Limit DHCP requests with iptables - problem: Router

José Queiroz zekkerj at
Wed Feb 9 14:25:45 UTC 2011

2011/2/9 Peter Rathlev <peter at>

> On Wed, 2011-02-09 at 10:26 +0000, Alex Bligh wrote:
> > OP already knows the offending MAC address(es) and did not say he
> > needed to autodetect them.
> He actually did several times, e.g.:
> On Tue, 2011-02-08 at 08:32 +0100, Jürgen Dietl wrote:
> > I have about 30 K Clients. In case of a client error where the Client
> > start spamming the server with DHCP requests I dont know which Client
> > it is. It can be any client in the network. So I dont know the client
> > ´s MAC address.
> The thread has since moved on to discussing different ways of detecting
> the misbehaving clients. And iptables alone simply cannot do what you
> describe.
Yes, iptables can do it. It's just a matter of how to chain the tests.

But I agree that this is just side considerations, and we're diverting from
the original problem: how to shut up a misbehaviorred client.

The best way to do that would be some way of DHCP Snooping, as it may be
configured to limit DHCP requests in a per port basis.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the dhcp-users mailing list