> i have a strange problem, not sure whats going on. i > have a dhcp3-server on a machine. the server is serves > to eth1 and eth2 addresses. now i would like to block > the server (so that a client cant send a request > anymore). > > but so far i dont even manage to block the dhcprequest > with the default policy drop. > > i have all 3 tables all chains drop > i dont have any rule > > but when i do tcpdump i can see the following > > 192.168.5.30 bootpc > 192.168.5.1 bootps ...... > 192.168.5.1 bootps > 192.168.5.30.bootpc .... > > what is going on? does dhcp-request goes somehow over > layer2? depends on the dhcpd implementation. some dhcpd's operate at the BPF layer (layer 2-ish), so the packets will be received by the daemon before netfilter has a chance to block them [*]. if you want to block access to it--why not just shut the daemon down? if you're trying to allow dhcp to a few known clients and block all other access--try the "deny unknown clients" option in dhcpd.conf. [*] you could also play with "-m mac --mac-source [!] XX:XX:XX:XX:XX:XX" in netfilter to see if that helps you. -j
