[linux-help] Re: Firewall question

[Jeff Vian <jvian10@xxxxxxxxxxx>]

You can set up the DHCP server to respond only on the other (internal, 
eth0? ) interface.
These messages are because the dhcpd server is broadcasting/responding 
on eth1 and thus receives requests there, even though it does not assign 
addresses on that interface.

Since individual ports on an individual interface may be blocked by 
iptables, you may be able to set up iptables to block it.

I find dhcpv6-client on port 546 and dhcpv6-server on port 547 both tcp 
and udp
as listed in /etc/services.

Jonathan Hall wrote:

>I've been fiddling with my Linux firewall, which I use on my DSL connection
>from Moundridge Telephone Company.
>
>I've gotit working fairly well... there is yet one thing I want to block,
>though, that I cannot figure out how to block..
>
>I continually get DHCPDISCOVER requests __FROM MY ISP__ (their network spews
>lots of other crap, too).  I would like to block these so that my DHCP
>server doesn't try to respond.  Since these packets are neither UDP nor TCP,
>my firewall rules have no effect on them.
>
>Here's a snippet from my dhcpd logs:
>
>Oct 15 21:58:11 wardrobe dhcpd-2.2.x: DHCPDISCOVER from 00:01:e7:27:e5:83
>via eth1
>Oct 15 21:58:11 wardrobe dhcpd-2.2.x: no free leases on subnet 65.66.93.0
>
>
>Is there any way, using one of iptable's fancy features, to block these
>packets?
>
>Thanks.
>
>
>
>-- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
>visit http://www.complete.org/cgi-bin/listargate-aclug.cgi
>


-- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
visit http://www.complete.org/cgi-bin/listargate-aclug.cgi