Limit DHCP requests with iptables - problem: Router
David Forrest
drf at maplepark.com
Mon Feb 7 17:11:44 UTC 2011
On Mon, 7 Feb 2011, Alex Bligh wrote:
>
>
> --On 7 February 2011 15:31:46 +0100 Juergen Northe
> <juergen.northe at googlemail.com> wrote:
>
>> oops. Not (A)ppend but (I)nsert should work. I have not tried it yet:
>>
>> iptables -I INPUT -i eth0 -p udp -m udp -m multiport -m mac
>> --mac-source XX:XX:XX:XX:XX -d 255.255.255.255 --dports 68,67 -m
>> state --state NEW -j REJECT
>
> That won't work because all his dhcp queries come with the same
> MAC address - the router which is forwarding them.
>
>
Then you might try adding a limit test and -j ACCEPT .
--limit rate[/second|/minute|/hour|/day]
Maximum average matching rate: specified as a number, with
an optional ‘/second’, ‘/minute’, ‘/hour’, or ‘/day’ suffix; the default
is 3/hour.
Dave
--
David Forrest
St. Louis, Missouri
More information about the dhcp-users
mailing list