The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/6165
This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.
=== Description (from pull-request) ===
Currently it's not possible to assign static IPv6 addresses to containers (using `ipv6.dhcp: "true"` and `ipv6.dhcp.stateful: "true"`) without using the build in firewall configuration (`ipv6.firewall: "true"`).
This trivial patch fixes this.
From a8206c63cf941525d2d83a93d67fd428d6df03c0 Mon Sep 17 00:00:00 2001
From: Skruppy <skru...@onmars.eu>
Date: Sun, 8 Sep 2019 02:44:37 +0200
Subject: [PATCH] Allow ipv6.dhcp=true and ipv6.firewall=false
---
lxd/networks.go | 30 ++++++++++++++++--------------
1 file changed, 16 insertions(+), 14 deletions(-)
diff --git a/lxd/networks.go b/lxd/networks.go
index 156c68efe3..1b15144929 100644
--- a/lxd/networks.go
+++ b/lxd/networks.go
@@ -1435,20 +1435,22 @@ func (n *network) Start() error {
// Update the dnsmasq config
dnsmasqCmd = append(dnsmasqCmd,
[]string{fmt.Sprintf("--listen-address=%s", ip.String()), "--enable-ra"}...)
- if (n.config["ipv6.dhcp"] == "" ||
shared.IsTrue(n.config["ipv6.dhcp"])) && (n.config["ipv6.firewall"] == "" ||
shared.IsTrue(n.config["ipv6.firewall"])) {
- // Setup basic iptables overrides for DHCP/DNS
- rules := [][]string{
- {"ipv6", n.name, "", "INPUT", "-i", n.name,
"-p", "udp", "--dport", "547", "-j", "ACCEPT"},
- {"ipv6", n.name, "", "INPUT", "-i", n.name,
"-p", "udp", "--dport", "53", "-j", "ACCEPT"},
- {"ipv6", n.name, "", "INPUT", "-i", n.name,
"-p", "tcp", "--dport", "53", "-j", "ACCEPT"},
- {"ipv6", n.name, "", "OUTPUT", "-o", n.name,
"-p", "udp", "--sport", "547", "-j", "ACCEPT"},
- {"ipv6", n.name, "", "OUTPUT", "-o", n.name,
"-p", "udp", "--sport", "53", "-j", "ACCEPT"},
- {"ipv6", n.name, "", "OUTPUT", "-o", n.name,
"-p", "tcp", "--sport", "53", "-j", "ACCEPT"}}
-
- for _, rule := range rules {
- err = iptables.NetworkPrepend(rule[0], rule[1],
rule[2], rule[3], rule[4:]...)
- if err != nil {
- return err
+ if n.config["ipv6.dhcp"] == "" ||
shared.IsTrue(n.config["ipv6.dhcp"]) {
+ if n.config["ipv6.firewall"] == "" ||
shared.IsTrue(n.config["ipv6.firewall"]) {
+ // Setup basic iptables overrides for DHCP/DNS
+ rules := [][]string{
+ {"ipv6", n.name, "", "INPUT", "-i",
n.name, "-p", "udp", "--dport", "547", "-j", "ACCEPT"},
+ {"ipv6", n.name, "", "INPUT", "-i",
n.name, "-p", "udp", "--dport", "53", "-j", "ACCEPT"},
+ {"ipv6", n.name, "", "INPUT", "-i",
n.name, "-p", "tcp", "--dport", "53", "-j", "ACCEPT"},
+ {"ipv6", n.name, "", "OUTPUT", "-o",
n.name, "-p", "udp", "--sport", "547", "-j", "ACCEPT"},
+ {"ipv6", n.name, "", "OUTPUT", "-o",
n.name, "-p", "udp", "--sport", "53", "-j", "ACCEPT"},
+ {"ipv6", n.name, "", "OUTPUT", "-o",
n.name, "-p", "tcp", "--sport", "53", "-j", "ACCEPT"}}
+
+ for _, rule := range rules {
+ err = iptables.NetworkPrepend(rule[0],
rule[1], rule[2], rule[3], rule[4:]...)
+ if err != nil {
+ return err
+ }
}
}
_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
