From ef2b31880b55b43ac72e68a57c2d14c9b0d2a698 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Sat, 7 Apr 2018 09:39:22 -0500
Subject: [PATCH] dch-gw: Allow outbound DHCP

Connection Tracking does not work for DHCP messages, since many are
broadcast. As such, the firewall must explicitly allow datagrams
destined for the DHCP client port.
---
 group_vars/dch-gw/dch-network.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/group_vars/dch-gw/dch-network.yml b/group_vars/dch-gw/dch-network.yml
index 84591dd..cf231c5 100644
--- a/group_vars/dch-gw/dch-network.yml
+++ b/group_vars/dch-gw/dch-network.yml
@@ -100,6 +100,8 @@ allow_outgoing:
   port: dhcpv6-server
 - protocol: udp
   port: bootps
+- protocol: udp
+  port: bootpc
 - protocol: tcp
   port: https
 - protocol: tcp