Limit DHCP requests with iptables - problem: Router
Simon Hobson
dhcp1 at thehobsons.co.uk
Sun Sep 9 08:19:49 UTC 2012
Mr Dash Four wrote:
>After reading the above, I took a "non-standard" approach which did
>the trick, so I thought to share it - if you are using SELinux and
>are familiar with creating/implementing security policies do what I
>did - create one such policy and prevent dhclient from ever
>attempting to get anywhere near to access of raw packets or raw
>socket connections. That way the beast is well and truly caged,
>forever! Tried and tested with great success.
Do you mean client, or do you mean server ?
If you do mean client, then your suggestion is of no help to the OP
as it involves modifying the client - and if you re-read his problem
these clients include embedded ones in (eg) printers and so on.
If you mean server, then you need to explain just how this solution
helps - since it would appear to force conditions on the server
designed to prevent some of it's functions working. The people who
wrote the software didn't use raw sockets for fun - they used them
because it's required in order to send/receive certain packets
**required** for the DHCP protocol to work.
--
Simon Hobson
Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.
More information about the dhcp-users
mailing list