-   Linux - Networking (
-   -   Block DHCP SERVER request on network (

louiscastoria 04-29-2008 12:36 PM

Block DHCP SERVER request on network
I have a server on a network that hands out IP addresses using DHCP. If someone on the network installs a router incorrectly that router will hand out IP addresses that are incorrect for the network. Anyone who gets a bad address cannot access the internet. Is there a way of using IPtables that can block these bad DHCP servers?

dkm999 04-29-2008 02:59 PM

DHCP is an extension of the BOOTP protocol, which uses UDP ports 67 (server) and 68 (client). You ought to be able to construct an IPTABLES rule that drops port 68 packets that do not belong on the subnet, by examining the source address of those packets, and only allowing them to pass if they come from your trusted DHCP server.

All times are GMT -5. The time now is 07:45 AM.