Limit DHCP requests with iptables - problem: Router
Juergen Northe
juergen.northe at googlemail.com
Mon Feb 7 14:28:52 UTC 2011
Hi,
try something like this:
iptables -A INPUT -i eth0 -p udp -m udp -m multiport -m mac
--mac-source XX:XX:XX:XX:XX -d 255.255.255.255 --dports 68,67 -m
state --state NEW -j DROP
2011/2/7 Simon Hobson <dhcp1 at thehobsons.co.uk>:
> Alex Bligh wrote:
>
>>> Is there a possibility in iptables to read the dhcp-header for the mac
>>> address and put THIS mac-address in the rule for traffic limitation?
>>
>> Theoretically. See (e.g.) the iptables "u32" option which can examine
>> arbitrary 32 bits words within the packets.
>>
>> You might, however, find it easier to patch dchpd to do a token leaky
>> bucket rate limit.
>
> Shouldn't be too hard to match, it's in a fixed place - I think it starts at
> byte 28 in the packet and is 16 bytes long.
>
> --
> Simon Hobson
>
> Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
> author Gladys Hobson. Novels - poetry - short stories - ideal as
> Christmas stocking fillers. Some available as e-books.
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>
--
mit freundlichem Gruss
Jürgen Northe
More information about the dhcp-users
mailing list