However I do managed to get the DHCP-discovery packets dropped (and logged as dropped) by a general DROP-rule after having matched on vaild source-mac addresses. But even if iptables consider the packets to be dropped, they are still forwarded to the dhcpd. This could be seen using "iptables -L -v"
I think it's more likely that the dhcp-server listens on a very low layer.
I'll try it anyway.
/Håkan E.
From: Antony Stone <Antony@xxxxxxxxxxxxxxxxxxxx> To: <netfilter@xxxxxxxxxxxxxxxxxxx> Subject: Re: source-mac filtering Date: Sun, 11 Jan 2004 00:25:25 +0000
On Sunday 11 January 2004 12:13 am, Pawel Staszewski wrote:
> Hello > > Maybe try to block broadcast to the "blocked" client.... > "-m pkttype --pkttype broadcast ........." > > I use it and this work fine...
You can use a rule with this match in it to stop your DHCP server giving out
addresses?
I thought DHCPD caught the packets before they ever got to netfilter, therefore you couldn't block the traffic with any sort of rule.
Antony.
-- Ramdisk is not an installation procedure.
Please reply to the list;
please don't CC me.
_________________________________________________________________ Hitta rätt köpare på MSN Köp & Sälj http://www.msn.se/koposalj
