On Fri, Jul 08, 2005 at 05:18:33PM -0400, Willy Chang wrote: > Folks, > > I am running a dhrelay service and using iptables to be a > firewall to block packets from dhcp server on the inbound side, eth0, > of my Liunx. The reason to do this is to avoid generating duplicated > packets from my machine to dhcp client on the same subnet. > For some reasons, I am unable to block these packets. I have a > simple rule setting below to simply block all incoming UDP packets > where it should block dhcp package as well. iptables works in the IP stack. Applications using PACKET sockets don't use the IP stack and therefore are not affected by iptables. My guess is that dhrelay uses PACKET sockets. -- - Harald Welte <laforge@xxxxxxxxxxxxx> http://netfilter.org/ ============================================================================ "Fragmentation is like classful addressing -- an interesting early architectural error that shows how much experimentation was going on while IP was being designed." -- Paul Vixie
Attachment:
pgpxXChTNNSPA.pgp
Description: PGP signature
