does isc dhcp 4.2.3 support blocking client which send many
jeffw at cnxntech.com
Wed Mar 7 18:12:39 UTC 2012
On Mar 7, 2012, at 10:52 AM, Simon Hobson wrote:
> Martin McCormick wrote:
>> A good mechanism for controlling insane systems
>> might be to read time intervals between each MAC address contact
>> and start ignorring anybody who has contacted DHCPD more than X
>> number of times in X number of seconds.
> Which is the sort of task Logwatch was written for. Anyone know if
> any DHCP filters/actions have been written for it ?
> However, that won't work for devices behind a relay agent. And
> someone said that iptables doesn't work either.
IP tables can be made to work. Someone is being dumb.
Here's A link from 5m of google;
Form the 2nd source, seems approximately the same;
#9 allow 5 TCP connexion attempts
# with 2 per minuts frequency
#iptables -A INPUT -m state --state NEW -m recent --set
#iptables -A INPUT -m state --state NEW -m recent --update --hitcount 6 -j DROP
#iptables -A INPUT -m state --state NEW -m recent --update --seconds 60 --hitcount 3 -j DROP
> Simon Hobson
> Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
> author Gladys Hobson. Novels - poetry - short stories - ideal as
> Christmas stocking fillers. Some available as e-books.
> dhcp-users mailing list
> dhcp-users at lists.isc.org
More information about the dhcp-users