Limit DHCP requests with iptables - problem: Router
Alex Bligh
alex at alex.org.uk
Tue Feb 8 22:30:46 UTC 2011
--On 8 February 2011 08:17:51 +0000 Simon Hobson <dhcp1 at thehobsons.co.uk>
wrote:
> My understanding is that the recent module for iptables can do this. But
> I'm not sure if it can track arbitrary parts of the packet,
My understanding is it can (*), and there have been various examples
(including yours) of how to do this. I'm not quite sure why people
are claiming iptables is only capable of examining ip and "tcp/udp"
headers, particularly when others have provided working examples.
I'd repeat that in terms of maintainability, it might be easier to
patch dhcpd, but for a small number of hosts, it appears eminently
feasible.
(*)=excepting where the packet was fragmented before the last byte of
being sampled, which is not relevant here.
--
Alex Bligh
More information about the dhcp-users
mailing list