Bug 895475 - How to restrict dhcp to certain interfaces
How to restrict dhcp to certain interfaces
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: dhcp (Show other bugs)
18
All Linux
unspecified Severity unspecified
: ---
: ---
Assigned To: Jiri Popelka
Fedora Extras Quality Assurance
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-01-15 04:52 EST by Thomas Sailer
Modified: 2013-02-25 21:34 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-02-25 21:34:08 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Thomas Sailer 2013-01-15 04:52:42 EST
Before the conversion from initscripts to systemd units, one could restrict dhcp to (a) certain interface(s) by adding them to the command line, via the DHCPDARGS variable in /etc/sysconfig/dhcpd. Now this capability seems to be gone. How is this usage scenario supposed to work with the new systemd unit files?
Comment 1 Jiri Popelka 2013-01-15 06:15:27 EST
By editing the service unit file and adding the desired command line options to the ExecStart=.
The recommended way is to copy the service file from /usr/lib/systemd/system to /etc/systemd/system and edit it there. [1]

[1] http://www.freedesktop.org/wiki/Software/systemd/FrequentlyAskedQuestions
Comment 2 Jiri Popelka 2013-01-15 06:20:46 EST
Specifically:

# cp /usr/lib/systemd/system/dhcpd.service /etc/systemd/system/
# vim /etc/systemd/system/dhcpd.service
# add the interface name to the end of ExecStart= line
# systemctl start dhcpd.service
Comment 3 Thomas Sailer 2013-01-15 07:58:48 EST
This is what I have done. I consider this somewhat unsatisfactory, for the following reason:

- systemctl enable/disable tends to remove the local modification
- upgrades silently break
Comment 4 Jiri Popelka 2013-01-15 08:11:16 EST
(In reply to comment #3)
> - systemctl enable/disable tends to remove the local modification
> - upgrades silently break

Could you elaborate more on these as they look like a bugs.
Comment 5 Thomas Sailer 2013-01-15 10:24:46 EST
(In reply to comment #4)
> (In reply to comment #3)
> > - systemctl enable/disable tends to remove the local modification

Sorry, my bad. I edited the file in the wrong place:
/usr/lib/systemd/system/multi-user.target.wants/dhcpd.service
which kinda works, but causes no end of confusion (for example when trying to disable/enable the service)

> > - upgrades silently break

Because there's no posttrans script to convert DHCPDARGS from:
/etc/sysconfig/dhcpd
to the edit described, dhcpd ends up listening on interfaces it shouldn't...
Comment 6 Jiri Popelka 2013-01-17 12:46:13 EST
(In reply to comment #5)
> Because there's no posttrans script to convert DHCPDARGS from:
> /etc/sysconfig/dhcpd
> to the edit described, dhcpd ends up listening on interfaces it shouldn't...

Whoops, sorry.

I've added [1][2] %triggerun scriptlet that should handle it.
Build is here [3] if you want to help testing it.

[1] http://pkgs.fedoraproject.org/cgit/dhcp.git/commit/?id=dd392244183abcf5181df301597b0d988b02609c
[2] http://pkgs.fedoraproject.org/cgit/dhcp.git/commit/?id=de40db7e7696d30c4f2983095a0c42409b95c2e0
[3] https://koji.fedoraproject.org/koji/buildinfo?buildID=378811

BTW:
(In reply to comment #0)
> ... one could restrict
> dhcp to (a) certain interface(s) by adding them to the command line ...
AFAIK this is not necessary, because dhcpd listens only on interfaces, for whose it finds subnet declaration in config file.
For example if interface xyz has configured address 192.168.1.1/24, but there's no 'subnet 192.168.1.0 netmask 255.255.255.0 {}' in config file dhcpd won't listen on that interface.
It also tells you that when starting:
No subnet declaration for xyz (no IPv4 addresses).
** Ignoring requests on xyz.
Comment 7 Jiri Popelka 2013-01-17 12:57:03 EST
(In reply to comment #6)
> No subnet declaration for xyz (no IPv4 addresses).

Small correction:
No subnet declaration for xyz (192.168.1.1).
Comment 8 Jiri Popelka 2013-01-17 15:13:55 EST
(In reply to comment #6)
> Build is here [3] if you want to help testing it.

You'd actually need dhcp < 12:4.2.4-14.P1 to test it, but these builds have already been deleted from our build system.
But I've been testing it (with local build of dhcp < 12:4.2.4-14.P1) quite a lot today so it'll hopefuly be ok.
Comment 9 Fedora Update System 2013-01-18 05:15:08 EST
dhcp-4.2.5-2.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/FEDORA-2013-0572/dhcp-4.2.5-2.fc18
Comment 10 Fedora Update System 2013-01-19 22:36:16 EST
Package dhcp-4.2.5-3.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing dhcp-4.2.5-3.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-0572/dhcp-4.2.5-3.fc18
then log in and leave karma (feedback).
Comment 11 Fedora Update System 2013-01-29 19:58:32 EST
dhcp-4.2.5-3.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 12 Nerijus Baliūnas 2013-02-21 18:19:24 EST
I've just upgraded from F17 to F18 and %triggerun scriptlet didn't run, because I don't have any modifications in /etc/systemd/system/multi-user.target.wants/dhcpd.service. It's probably because of %triggerun -- dhcp < 12:4.2.4-14.P1, while before upgrade I had dhcp-4.2.4-16.P2.fc17.i686.
Comment 13 Jiri Popelka 2013-02-22 06:10:33 EST
(In reply to comment #12)
> It's probably because of %triggerun -- dhcp < 12:4.2.4-14.P1, while before upgrade I had dhcp-4.2.4-16.P2.fc17.i686.

Right. Should be fixed in dhcp-4.2.5-7.fc18
Comment 14 Fedora Update System 2013-02-22 06:26:26 EST
dhcp-4.2.5-7.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/dhcp-4.2.5-7.fc18
Comment 15 Fedora Update System 2013-02-24 03:44:18 EST
Package dhcp-4.2.5-7.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing dhcp-4.2.5-7.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-2941/dhcp-4.2.5-7.fc18
then log in and leave karma (feedback).
Comment 16 Fedora Update System 2013-02-25 21:34:10 EST
dhcp-4.2.5-7.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.