Is there any protection mechanism for a spamming dhcp client?
Alex Bligh
alex at alex.org.uk
Thu Feb 3 15:06:28 UTC 2011
--On 3 February 2011 14:49:00 +0100 Jürgen Dietl
<juergen.dietl at googlemail.com> wrote:
> Is there a way to ignore a special amount of packets with ip table? I
> dont want to block all the packets from the client. Can you maybe post an
> example for IP-Tables?
No example to hand, but look at the man-page, specifically the
--limit, --limit-burst, and --mac-source options. You basically
want to:
accept all dhcp from that mac address, with --limit
reject all dhcp from that mac address [failing the above match]
accept all [default]
So if you use an accept all default, that's 2 lines in the input chain.
On a recent kernel, then you can use the 'recent' module and the
--update / --rcheck / --seconds / --reap modules, to do strict
rate limiting.
Completely untested:
iptables -A INPUT -p udp --dport 67:68 --sport 67:68 -m mac --mac-source
00:11:22:33:44:55 -m recent --name printer --rcheck --seconds 120 -j DROP
--
Alex Bligh
More information about the dhcp-users
mailing list