Re: DHCP works but iptables should have dropped

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 2007-10-15, G��Lajos <swifty@xxxxxxxxxxx> wrote:
>> The raw socket has one important attribute: it recieves packets before
>> netfilter. The same mechanism is used by tcpdump/libcap.
>>
> Are you saying that We CAN NOT "protect" the DHCP-server with iptables?
>
The way how you say it is bad but it's true.

OTOH, how do you want to protect server before malicous packets which
have source address 0.0.0.0? It makes no sense. Just omit the interface
name in argument list of dhcpd and be happy ;)

-- Petr

-
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux