Limit DHCP requests with iptables - problem: Router
Peter Rathlev
peter at rathlev.dk
Wed Feb 9 19:49:22 UTC 2011
On Wed, 2011-02-09 at 15:29 -0200, José Queiroz wrote:
> Note that we're not thinking on **discovering** a misbehaviored client
> with iptables, we're thinking on blocking an **already discovered**
> misbehaviored client using iptables.
I think that's where we're misunderstanding each other. Blocking an
already discovered client is trivial. I also gave a (working and tested)
example using "-m string", but OP specifically pointed out that he was
looking for at way to limit an _unknown_ MAC address.
Something like "--mac-source a:b:c:d:e:f --limit 1/second", but for
relayed DHCP packets where you don't have the MAC address easily
available in the header.
I assume we can agree that that's not (currently) possible with "plain
vanilla" iptables.
--
Peter
More information about the dhcp-users
mailing list