diff options
| -rw-r--r-- | kvmd/apps/__init__.py | 2 | ||||
| -rw-r--r-- | kvmd/apps/otgnet/__init__.py | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/kvmd/apps/__init__.py b/kvmd/apps/__init__.py index 9c07cf94..42864dee 100644 --- a/kvmd/apps/__init__.py +++ b/kvmd/apps/__init__.py @@ -436,7 +436,7 @@ def _get_config_scheme() -> Dict: "firewall": { "allow_tcp": Option([], type=valid_ports_list), - "allow_udp": Option([], type=valid_ports_list), + "allow_udp": Option([67], type=valid_ports_list), "iptables_cmd": Option(["/usr/bin/iptables"], type=valid_command), }, diff --git a/kvmd/apps/otgnet/__init__.py b/kvmd/apps/otgnet/__init__.py index e28a5a21..d15f0a09 100644 --- a/kvmd/apps/otgnet/__init__.py +++ b/kvmd/apps/otgnet/__init__.py @@ -91,7 +91,6 @@ class _Service: # pylint: disable=too-many-instance-attributes ctls: List[BaseCtl] = [ CustomCtl(self.__pre_start_cmd, self.__post_stop_cmd, placeholders), IfaceUpCtl(self.__ip_cmd, netcfg.iface), - IptablesDropAllCtl(self.__iptables_cmd, netcfg.iface), *[ IptablesAllowPortCtl(self.__iptables_cmd, netcfg.iface, port, tcp) for (port, tcp) in [ @@ -99,6 +98,7 @@ class _Service: # pylint: disable=too-many-instance-attributes *zip(self.__allow_udp, itertools.repeat(False)), ] ], + IptablesDropAllCtl(self.__iptables_cmd, netcfg.iface), IfaceAddIpCtl(self.__ip_cmd, netcfg.iface, f"{netcfg.iface_ip}/{netcfg.net_prefix}"), CustomCtl(self.__post_start_cmd, self.__pre_stop_cmd, placeholders), ] |