Limit DHCP requests with iptables - problem: Router
Juergen Northe
juergen.northe at googlemail.com
Mon Feb 7 14:31:46 UTC 2011
oops. Not (A)ppend but (I)nsert should work. I have not tried it yet:
iptables -I INPUT -i eth0 -p udp -m udp -m multiport -m mac
--mac-source XX:XX:XX:XX:XX -d 255.255.255.255 --dports 68,67 -m
state --state NEW -j REJECT
2011/2/7 Juergen Northe <juergen.northe at googlemail.com>:
> Hi,
> try something like this:
> iptables -A INPUT -i eth0 -p udp -m udp -m multiport -m mac
> --mac-source XX:XX:XX:XX:XX -d 255.255.255.255 --dports 68,67 -m
> state --state NEW -j DROP
>
>
>
> 2011/2/7 Simon Hobson <dhcp1 at thehobsons.co.uk>:
>> Alex Bligh wrote:
>>
>>>> Is there a possibility in iptables to read the dhcp-header for the mac
>>>> address and put THIS mac-address in the rule for traffic limitation?
>>>
>>> Theoretically. See (e.g.) the iptables "u32" option which can examine
>>> arbitrary 32 bits words within the packets.
>>>
>>> You might, however, find it easier to patch dchpd to do a token leaky
>>> bucket rate limit.
>>
>> Shouldn't be too hard to match, it's in a fixed place - I think it starts at
>> byte 28 in the packet and is 16 bytes long.
>>
>> --
>> Simon Hobson
>>
>> Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed
>> author Gladys Hobson. Novels - poetry - short stories - ideal as
>> Christmas stocking fillers. Some available as e-books.
>> _______________________________________________
>> dhcp-users mailing list
>> dhcp-users at lists.isc.org
>> https://lists.isc.org/mailman/listinfo/dhcp-users
>>
>
>
>
> --
>
>
>
> mit freundlichem Gruss
> Jürgen Northe
>
--
mit freundlichem Gruss
Jürgen Northe
More information about the dhcp-users
mailing list