[NoCat] Patch: DHCPAddr-01.patch

Karl Gaissmaier karl.gaissmaier at kiz.uni-ulm.de
Tue, 29 Jul 2003 01:31:55 +0200 

--------------Boundary-00=_7DDRFNHDZSIQBLG50E8J
Content-Type: text/plain;
  charset="us-ascii"
Content-Transfer-Encoding: 8bit

Name:
	 DHCPAddr-01.patch

Affected Files:
	lib/NoCat/Firewall.pm
	gateway.conf
	libexec/iptables/initialize.fw

Version: Patch against 0.82 or later

Severity:
	unimportant, only needed if dhcpd not running in the local
	network or on the gateway itself

Description:
	new config Parameter DHCPAddr to permit dhcp traffic
	through the gateway

--
Karl Gaissmaier KIZ/Infrastructure, University of Ulm, Germany 
Email:karl.gaissmaier@kiz.uni-ulm.de Service Group Network
--------------Boundary-00=_7DDRFNHDZSIQBLG50E8J
Content-Type: text/x-diff;
  charset="us-ascii";
  name="DHCPAddr-01.patch"
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="DHCPAddr-01.patch"

diff --exclude '*.orig' -Naur NoCatAuth-old/gateway.conf NoCatAuth-nightly/gateway.conf
--- NoCatAuth-old/gateway.conf	2003-02-11 02:59:09.000000000 +0100
+++ NoCatAuth-nightly/gateway.conf	2003-07-26 00:28:54.000000000 +0200
@@ -68,6 +68,12 @@
 #
 # LoginTimeout	86400
 
+# DHCPAddr - Specifies one or more IP-Addr of DHCP-Server(s), separated
+# by spaces, to which traffic through the gateway is permitted.
+#
+# DHCPAddr 10.0.0.123
+
+
 ###### Open Portal settings.
 #
 ##
diff --exclude '*.orig' -Naur NoCatAuth-old/lib/NoCat/Firewall.pm NoCatAuth-nightly/lib/NoCat/Firewall.pm
--- NoCatAuth-old/lib/NoCat/Firewall.pm	2003-02-12 03:56:42.000000000 +0100
+++ NoCatAuth-nightly/lib/NoCat/Firewall.pm	2003-07-26 00:30:05.000000000 +0200
@@ -21,6 +21,10 @@
     MembersOnly RouteOnly IgnoreMAC
 );
 
+# not in qw() in order to have independent patches
+# put these independent patches together in the next release -- charly
+push @Perform_Export, 'DHCPAddr';
+
 # If /proc/net/arp is available, use it. Otherwise, fork /sbin/arp and read
 # its output to get ARP cache data. Turns out '/sbin/arp -an' gives the same
 # output on both Linux and *BSD. (Thank goodness.)
diff --exclude '*.orig' -Naur NoCatAuth-old/libexec/iptables/initialize.fw NoCatAuth-nightly/libexec/iptables/initialize.fw
--- NoCatAuth-old/libexec/iptables/initialize.fw	2003-07-26 00:15:28.000000000 +0200
+++ NoCatAuth-nightly/libexec/iptables/initialize.fw	2003-07-26 00:37:25.000000000 +0200
@@ -88,6 +88,13 @@
   classes="1 2 3"
 fi
 
+# always allow dhcp (DHCP)
+#
+for dhcp_serv in $DHCPAddr; do
+    $fwd -d $dhcp_serv -p udp --dport 67 -j ACCEPT
+    $fwd -s $dhcp_serv -p udp --sport 67 -j ACCEPT
+done
+
 # Handle tagged traffic.
 #
 for iface in $InternalDevice; do

--------------Boundary-00=_7DDRFNHDZSIQBLG50E8J--