DHCP

Tommy Lacroix runtime@cam.org
Mon, 21 Jan 2002 13:15:20 -0500 

> iptables -I INPUT -p udp --dport 67:68 -s $LAN_IP_RANGE -j ACCEPT

IMHO, specifing the input interface would be a good idea in this case, since
UDP is easily spoofable (although it might not be exploitable in any way
with DHCP).

# iptables -A INPUT -i $LAN_IFACE -p udp --dport 67:68 -s $LAN_IP_RANGE -j
ACCEPT

-t