On 2007-10-15, G��Lajos <swifty@xxxxxxxxxxx> wrote: >> The raw socket has one important attribute: it recieves packets before >> netfilter. The same mechanism is used by tcpdump/libcap. >> > Are you saying that We CAN NOT "protect" the DHCP-server with iptables? > The way how you say it is bad but it's true. OTOH, how do you want to protect server before malicous packets which have source address 0.0.0.0? It makes no sense. Just omit the interface name in argument list of dhcpd and be happy ;) -- Petr - To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
