DHCP is an extension of the BOOTP protocol, which uses UDP ports 67 (server) and 68 (client). You ought to be able to construct an IPTABLES rule that drops port 68 packets that do not belong on the subnet, by examining the source address of those packets, and only allowing them to pass if they come from your trusted DHCP server.
|