Mistake in DHCP option (firewall) by default

[sigo]

I have been create a LXC container with enabled 'firewall' (attached image) and all other options by default(!). My VM.fw next:

root@pve:~# cat /etc/pve/firewall/120.fw
[OPTIONS]

enable: 1

Now, i am checking firewall rules for interfaces in this VM:

exists veth120i0-IN (MdXshSidEihaLE7OpiTgIGGldkk)
-A veth120i0-IN -p udp --dport 68 --sport 67 -j ACCEPT
-A veth120i0-IN -j PVEFW-Drop
-A veth120i0-IN -j DROP

exists veth120i0-OUT (uJMd6DURdH7pmpw+5X9q53s9WnI)
-A veth120i0-OUT -p udp --dport 67 --sport 68 -g PVEFW-SET-ACCEPT-MARK
-A veth120i0-OUT -m mac ! --mac-source 6E:14:92:52:FD:F4 -j DROP
-A veth120i0-OUT -j MARK --set-mark 0x00000000/0x80000000
-A veth120i0-OUT -g PVEFW-SET-ACCEPT-MARK

Ports 67,68??? But DHCP was disabled by default! (look at attached image)

To resolve this bug I make in GUI 'enable, OK, disable, OK' for DHCP option. Now my VM.fw has explicit definition for DHCP option:

root@pve:~# cat /etc/pve/firewall/120.fw

[OPTIONS]

dhcp: 0
enable: 1

Checking firewall rules again:

exists veth120i0-IN (GiPAm9L6UAAIxfS/Yq/45RWuA9A)
-A veth120i0-IN -j PVEFW-Drop
-A veth120i0-IN -j DROP

exists veth120i0-OUT (PMh1lDTxSDoWo94QTLonRF+LrN8)
-A veth120i0-OUT -m mac ! --mac-source 6E:14:92:52:FD:F4 -j DROP
-A veth120i0-OUT -j MARK --set-mark 0x00000000/0x80000000
-A veth120i0-OUT -g PVEFW-SET-ACCEPT-MARK

It's all right.

Is this a bug?

 

[dcsapak]

yes this is a bug thanks, already sent a patch: https://pve.proxmox.com/pipermail/pve-devel/2017-October/029275.html