Limit DHCP requests with iptables - problem: Router
José Queiroz
zekkerj at gmail.com
Wed Feb 9 14:25:45 UTC 2011
2011/2/9 Peter Rathlev <peter at rathlev.dk>
> On Wed, 2011-02-09 at 10:26 +0000, Alex Bligh wrote:
> > OP already knows the offending MAC address(es) and did not say he
> > needed to autodetect them.
>
> He actually did several times, e.g.:
>
> On Tue, 2011-02-08 at 08:32 +0100, Jürgen Dietl wrote:
> > I have about 30 K Clients. In case of a client error where the Client
> > start spamming the server with DHCP requests I dont know which Client
> > it is. It can be any client in the network. So I dont know the client
> > ´s MAC address.
>
> The thread has since moved on to discussing different ways of detecting
> the misbehaving clients. And iptables alone simply cannot do what you
> describe.
>
>
Yes, iptables can do it. It's just a matter of how to chain the tests.
But I agree that this is just side considerations, and we're diverting from
the original problem: how to shut up a misbehaviorred client.
The best way to do that would be some way of DHCP Snooping, as it may be
configured to limit DHCP requests in a per port basis.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20110209/58c253ef/attachment.html>
More information about the dhcp-users
mailing list