Fix a typing error in the no-ip-spoofing filter. Return DHCP request packets passing through this filter. Have the user use another filter to actually allow DHCP requests to be sent (action='accept'). --- examples/xml/nwfilter/no-ip-spoofing.xml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) Index: libvirt-acl/examples/xml/nwfilter/no-ip-spoofing.xml =================================================================== --- libvirt-acl.orig/examples/xml/nwfilter/no-ip-spoofing.xml +++ libvirt-acl/examples/xml/nwfilter/no-ip-spoofing.xml @@ -1,7 +1,7 @@ <filter name='no-ip-spoofing' chain='ipv4-ip' priority='-710'> - <!-- allow DHCP requests --> - <rule action='accept' direction='out' priority='100'> - <ip srcipaddr='0.0.0.0' protocol='udp' srcportstart='68' srcportend='68'/> + <!-- allow DHCP requests sent from 0.0.0.0 --> + <rule action='return' direction='out' priority='100'> + <ip srcipaddr='0.0.0.0' protocol='udp' srcportstart='68' dstportstart='67'/> </rule> <!-- allow all known IP addresses -->