From ad569f073ea88484a5e1d1dcec5b205fe2b12352 Mon Sep 17 00:00:00 2001
From: Franziska Kunsmann <hi@kunsmann.eu>
Date: Sun, 15 Nov 2020 12:01:14 +0100
Subject: [PATCH] bundles/dhcpd: add iptables rules

---
 bundles/dhcpd/metadata.py | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/bundles/dhcpd/metadata.py b/bundles/dhcpd/metadata.py
index ce6fb6b..4c8e551 100644
--- a/bundles/dhcpd/metadata.py
+++ b/bundles/dhcpd/metadata.py
@@ -23,6 +23,7 @@ def get_static_allocations(metadata):
         }
     }
 
+
 @metadata_reactor
 def get_listen_interfaces(metadata):
     listen_interfaces = []
@@ -34,3 +35,19 @@ def get_listen_interfaces(metadata):
             'listen_interfaces': ' '.join(sorted(listen_interfaces)),
         }
     }
+
+
+@metadata_reactor
+def iptables(metadata):
+    iptables = set()
+    for identfier, subnet in node.metadata.get('dhcpd/subnets', {}).items():
+        iptables.add('iptables -A INPUT -i {} -p udp --dport 67:68 -j ACCEPT'.format(subnet.get('interface')))
+
+    return {
+        'iptables': {
+            'bundle_rules': {
+                # iptables bundle relies on this being a list.
+                'dhcpd': sorted(list(iptables)),
+            },
+        }
+    }