Roar:
Normally the iptables script runs after the interfaces have been brought up
by the system.
By that time blocking DHCP is kind of irrelevant. A default policy of drop
should block everything
all right, but it is kind of closing the barn door after the horse has left.
Why not just set up the
interface so it doesn't make a DHCP request? If there are special
circumstances, you will have to
give us some more details of what you are trying to accomplish.
Stu..........
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Roar Bj�rgum Rotvik
Sent: May 27, 2002 1:13 AM
To: [EMAIL PROTECTED]
Subject: Can't block DHCP with iptables?
Hello!
I have a problem blocking DHCP request/response with iptables.
Am I wrong to assume that setting default policy for INPUT/OUTPUT/FORWARD
to DROP would block any traffic on any interface?
The problem is that 'ifup eth0', where eth0 uses DHCP, still get a
IP address defined from the DHCP server, even after setting default policy
to DROP.
Is this a bug in iptables, or can I block DHCP in another way?
--
Roar Bj�rgum Rotvik
