Re: dhcrelay still responds dropped inbound offer packets from iptables

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jul 08, 2005 at 05:18:33PM -0400, Willy Chang wrote:
> Folks,
> 
>      I am running a dhrelay service and using iptables to be a
> firewall to block packets from dhcp server on the inbound side, eth0,
> of my Liunx. The reason to do this is to avoid generating duplicated
> packets from my machine to dhcp client on the same subnet.
>      For some reasons, I am unable to block these packets. I have a
> simple rule setting below to simply block all incoming UDP packets
> where it should block dhcp package as well.

iptables works in the IP stack.  Applications using PACKET sockets don't
use the IP stack and therefore are not affected by iptables.

My guess is that dhrelay uses PACKET sockets.

-- 
- Harald Welte <laforge@xxxxxxxxxxxxx>                 http://netfilter.org/
============================================================================
  "Fragmentation is like classful addressing -- an interesting early
   architectural error that shows how much experimentation was going
   on while IP was being designed."                    -- Paul Vixie

Attachment: pgpxXChTNNSPA.pgp
Description: PGP signature


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux