Comment 37 for bug 1558658

Reviewed: https://review.openstack.org/303563
Committed: https://git.openstack.org/cgit/openstack/neutron/commit/?id=5853af9cba6733725d6c9ac0db644f426713f0cf
Submitter: Jenkins
Branch: stable/mitaka

commit 5853af9cba6733725d6c9ac0db644f426713f0cf
Author: Dustin Lundquist <email address hidden>
Date: Thu Mar 31 12:04:31 2016 -0700

    Iptables firewall prevent IP spoofed DHCP requests

    The DHCP rules in the fixed iptables firewall rules were too permissive.
    They permitted any UDP traffic with a source port of 68 and destination
    port of 67. Care must be taken since these rules return before the IP
    spoofing prevention rules. This patch splits the fixed DHCP rules into
    two, one for the discovery and request messages which take place before
    the instance has bound an IP address and a second to permit DHCP
    renewals.

    Change-Id: Ibc2b0fa80baf2ea8b01fa568cd1fe7a7e092e7a5
    Partial-Bug: #1558658
    (cherry picked from commit 6a93ee8ac1a901c255e3475a24f1afc11d8bf80f)