Re: iptables and dhcp
From: W Cardwell (wrong_at_email.address)
Date: 09/16/03
- Next message: mjt: "Re: Backup of Redhat (Ghost)"
- Previous message: Will Dormann: "Re: Backup of Redhat (Ghost)"
- In reply to: Dave Lister: "Re: iptables and dhcp"
- Next in thread: Dave Lister: "Re: iptables and dhcp"
- Reply: Dave Lister: "Re: iptables and dhcp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Tue, 16 Sep 2003 13:59:45 GMT
>
> They are not on the same physical segment: my firewall sits in between.
Since you're using a bridging firewall they are on the same IP broadcast
domain. If you use a routing firewall, DHCP broadcasts won't pass through.
>
> >> I've tried blocking ports 67 and 68 with iptables, and it still gets
> >> passed through and serviced. I've tried blocking everything in both
> >> directions and it still gets passed through.
> >>
> >> Any ideas?
> >
Iptables can't filter DHCP packets for some reason that I've never seen
adequately explained. If you can't switch to a routing firewall, you might
have to resort to MAC address matching at the DHCP server to prevent it
assigning addresses to machines beyond the firewall.
- Next message: mjt: "Re: Backup of Redhat (Ghost)"
- Previous message: Will Dormann: "Re: Backup of Redhat (Ghost)"
- In reply to: Dave Lister: "Re: iptables and dhcp"
- Next in thread: Dave Lister: "Re: iptables and dhcp"
- Reply: Dave Lister: "Re: iptables and dhcp"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
