DHCP 4.0.2, execute() and hardware address mismatch

Sławomir Paszkiewicz paszczus at gmail.com
Mon Oct 11 09:40:36 UTC 2010

I`m trying to migrate from DNSMasq to ISC DHCP because of failover.
My problem is that MAC Addresses (hardware) are in different format than
iptables accept (i`m executing script via execute() which call iptables
-A FORWARD -m mac --mac-source .... -j ACCEPT).

In ISC DHCP logs format is correct:

DHCPREQUEST for from 00:d0:b8:0c:ba:d8 via eth0

But 'hardware' (i`m using binary-to-ascii(16, 8, ":",
substring(hardware,1, 6));) gives me:

0:d0:b8:c:ba:d8 which is incorrect for iptables:

# iptables -A FORWARD -m mac --mac-source 0:d0:b8:c:ba:d8 -s -j ACCEPT
iptables v1.4.4: Bad mac address "0:d0:b8:c:ba:d8"

My question is how to get correct (for iptables) format (same as in dhcp
logs) ?

Best regards,

More information about the dhcp-users mailing list