Limit DHCP requests with iptables - problem: Router

David Forrest drf at maplepark.com
Mon Feb 7 17:11:44 UTC 2011


On Mon, 7 Feb 2011, Alex Bligh wrote:

>
>
> --On 7 February 2011 15:31:46 +0100 Juergen Northe 
> <juergen.northe at googlemail.com> wrote:
>
>> oops. Not (A)ppend but (I)nsert should work. I have not tried it yet:
>> 
>> iptables -I INPUT  -i eth0  -p udp -m udp  -m multiport  -m mac
>> --mac-source XX:XX:XX:XX:XX -d 255.255.255.255   --dports 68,67  -m
>> state --state NEW  -j REJECT
>
> That won't work because all his dhcp queries come with the same
> MAC address - the router which is forwarding them.
>
>

Then you might try adding a limit test and -j ACCEPT .

--limit rate[/second|/minute|/hour|/day]
Maximum average matching rate: specified as a number, with 
an optional ‘/second’, ‘/minute’, ‘/hour’, or ‘/day’ suffix; the default 
is 3/hour.

Dave

-- 
David Forrest 
St. Louis, Missouri


More information about the dhcp-users mailing list