imho DHCP server uses raw sockets, grapping it's packets before netfilter is impossible ? Use fixed ip & macs in dhcp configuration to prevent usage bei unknown macs. btw: macs can be faked. Mit freundlichen Grüßen Ulrich Gebauer Hans Soldan GmbH, Dienste für Anwälte Organisation / IT Bocholder Straße 259, 45356 Essen Telefon:0201 / 8612-228, Telefax: 0201 / 8612-377 Email: gebauer@xxxxxxxxx Internet: http://www.marktplatz-recht.de -----Ursprüngliche Nachricht----- Von: curlybraces [mailto:curlybraces@xxxxxxxxxxxx] Gesendet: Freitag, 14. November 2003 12:42 An: netfilter-admin@xxxxxxxxxxxxxxxxxxx; netfilter@xxxxxxxxxxxxxxxxxxx Betreff: MAC BLOCK in a DHCP server can some body help me to do the configurations......... as a default rule , block every MAC adrresses and let few of known MACs to Allow come in to a DHCP server using iptables ................pls i did some configurations , but those r not working . if all the input , forward , output DROP in the default policies , no one can access the dhco server ....is it ? but my dhcp clients tkaing the ips.....how come this ? pls reply me asap thanx