Limit DHCP requests with iptables - problem: Router

Simon Hobson dhcp1 at
Sun Sep 9 08:19:49 UTC 2012

Mr Dash Four wrote:

>After reading the above, I took a "non-standard" approach which did 
>the trick, so I thought to share it - if you are using SELinux and 
>are familiar with creating/implementing security policies do what I 
>did - create one such policy and prevent dhclient from ever 
>attempting to get anywhere near to access of raw packets or raw 
>socket connections. That way the beast is well and truly caged, 
>forever! Tried and tested with great success.

Do you mean client, or do you mean server ?

If you do mean client, then your suggestion is of no help to the OP 
as it involves modifying the client - and if you re-read his problem 
these clients include embedded ones in (eg) printers and so on.

If you mean server, then you need to explain just how this solution 
helps - since it would appear to force conditions on the server 
designed to prevent some of it's functions working. The people who 
wrote the software didn't use raw sockets for fun - they used them 
because it's required in order to send/receive certain packets 
**required** for the DHCP protocol to work.

Simon Hobson

Visit for books by acclaimed
author Gladys Hobson. Novels - poetry - short stories - ideal as
Christmas stocking fillers. Some available as e-books.

More information about the dhcp-users mailing list