On Mon, Feb 07, 2005 at 01:57:11PM -0500, Ron Peterson wrote: > On Sun, Feb 06, 2005 at 04:01:54PM -0500, Ron Peterson wrote: > > > I am running a dhcp server on a bridging firewall. The dhcp server runs > > on br0. I have eth0 connected to my 'private' network, and eth1 > > connected to my 'public' network. > > > > I only want this dhcp server to service dhcp requests from the private > > network. Any dhcp requests entering via eth1, or any dhcp replies being > > sent via eth1 should be dropped. I stopped using iptables, and used ebtables instead. Seems to work. Obviously, there is some overlapping functionality between these two toolsets. I'm learning the hard way when to use which tool. $EBTABLES -A INPUT --in-interface $PUB --protocol IPv4 --ip-protocol udp --ip-source-port 68 -j DROP $EBTABLES -A INPUT --in-interface $PUB --protocol IPv4 --ip-protocol udp --ip-destination-port 67 -j DROP $EBTABLES -A FORWARD --in-interface $PRIV --protocol IPv4 --ip-protocol udp --ip-source-port 68 -j DROP $EBTABLES -A FORWARD --in-interface $PUB --protocol IPv4 --ip-protocol udp --ip-destination-port 67 -j DROP -- Ron Peterson Network & Systems Manager Mount Holyoke College http://www.mtholyoke.edu/~rpeterso
