Re: Filtering out external DHCP requests

To: Alex Malinovich <demonbane@the-love-shack.net>
Cc: debuser <debian-user@lists.debian.org>
Subject: Re: Filtering out external DHCP requests
From: Kevin Buhr <buhr@telus.net>
Date: 18 Nov 2002 12:53:42 -0800
Message-id: <[🔎] 87bs4m7g6h.fsf@saurus.asaurus.invalid>
In-reply-to: <[🔎] 1037396001.2754.14.camel@Thief>
References: <[🔎] 1037396001.2754.14.camel@Thief>

Alex Malinovich <demonbane@the-love-shack.net> writes:
>
> Unfortunately, it seems that no matter what I do requests (i.e.
> DHCPDISCOVER from * via eth0) still come in on the external
> connection (eth0).

I believe some (most?) Linux DHCP daemons (including the ISC "dhcpd"
version 2 and 3) use an AF_PACKET socket for all communication.  This
very raw socket gets a copy of all frames, long before they hit the
IPv4-specific packet filter that your "iptables" commands are
configuring.

Your best bet is, obviously, to configure your daemon to only bind to
a specific interface.  (The ISC "dhcpd" can do this with a command
line option, as someone else has pointed out.)

-- 
Kevin <buhr@telus.net>

Reply to:

References:
- Filtering out external DHCP requests
  - From: Alex Malinovich <demonbane@the-love-shack.net>

Prev by Date: Re: Using Lilo to select different Kernels
Next by Date: Computers
Previous by thread: Re: Filtering out external DHCP requests
Next by thread: RE: debian-user-digest Digest V2002 #498
Index(es):
- Date
- Thread