I think the PCs here 'discover' the DNS servers. This makes it tricky to have a DHCP_SERVER variable in the iptables script. I'm wondering if on boot, the pc sends out a broadcast for DHCP servers, and one (or more) responds on port 68:69, but that the STATE module doesn't associate the response with the broadcast.
Time to read more about dhcp.
Matthew
I'ts possible ,but a connection orriginating from the outside to boot internal your PC , no way. ?? Request for a DHCP should be orriginating from the inside. (your win95 +98). and reply should come from the outside.
No, you don't have to load a module.
but your very warm, there should be a rule to track these connections. example:
DHCP_SERVER"211.124.45.2"
${IPTABLES} -A OUTPUT -p udp -s 0/0 -d ${DHCP_SERVER} --sport 68 --dport 67 \ -m state --state NEW -j ACCEPT
${IPTABLES} -A INPUT -p udp -s 0/0 -s ${DHCP_SERVER} --sport 67 --dport 68 \ -m state --state ESTABLISHED,RELATED -j ACCEPT
hmm.. silly NO , silly are the people who don't ask , but just do.
Pascal
