On Thu, Sep 09, 2004 at 11:02:18AM -0400, Jason Opperisano wrote: > On Thu, 2004-09-09 at 10:40, Giancarlo Boaron wrote: > > Ok. I made my iptables script and I forgot to handle > > the DHCP protocol. So, my firewall box gets its IP > > address via DHCP. Thats a nice thing to test. > > for the sake of the list archives: > > # DHCP server -> client > iptables -A INPUT -p udp --sport 67 --dport 68 -j ACCEPT > > # DHCP client -> server > iptables -A OUTPUT -p udp --sport 68 --dport 67 -j ACCEPT Not wishing to be paranoid, buuuuuuuuutttttttt..... couldn't you usefully restrict those by source and destination IP? -- mors omnia vincit
