Comment 33 for bug 1558658

Reviewed: https://review.openstack.org/300202
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=6a93ee8ac1a901c255e3475a24f1afc11d8bf80f
Submitter: Jenkins
Branch: master

commit 6a93ee8ac1a901c255e3475a24f1afc11d8bf80f
Author: Dustin Lundquist <email address hidden>
Date: Thu Mar 31 12:04:31 2016 -0700

    Iptables firewall prevent IP spoofed DHCP requests

    The DHCP rules in the fixed iptables firewall rules were too permissive.
    They permitted any UDP traffic with a source port of 68 and destination
    port of 67. Care must be taken since these rules return before the IP
    spoofing prevention rules. This patch splits the fixed DHCP rules into
    two, one for the discovery and request messages which take place before
    the instance has bound an IP address and a second to permit DHCP
    renewals.

    Change-Id: Ibc2b0fa80baf2ea8b01fa568cd1fe7a7e092e7a5
    Partial-Bug: #1558658