On 2005.07.08 17:18, Willy Chang - changwilly@xxxxxxxxx wrote:
Folks,
I am running a dhrelay service and using iptables to be a
firewall to block packets from dhcp server on the inbound side, eth0,
of my Liunx. The reason to do this is to avoid generating duplicated
packets from my machine to dhcp client on the same subnet.
For some reasons, I am unable to block these packets. I have a
simple rule setting below to simply block all incoming UDP packets
where it should block dhcp package as well.
iptables -A INPUT -p UDP -i eth0 -j DROP
I see two things to comment on.
First, if you add (-A) a rule like this at the end,
the packets in question might have already been accepted
by an earlier rule. For a case like this, you might want
to insert at the top (-I) instead.
Second, INPUT affects filtering of packets bound for the firewall
host itself. FORWARD rules affect packets bound for other hosts.
I think those are the packets you are trying to block.
--
Jim Laurino
nfcan.x.jimlaur@xxxxxxxx
Please reply to the list.
Only mail from the listserver reaches this address.
