Fix the DHCP port in iptables (68 vs 67 and TCP vs UDP)

Change-Id: Ifb66474a72044ab06b479570b58db63d1d5ed4e9
2021-11-19 17:13:39 +01:00 · 2021-11-19 17:13:39 +01:00 · 6c46346383
commit 6c46346383
parent 208135359d
2 changed files with 18 additions and 2 deletions
--- a/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml
+++ b/playbooks/roles/bifrost-ironic-install/tasks/bootstrap.yml
@ -409,13 +409,24 @@
    in_interface: "{{ network_interface }}"
    jump: ACCEPT
  loop:
-    - 68
-    - 69
    - "{{ file_url_port }}"
    - "{{ file_url_port_tls }}"
    - 6385
  when: not use_firewalld | bool

+- name: "Explicitly permit DHCP and TFTP ports"
+  iptables:
+    chain: INPUT
+    action: insert
+    protocol: udp
+    destination_port: "{{ item }}"
+    in_interface: "{{ network_interface }}"
+    jump: ACCEPT
+  loop:
+    - 67
+    - 69
+  when: not use_firewalld | bool
+
 - name: "Enable services in firewalld"
  firewalld:
    service: "{{ item }}"
--- a/releasenotes/notes/ubuntu-ports-6e6c2fef3dc7bccb.yaml
+++ b/releasenotes/notes/ubuntu-ports-6e6c2fef3dc7bccb.yaml
@ -0,0 +1,5 @@
+---
+fixes:
+  - |
+    Fixes the iptables rule for PXE on systems not using firewalld (use
+    port UDP/67 and UDP/69 instead of TCP/68 and TCP/69).