Hello,
fvancrae@xxxxxxxxxx a écrit :
I am using ebtables on my firewall to have one consumer device (client)
bypass the firewall entirely and act as if it is directly connected to
the internet.
For this I create a bridge (non transparant) and specify a MAC based
rule in the BROUTING chain
-s MAC -i eth1 -j ACCEPT
-d MAC -i eth0 -j ACCEPT
BROUTING POLICY DROP
This seems incomplete to me. How do you deal with broadcast frames
received on eth0 such as ARP requests for your device IP address ?
eth0 is my routers WLAN interface
eth1 is my routers LAN interface
Then I wanted to block the DHCP request for that MAC on my firewall (who
is DHCPD)
but it seems that no iptable or ebtable rule can be used to block this
packet (or even an outgoing packet of my DHCPD)
My client always gets an IP inside my LAN.
Does the DHCP server listen on eth0 or the bridge interface ? Some DHCP
softwares (either client or server side) are bound directly to the
network interface and thus bypass iptables and ebtables. So I guess you
might either blacklist the device MAC address in the DHCP server
configuration if possible, or have it listening on the bridge interface
(and add ebtables rules to avoid DHCP traffic from leaking through eth0).
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
