Re: logged packets - why?
> What do I need to change for them to be able to *enter*?
Bootp and dhcp only use udp and always send their first request to the 'all
ones' broadcast address, AFAIK. I don't think you need the tcp rule at all.
This is the 'eth0-in' ruleset that I use to accept anything from an internal
private subnet including bootp/dhcp:
ipchains -N eth0-in
ipchains -A eth0-in -i ! eth0 -j DENY -l
ipchains -A eth0-in -s 192.168.0.0/24 -j ACCEPT
ipchains -A eth0-in -p udp -s 0.0.0.0 bootpc -d 255.255.255.255 \
bootps -j ACCEPT
ipchains -A eth0-in -j DENY -l
It's more than you were asking, but the fourth rule shown here is the only dhcp
related rule that I have found to work properly.
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.