On Tue, Sep 23, 2003 at 04:09:33PM +0200, Benoit Steinmetz wrote: > it seems that the dhcp packets seem to be unaffected by the firewall, because, > no matter how restrictive i setup the firewall, the udp packets coming from > port 67 on the dhcp-server and going to the local port 68 pass > through. has this something to do with the linux socket filter > (CONFIG_FILTER in the kernel configuration), which is needed by dhcp > to work correctly? The question is: How is the dhcp client implemented? If the DHCP server opens a PF_PACKET socket (like tcpdump does) than there is no way iptables can filter those packets. Only if the process uses the normal IP stack (PF_INET sockets), packet filtering rules apply. > thanks > benoit steinmetz. -- - Harald Welte <laforge@xxxxxxxxxxxxx> http://www.netfilter.org/ ============================================================================ "Fragmentation is like classful addressing -- an interesting early architectural error that shows how much experimentation was going on while IP was being designed." -- Paul Vixie
Attachment:
pgp00591.pgp
Description: PGP signature
