Comment 4 for bug 1316271

For some reasons, dhcp needs to talk with loopback...

--- linux_net.py.orig 2014-05-06 15:22:13.525362875 +0000
+++ linux_net.py 2014-05-06 22:01:42.914944165 +0000
@@ -808,6 +808,24 @@

 @utils.synchronized('lock_gateway', external=True)
+def isolate_compute_from_guest(network_ref):
+ if not network_ref:
+ return
+
+ iptables_manager.ipv4['filter'].add_rule('INPUT',
+ '-p tcp -d %s --dport 8775 '
+ '-j ACCEPT' % network_ref['dhcp_server'])
+ iptables_manager.ipv4['filter'].add_rule('FORWARD',
+ '-p tcp -d %s --dport 8775 '
+ '-j ACCEPT' % network_ref['dhcp_server'])
+ iptables_manager.ipv4['filter'].add_rule('INPUT',
+ '-d %s ! -i lo '
+ '-j DROP' % network_ref['dhcp_server'])
+ iptables_manager.ipv4['filter'].add_rule('FORWARD',
+ '-d %s ! -i lo '
+ '-j DROP' % network_ref['dhcp_server'])
+ iptables_manager.apply()
+
 def initialize_gateway_device(dev, network_ref):
     if not network_ref:
         return
@@ -1049,6 +1067,7 @@
             try:
                 _execute('kill', '-HUP', pid, run_as_root=True)
                 _add_dnsmasq_accept_rules(dev)
+ isolate_compute_from_guest(network_ref)
                 return
             except Exception as exc: # pylint: disable=W0703
                 LOG.error(_('Hupping dnsmasq threw %s'), exc)
@@ -1101,6 +1120,7 @@

     _add_dnsmasq_accept_rules(dev)

+ isolate_compute_from_guest(network_ref)

 @utils.synchronized('radvd_start')
 def update_ra(context, dev, network_ref):