blocking dhcp on bridge
Ron Peterson
rpeterso at mtholyoke.edu
Mon Feb 14 23:09:13 CET 2005
On Mon, Feb 07, 2005 at 01:57:11PM -0500, Ron Peterson wrote:
> On Sun, Feb 06, 2005 at 04:01:54PM -0500, Ron Peterson wrote:
>
> > I am running a dhcp server on a bridging firewall. The dhcp server runs
> > on br0. I have eth0 connected to my 'private' network, and eth1
> > connected to my 'public' network.
> >
> > I only want this dhcp server to service dhcp requests from the private
> > network. Any dhcp requests entering via eth1, or any dhcp replies being
> > sent via eth1 should be dropped.
I stopped using iptables, and used ebtables instead. Seems to work.
Obviously, there is some overlapping functionality between these two
toolsets. I'm learning the hard way when to use which tool.
$EBTABLES -A INPUT --in-interface $PUB --protocol IPv4 --ip-protocol udp --ip-source-port 68 -j DROP
$EBTABLES -A INPUT --in-interface $PUB --protocol IPv4 --ip-protocol udp --ip-destination-port 67 -j DROP
$EBTABLES -A FORWARD --in-interface $PRIV --protocol IPv4 --ip-protocol udp --ip-source-port 68 -j DROP
$EBTABLES -A FORWARD --in-interface $PUB --protocol IPv4 --ip-protocol udp --ip-destination-port 67 -j DROP
--
Ron Peterson
Network & Systems Manager
Mount Holyoke College
http://www.mtholyoke.edu/~rpeterso
More information about the netfilter
mailing list