Linux Firewall not block dhcp requests
perl-list
perl-list at network1.net
Tue Aug 14 18:22:26 UTC 2012
It is broadcast traffic. In Linux, it is difficult to block broadcast traffic ... I am not aware of how one might block broadcast traffic using iptables, in fact. You might be able to match on a mac address and block certain packets that way....
----- Original Message -----
> From: "Steve Clark" <sclark at netwolves.com>
> To: "Users of ISC DHCP" <dhcp-users at lists.isc.org>
> Sent: Tuesday, August 14, 2012 2:16:32 PM
> Subject: Re: Linux Firewall not block dhcp requests
> On 08/14/2012 02:06 PM, Steve Clark wrote:
> > Hello,
>
> > Can someone tell me how DHCP is seeing packets that according to my
> > firewall log are being dropped?
>
> > Does DHCP read the packets before they get to the firewall like
> > tcpdump does?
>
> > Chain fDROPnLOG (1 references)
>
> > pkts bytes target prot opt in out source
> > destination
>
> > 143 16366 LOG all -- * * 0.0.0.0/0
> > 0.0.0.0/0
> > limit: avg 30/min burst 5 LOG flags 0 level 7 prefix `fw
> > (fDROPnLOG) '
>
> > 143 16366 DROP all -- * * 0.0.0.0/0
> > 0.0.0.0/0
>
> > Aug 14 13:55:58 kernel: fw (fDROPnLOG) IN=eth0 OUT=
> > MAC=ff:ff:ff:ff:ff:ff:5c:26:0a:73:b2:6a:08:00 SRC=10.254.207.66
> > DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=128 ID=24427
> > PROTO=UDP SPT=68 DPT=67 LEN=308
>
> > tcpdump on eth0
>
> > 13:55:58.667982 IP (tos 0x0, ttl 128, id 24427, offset 0, flags
> > [none], proto UDP (17), length 328)
>
> > 10.254.207.66.68 > 255.255.255.255.67: [udp sum ok] BOOTP/DHCP,
> > Request from 5c:26:0a:73:b2:6a, length 300, xid 0xc5a1ea3f, Flags
> > [Broadcast] (0x8000)
>
> > Client-IP 10.254.207.66
>
> > Client-Ethernet-Address 5c:26:0a:73:b2:6a
>
> > Vendor-rfc1048 Extensions
>
> > Magic Cookie 0x63825363
>
> > DHCP-Message Option 53, length 1: Inform
>
> > Client-ID Option 61, length 7: ether 5c:26:0a:73:b2:6a
>
> > Hostname Option 12, length 12: "7pdawson0412"
>
> > Vendor-Class Option 60, length 8: "MSFT 5.0"
>
> > Parameter-Request Option 55, length 13:
>
> > Subnet-Mask, Domain-Name, Default-Gateway, Domain-Name-Server
>
> > Netbios-Name-Server, Netbios-Node, Netbios-Scope, Router-Discovery
>
> > Static-Route, Classless-Static-Route,
> > Classless-Static-Route-Microsoft, Vendor-Option
>
> > Option 252
>
> > 13:55:58.668418 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF],
> > proto UDP (17), length 328)
>
> > 10.254.207.65.67 > 10.254.207.66.68: [bad udp cksum ffd6!]
> > BOOTP/DHCP, Reply, length 300, xid 0xc5a1ea3f, Flags [Broadcast]
> > (0x8000)
>
> > Client-IP 10.254.207.66
>
> > Client-Ethernet-Address 5c:26:0a:73:b2:6a
>
> > Vendor-rfc1048 Extensions
>
> > Magic Cookie 0x63825363
>
> > DHCP-Message Option 53, length 1: ACK
>
> > Server-ID Option 54, length 4: 10.254.23.1
>
> > Subnet-Mask Option 1, length 4: 255.255.255.192
>
> > Default-Gateway Option 3, length 4: 10.254.207.65
>
> > Domain-Name-Server Option 6, length 8: 172.16.11.180,172.16.11.181
>
> Trying to answer my own question - could it be since the destination
> address is 255.255.255.255 is it hitting
> the loopback interface which in my firewall allows everything to
> everything and the DHCP server
> is listening on 0.0.0.0:67.
> --
> Stephen Clark
> NetWolves
> Director of Technology
> Phone: 813-579-3200
> Fax: 813-882-0209
> Email: steve.clark at netwolves.com
> http://www.netwolves.com
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20120814/a2f26832/attachment-0001.html>
More information about the dhcp-users
mailing list