[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Iptables not blocking DHCP/UDP correctly?

On Fri, 2004-10-29 at 00:27 +0200, Bernd Eckenfels wrote:
> On Thu, Oct 28, 2004 at 11:20:24PM +0200, Bart-Jan Vrielink wrote:
> > On Thu, 2004-10-28 at 14:15 -0400, Larry Kelly wrote:
> > > Help!  Either iptables is not blocking DHCP requests or my understanding of
> > > how to configure iptables to block is incorrect (probably the later).  
> > 
> > >    dhcpd installed and running (listening on all interfaces).
> > >    iptables configured to block incoming and outgoing udp traffic.
> 
> DHCP is not UDP, it is protocol "bootp"

Huh?
bartjan@trillian:~$ getent protocols|grep -i bootp
bartjan@trillian:~$ getent services |grep -i bootp
bootps                67/tcp
bootps                67/udp
bootpc                68/tcp
bootpc                68/udp

And as far as I can tell, it almost always uses udp, not tcp.

> > dhcpd operates directly on the interface, right in front of the
> > netfilter firewall.
> 
> Nope.

So it needs CONFIG_PACKET for no apparent reason?
I lost count on the number of times I had to recompile a kernel because
I forgot to include this one (and/or CONFIG_FILTER) and dhcp didn't
work.

-- 
Tot ziens,
Bart-Jan Vrielink
Reply to: