bundles/dhcpd: add iptables rules

2020-11-15 12:01:14 +01:00 · 2020-11-15 12:01:14 +01:00 · ad569f073e
commit ad569f073e
parent cdef8cdb13
1 changed files with 17 additions and 0 deletions
--- a/bundles/dhcpd/metadata.py
+++ b/bundles/dhcpd/metadata.py
@ -23,6 +23,7 @@ def get_static_allocations(metadata):
        }
    }

+
@metadata_reactor
 def get_listen_interfaces(metadata):
    listen_interfaces = []
@ -34,3 +35,19 @@ def get_listen_interfaces(metadata):
            'listen_interfaces': ' '.join(sorted(listen_interfaces)),
        }
    }
+
+
+@metadata_reactor
+def iptables(metadata):
+    iptables = set()
+    for identfier, subnet in node.metadata.get('dhcpd/subnets', {}).items():
+        iptables.add('iptables -A INPUT -i {} -p udp --dport 67:68 -j ACCEPT'.format(subnet.get('interface')))
+
+    return {
+        'iptables': {
+            'bundle_rules': {
+                # iptables bundle relies on this being a list.
+                'dhcpd': sorted(list(iptables)),
+            },
+        }
+    }