Remove the requirement that DHCP messages have to be broadcasted. --- src/nwfilter/nwfilter_ebiptables_driver.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) Index: libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c =================================================================== --- libvirt-acl.orig/src/nwfilter/nwfilter_ebiptables_driver.c +++ libvirt-acl/src/nwfilter/nwfilter_ebiptables_driver.c @@ -3245,9 +3245,8 @@ ebtablesApplyDHCPOnlyRules(const char *i virBufferAsprintf(&buf, CMD_DEF("$EBT -t nat -A %s" - " -s %s -d Broadcast " + " -s %s" " -p ipv4 --ip-protocol udp" - " --ip-src 0.0.0.0 --ip-dst 255.255.255.255" " --ip-sport 68 --ip-dport 67" " -j ACCEPT") CMD_SEPARATOR CMD_EXEC