dhcp-server with Linux packet Filter(aka LPF)-Interface bypasses iptables firewall (and socket interface fails with dhclient)
Joerg Pommnitz
pommnitz at yahoo.com
Wed Apr 26 16:58:43 UTC 2006
Hello all,
I'm trying to setup a whitelist that allows only certain MAC addresses to access a network interface (might be ethernet or WiFi). The setup works fine except for the fact that the dhcp-server bypasses the iptables filter when using LPF.
To work around this problem I disabled the "USE_LPF" define in include/cf/linux.h. This way the dhcp-server honors the firewall settings, but now the dhclient fails to work properly. If the interface is uninitialized ("ifconfig eth0 0.0.0.0 up" is enough) it can't talk to my dhcp server. tcpdump confirms that no DHCP request are sent.
Does anybody on the list have an idea how to solve this problem? If worst comes to pass I will just use a dhcp server that uses the socket interface and a dhcp client that uses LPF, but I'm not desperate enough, yet.
BTW: this is dhcp-3.0.3 on Linux kernel 2.6.8 or 2.6.12.
-- Thanks in advance
Joerg
More information about the dhcp-users
mailing list