Re: Iptables not blocking DHCP/UDP correctly?

To: Larry Kelly <Larry.Kelly@noaa.gov>
Cc: debian-firewall@lists.debian.org
Subject: Re: Iptables not blocking DHCP/UDP correctly?
From: Bart-Jan Vrielink <bartjan@vrielink.net>
Date: Thu, 28 Oct 2004 23:20:24 +0200
Message-id: <[🔎] 1098998424.4238.46.camel@trillian.dontpanic.nl>
In-reply-to: <[🔎] 000501c4bd1a$17517430$446f5a8c@Cube96501>
References: <[🔎] 000501c4bd1a$17517430$446f5a8c@Cube96501>

On Thu, 2004-10-28 at 14:15 -0400, Larry Kelly wrote:
> Help!  Either iptables is not blocking DHCP requests or my understanding of
> how to configure iptables to block is incorrect (probably the later).  

>    dhcpd installed and running (listening on all interfaces).
> 
>    iptables configured to block incoming and outgoing udp traffic.
> 
>    A client on one of the interfaces makes a dhcp request.
>    Gets an acknowledgement w/IP address from the server.
> 
>    From what I understand about iptables, shouldn't these packets get
> dropped?  How is DHCP server seeing and responding?  Iptables config and
> daemon log output follows.

dhcpd operates directly on the interface, right in front of the
netfilter firewall. So configure dhcpd not to answer DHCP request you
don't want to see answered. For example by having it listen only on the
proper interfaces.

-- 
Tot ziens,
Bart-Jan Vrielink

Reply to:

Follow-Ups:
- Re: Iptables not blocking DHCP/UDP correctly?
  - From: Bernd Eckenfels <lists@lina.inka.de>

References:
- Iptables not blocking DHCP/UDP correctly?
  - From: "Larry Kelly" <Larry.Kelly@noaa.gov>

Prev by Date: Iptables not blocking DHCP/UDP correctly?
Next by Date: Re: Iptables not blocking DHCP/UDP correctly?
Previous by thread: Iptables not blocking DHCP/UDP correctly?
Next by thread: Re: Iptables not blocking DHCP/UDP correctly?
Index(es):
- Date
- Thread