[Bug 730] DHCP request (and other?) traffic bypasses iptables/netfilter
bugzilla-daemon at bugzilla.netfilter.org
bugzilla-daemon at bugzilla.netfilter.org
Wed Jul 27 20:13:10 CEST 2011
http://bugzilla.netfilter.org/show_bug.cgi?id=730
Robert Lange <rcl24 at drexel.edu> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
--- Comment #4 from Robert Lange <rcl24 at drexel.edu> 2011-07-27 20:13:10 ---
Per Mark Andrews of isc.org:
"DHCP uses packet filters and these tie into the IP stack before the
firewall."
A different topic, but the explanation is also relevant here:
https://lists.isc.org/pipermail/dhcp-users/2010-January/010723.html
Apparently dhcpd uses raw sockets to maximize its robustness and reliability in
dealing with DHCP. Also, it uses as a fallback a UDP socket, and it was the
packets to this fallback that iptables was dropping.
So, if your DHCP server operates on the same machine as your firewall, don't
expect your firewall to stop traffic to it.
--
Configure bugmail: http://bugzilla.netfilter.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching all bug changes.
More information about the netfilter-buglog
mailing list