Re: Filtering with iptables based on DHCP leases
I'm affraid not. I'v seen ppl run cron scripts once every 5min that read
the /var/*/*/dhcpd.leases file with awk scripts to generate firewall
rules.
This had one fall back it's realy difficult to read the firewall rules to
see what needs chaning. The solution was to whipe out and rebuild the
firewall if 'diff' said the the new and old rules where differant.
You might want to also look at this.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=192235
It will undo the dhcpd->awk->script and allow you to not worry about
removing EVERY rule on your firewall.
--- Carl-Eric Menzel <cm.debian@users.bitforce.com> wrote:
> Hi,
>
> I'm running a small ethernet network in the 192.168.1.x range, with
> firewall and router in one Debian box on 192.168.1.1. eth0 is LAN,
> eth1/ppp0 goes to the ISP.
>
> The LAN machines get their configuration from a DHCP server that also
> runs on the router box. What I'd like to do now is to block all router
> access to machines that did not get their IP from the DHCP (i.e. those
> with static IPs). Is there any hook in dhcpd that lets me trigger
> iptables commands?
>
> Thanks
> Carl-Eric
> --
> Antwort: Weil es das Lesen des Textes erschwert. | Carl-Eric Menzel
> Frage : Warum ist das so schlimm? | PGP ID: 808F4A8E
> Antwort: Antworten oben zu schreiben. | Bitte keine HTML-
> Frage : Was ist die schlimmste Unsitte in Emails? | Mails schicken.
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>
__________________________________
Do you Yahoo!?
Yahoo! Mail is new and improved - Check it out!
http://promotions.yahoo.com/new_mail
Reply to: