Bug#329939: dhcp3-client: please expand security-related options (such as reject) to accept networks

Andrew Pollock apollock at debian.org
Thu Oct 6 11:35:21 UTC 2005 

Hi,

I received this wishlist bug report from a dhclient user the other day.

Seems like a fairly reasonable request to me.

Please maintain the Cc so that the submitter and the BTS are kept in the
loop.

regards

Andrew

On Sat, Sep 24, 2005 at 12:30:18PM -0300, Henrique de Moraes Holschuh wrote:
> Package: dhcp3-client
> Version: 3.0.3-3
> Severity: wishlist
> 
> Some of us have to use dhcp3-client to tie to very, very hostile networks,
> such as ADSL or cable.  The DHCP server on these networks often migrate
> without warning, so we never know from which IP the answer will come.
> 
> It would be *very* handy to be able to:
> 
> reject 10.0.0.0/8 192.168.0.0/16 172.16.0.0/12 169.254.0.0/16;
> 
> to at least reject all rogue DHCP servers caused by morons in the local
> cable/ADSL network (which IS quite common), and fucked up cable modems that
> are non-configurable and try to give you broken addresses when the cable is
> down (which is even more common than morons with DHCP servers, at least here
> in Brazil).  It won't get real attacks, but these are very very rare.
> 
> Obviously there is absolutely no acceptable way to do this on dhclient3
> currently.  Packet filter rules must be used on the prerouting chain... 
> which is ugly at best.
> 
> -- System Information:
> Debian Release: testing/unstable
>   APT prefers unstable
>   APT policy: (990, 'unstable'), (500, 'stable'), (1, 'experimental')
> Architecture: i386 (i686)
> Shell:  /bin/sh linked to /bin/bash
> Kernel: Linux 2.6.13.2+libata+bluesmoke+imq+lm85
> Locale: LANG=pt_BR.ISO-8859-1, LC_CTYPE=pt_BR.ISO-8859-1 (charmap=ISO-8859-1)
> 
> Versions of packages dhcp3-client depends on:
> ii  debconf                       1.4.58     Debian configuration management sy
> ii  debianutils                   2.14.3     Miscellaneous utilities specific t
> ii  dhcp3-common                  3.0.3-3    Common files used by all the dhcp3
> ii  libc6                         2.3.5-6    GNU C Library: Shared libraries an
> 
> dhcp3-client recommends no packages.
> 
> -- no debconf information
> 
> -- 
>   "One disk to rule them all, One disk to find them. One disk to bring
>   them all and in the darkness grind them. In the Land of Redmond
>   where the shadows lie." -- The Silicon Valley Tarot
>   Henrique Holschuh
> 
>

More information about the dhcp-hackers mailing list