Merge branch 'master' of https://git.oopen.de/firewall/ipt-gateway

ipt-firewall-gateway

@@ -1698,11 +1698,37 @@ fi
 
 echononl "\tDHCP"
 
+# Get IPv4 Adresses for local interfaces
+#
+declare -A if_ipv4_map
+for _if in "${local_if_arr[@]}"; do
+    if_ipv4_map["$_if"]=$(
+        ip -4 -o addr show dev "$_if" scope global \
+        | awk '{print $4}' \
+        | cut -d/ -f1 \
+        | tr '\n' ' '
+    )
+done
+
 if $local_dhcp_service ; then
    # - Allow requests from intern networks
    for _dev in ${local_if_arr[@]} ; do
-      # - in
+
+      # - in: Broadcast + Unicast für DHCP erlauben
+      #$ipt -A INPUT -p udp -i $_dev --sport 68 --dport 67 -j ACCEPT
+
+      # - in: DHCP-Broadcasts - The first lease is negotiated via broadcast.
       $ipt -A INPUT -p udp -i $_dev -s 0/0 --sport 68 -d 255.255.255.255 --dport 67 -j ACCEPT
+
+      # - in: DHCP-Unicast-Renews - Extension(Verlängerung) of the lease via unicast renewal request
+      for _ip in ${if_ipv4_map["$_dev"]}; do
+
+          # DHCP-Client - Server (Unicast-Renew an lokale IP)
+          $ipt -A INPUT -p udp -i "$_dev" --sport 68 -d "$_ip" --dport 67 -j ACCEPT
+
+      done
+
+
       # - out
       $ipt -A OUTPUT -p udp -o $_dev --sport 67 -d 0/0 --dport 68 -j ACCEPT
    done