does isc dhcp 4.2.3 support blocking client which send many

Jeff Waller jeffw at
Wed Mar 7 18:12:39 UTC 2012

On Mar 7, 2012, at 10:52 AM, Simon Hobson wrote:

> Martin McCormick wrote:
>> A good mechanism for controlling insane systems
>> might be to read time intervals between each MAC address contact
>> and start ignorring anybody who has contacted DHCPD more than X
>> number of times in X number of seconds.
> Which is the sort of task Logwatch was written for. Anyone know if 
> any DHCP filters/actions have been written for it ?
> However, that won't work for devices behind a relay agent. And 
> someone said that iptables doesn't work either.

IP tables can be made to work.  Someone is being dumb.

Here's A link from 5m of google;

Form the 2nd source, seems approximately the same;

#9 allow 5 TCP connexion attempts 
# with 2 per minuts frequency
#iptables -A INPUT -m state --state NEW -m recent --set
#iptables -A INPUT -m state --state NEW -m recent --update --hitcount 6 -j DROP
#iptables -A INPUT -m state --state NEW -m recent --update --seconds 60 --hitcount 3 -j DROP

> -- 
> Simon Hobson
> Visit for books by acclaimed
> author Gladys Hobson. Novels - poetry - short stories - ideal as
> Christmas stocking fillers. Some available as e-books.
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at

More information about the dhcp-users mailing list