As u said i did all , but it will not reach my requirement, because when i added that rule with a specific MAC address , according to ur mail it will allow to get all the dhcp facilities . But other machines also doing samething . so seems to be somewhere has a small problem , i will give u my tabless info iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT DROP ####################################################################################################################### iptables -A INPUT -i lo -m state --state NEW -j ACCEPT iptables -A OUTPUT -o lo -m state --state NEW -j ACCEPT iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A OUTPUT -m state --state NEW -j ACCEPT #################################################################################################################### iptables -N MACcheck iptables -A MACcheck -m mac --mac-source 00.50.BA.50.36.25 -j ACCEPT iptables -A MACcheck -j DROP iptables -I INPUT -i eth0 -j MACcheck ###################################################################################################################### iptables -A INPUT -p udp -s 192.168.30.0/24 --dport 67 -i eth0 -m state --state NEW -m mac --mac-source 00:50:BA:50:36:25 -j ACCEPT iptables -A INPUT -p tcp -s 192.168.30.0/24 --dport 67 -i eth0 -m state --state NEW -m mac --mac-source 00:50:BA:50:36:25 -j ACCEPT iptables -A INPUT -p udp -s 192.168.30.0/24 --dport 68 -i eth0 -m state --state NEW -m mac --mac-source 00:50:BA:50:36:25 -j ACCEPT iptables -A INPUT -p tcp -s 192.168.30.0/24 --dport 68 -i eth0 -m state --state NEW -m mac --mac-source 00:50:BA:50:36:25 -j ACCEPT __________________________________ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree
