On Sat, 09 Feb 2002 09:05:18 -0500 (EST) Mike Burger <[EMAIL PROTECTED]> wrote:
> Jason...what I did instead of telling it not to bind (I couldn't find a > directive, either) was to tell IPtables to only accept port 67 connections > on my internal interface, eth1: > > iptables -A INPUT -i eth1 -p udp -m udp --dport 67 -j ACCEPT > iptables -A INPUT -i eth1 -p udp -m tcp --dport 67 -j ACCEPT Just a point of order here: if you have the states RELATED, ESTABLISHED set for ACCEPT in your iptables INPUT chain, why would you need to open up port 67? Doesn't your box send the syn packet to the DHCP server and the DHCP server ACKs it (ip_conntrack sees it as RELATED then ESTABLISHED)? The beauty of having a stateful firewall is that you don't have to poke gaping holes in it!! jb _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
