AW: dhcp-server with Linux packet Filter(aka LPF)-Interface bypasses iptables firewall (and socket interface fails with dhclient)
Joerg Pommnitz
pommnitz at yahoo.com
Wed Apr 26 17:10:56 UTC 2006
Sorry for replying to my own mail, but I just realized that I forgot to mention that the whitelist is currently based on Linux iptables.
-- Regards
Joerg
----- Ursprüngliche Mail ----
Von: Joerg Pommnitz <pommnitz at yahoo.com>
An: dhcp-users at isc.org
Gesendet: Mittwoch, den 26. April 2006, 18:58:43 Uhr
Betreff: dhcp-server with Linux packet Filter(aka LPF)-Interface bypasses iptables firewall (and socket interface fails with dhclient)
Hello all,
I'm trying to setup a whitelist that allows only certain MAC addresses to access a network interface (might be ethernet or WiFi). The setup works fine except for the fact that the dhcp-server bypasses the iptables filter when using LPF.
To work around this problem I disabled the "USE_LPF" define in include/cf/linux.h. This way the dhcp-server honors the firewall settings, but now the dhclient fails to work properly. If the interface is uninitialized ("ifconfig eth0 0.0.0.0 up" is enough) it can't talk to my dhcp server. tcpdump confirms that no DHCP request are sent.
Does anybody on the list have an idea how to solve this problem? If worst comes to pass I will just use a dhcp server that uses the socket interface and a dhcp client that uses LPF, but I'm not desperate enough, yet.
BTW: this is dhcp-3.0.3 on Linux kernel 2.6.8 or 2.6.12.
-- Thanks in advance
Joerg
More information about the dhcp-users
mailing list