Class: Dcmgr::VNet::Tasks::AcceptWakameDHCPOnly

Inherits:

Dcmgr::VNet::Task

• Object
• Dcmgr::VNet::Task
• Dcmgr::VNet::Tasks::AcceptWakameDHCPOnly

Includes:

Netfilter

Defined in:

lib/dcmgr/vnet/tasks/accept_wakame_dhcp_only.rb

Overview

Allows for DHCP traffic to take place with and only with wakame’s DHCP server

Instance Attribute Summary

• #dhcp_server_ip ⇒ Object readonly

  TODO: allow ARP traffic to DHCP server.

Attributes inherited from Dcmgr::VNet::Task

#rules

Instance Method Summary

• #initialize(dhcp_server_ip, fport = 67, tport = 68) ⇒ AcceptWakameDHCPOnly constructor

  A new instance of AcceptWakameDHCPOnly.

Constructor Details

#initialize(dhcp_server_ip, fport = 67, tport = 68) ⇒ AcceptWakameDHCPOnly

Returns a new instance of AcceptWakameDHCPOnly.

# File 'lib/dcmgr/vnet/tasks/accept_wakame_dhcp_only.rb', line 13

def initialize(dhcp_server_ip,fport = 67, tport = 68)
  super()
  
  @dhcp_server_ip = dhcp_server_ip
  
  # Block DHCP replies that aren't coming from our DHCP server
  self.rules << IptablesRule.new(:filter,:forward,:udp,:incoming,"-p udp ! -s #{self.dhcp_server_ip} --sport #{fport}:#{tport} -j DROP")
  
  # Accept DHCP replies coming from our DHCP server
  self.rules << IptablesRule.new(:filter,:forward,:udp,:incoming,"-p udp -s #{self.dhcp_server_ip} --sport #{fport}:#{tport} -j ACCEPT")
  
  # Drop all non DHCP traffic to our DHCP server
  [:udp,:tcp,:icmp].each { |protocol|
    self.rules << IptablesRule.new(:filter,:forward,protocol,:outgoing,"-d #{self.dhcp_server_ip} -p #{protocol} -j DROP")
  }
end

Instance Attribute Details

#dhcp_server_ip ⇒ Object (readonly)

TODO: allow ARP traffic to DHCP server

# File 'lib/dcmgr/vnet/tasks/accept_wakame_dhcp_only.rb', line 11

def dhcp_server_ip
  @dhcp_server_ip
end