp --dport $IRONIC_SERVICE_PORT -j ACCEPT || true
commit	0ab9da1f7bfeb8b7210de5d43fc740287c84b9c0	[log] [tgz]
author	Jenkins <jenkins@review.openstack.org>	Thu Nov 12 18:43:38 2015 +0000
committer	Gerrit Code Review <review@openstack.org>	Thu Nov 12 18:43:38 2015 +0000
tree	629053964a8e59f0be941c677e1576d1e942f572
parent	808c2ab90ad5bcd5c0703261a4931efe4bd2e550 [diff]
parent	63cac536efa3474af40ea24603fca5e1d0a74e13 [diff]