DHCP

[Doug Monroe]

Tommy Lacroix wrote:
> 
> > iptables -I INPUT -p udp --dport 67:68 -s $LAN_IP_RANGE -j ACCEPT
> 
> IMHO, specifing the input interface would be a good idea in this case, since
> UDP is easily spoofable (although it might not be exploitable in any way
> with DHCP).

FWI)...
In any case- if dhcpd is running on the same box as netfilter/iptables, it'd
be a good idea to bind DHCPD -only- to your internal interface. (Redhat 7.1
example) /etc/init.d/dhcpd -
     ...
         daemon /usr/sbin/dhcpd eth1
     ...
--
Doug Monroe