Limit DHCP requests with iptables - problem: Router

Alex Bligh alex at alex.org.uk
Tue Feb 8 22:30:46 UTC 2011



--On 8 February 2011 08:17:51 +0000 Simon Hobson <dhcp1 at thehobsons.co.uk> 
wrote:

> My understanding is that the recent module for iptables can do this. But
> I'm not sure if it can track arbitrary parts of the packet,

My understanding is it can (*), and there have been various examples
(including yours) of how to do this. I'm not quite sure why people
are claiming iptables is only capable of examining ip and "tcp/udp"
headers, particularly when others have provided working examples.

I'd repeat that in terms of maintainability, it might be easier to
patch dhcpd, but for a small number of hosts, it appears eminently
feasible.

(*)=excepting where the packet was fragmented before the last byte of
being sampled, which is not relevant here.

-- 
Alex Bligh



More information about the dhcp-users mailing list