Iptables not blocking DHCP/UDP correctly?

To: <debian-firewall@lists.debian.org>
Subject: Iptables not blocking DHCP/UDP correctly?
From: "Larry Kelly" <Larry.Kelly@noaa.gov>
Date: Thu, 28 Oct 2004 14:15:22 -0400
Message-id: <[🔎] 000501c4bd1a$17517430$446f5a8c@Cube96501>

Help!  Either iptables is not blocking DHCP requests or my understanding of
how to configure iptables to block is incorrect (probably the later).  

   Sys w/dual NIC cards
   Running Debian 3r2  
   dhcpd installed and running (listening on all interfaces).

   iptables configured to block incoming and outgoing udp traffic.

   A client on one of the interfaces makes a dhcp request.
   Gets an acknowledgement w/IP address from the server.

   From what I understand about iptables, shouldn't these packets get
dropped?  How is DHCP server seeing and responding?  Iptables config and
daemon log output follows.

   Thanks!
  
     -Larry
   
   Output from iptables -L:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
DROP       udp  --  anywhere             anywhere

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
DROP       udp  --  anywhere             anywhere

   daemon.log output:

Oct 28 13:34:20 dhcpd-2.2.x: DHCPREQUEST for 10.0.0.10 via eth1
Oct 28 13:34:20 dhcpd-2.2.x: DHCPACK on 10.0.0.10 

~~~~~~~~~~~~~~~~~~~~~~~~~~
Larry Kelly

Reply to:

Follow-Ups:
- Re: Iptables not blocking DHCP/UDP correctly?
  - From: Bart-Jan Vrielink <bartjan@vrielink.net>

Prev by Date: Re: No access to some websites
Next by Date: Re: Iptables not blocking DHCP/UDP correctly?
Previous by thread: Re: No access to some websites
Next by thread: Re: Iptables not blocking DHCP/UDP correctly?
Index(es):
- Date
- Thread