LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-08-2007, 10:21 AM   #1
toombs
LQ Newbie
 
Registered: Feb 2007
Distribution: Gentoo with just the slightest suggestion of Xubuntu and basil
Posts: 10

Rep: Reputation: 0
dhcp and iptables


Is there an iptables rule that would reject all incoming packets from hosts which haven't received their current ip address from a dhcp daemon running on the same server?
 
Old 02-08-2007, 11:26 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
not in itself, but i'm sure you could made a script which watches the leases and adds and removes iptables commands when a lease is taken out. there is no such thing as a dhcp lease being "switched off" or anythign though, so you'd want short lease times i guess, and remove iptables entries when a lease expires.
 
Old 02-08-2007, 02:35 PM   #3
toombs
LQ Newbie
 
Registered: Feb 2007
Distribution: Gentoo with just the slightest suggestion of Xubuntu and basil
Posts: 10

Original Poster
Rep: Reputation: 0
ok thanks. It would've been nice if I didn't need a script but that's fine. I'll see what I can do.
 
Old 02-08-2007, 03:12 PM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
well scripts don't have to be complicated. often the work involved to integrate a normal solution can be more than a self made script...

i googled for a relevent subject, and actually ended up back here... http://www.linuxquestions.org/questi...d.php?t=266151 looks useful potentially.
 
Old 02-08-2007, 04:35 PM   #5
toombs
LQ Newbie
 
Registered: Feb 2007
Distribution: Gentoo with just the slightest suggestion of Xubuntu and basil
Posts: 10

Original Poster
Rep: Reputation: 0
yeah that's exactly what I'm looking for but for a different purpose. I am setting up an nfs server and I only want trusted hosts with known mac addresses to be able to connect. While I was doing this research, though, I thought of a better way. Since the trusted mac's are static, I don't need dhcp to tell iptables which mac addresses are ok. I can just add static rules. It's an interesting concept though, and it would be a very useful feature.
 
Old 02-09-2007, 02:58 AM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
oh well in that case, yes a static database would be much more preferable. potentially you'd be able to use the dhcpd.conf as that database so as not to have to duplicate the work, but yeah that's right on the money if it's only a local subnet.
 
Old 02-09-2007, 05:14 PM   #7
toombs
LQ Newbie
 
Registered: Feb 2007
Distribution: Gentoo with just the slightest suggestion of Xubuntu and basil
Posts: 10

Original Poster
Rep: Reputation: 0
I have more experience than you think. The Newbie tag is a little misleading as I just switched nicknames
 
Old 02-10-2007, 02:33 AM   #8
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
erm. ok i'm very happy for you.
 
Old 02-10-2007, 02:33 AM   #9
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
erm. ok i'm very happy for you.
 
  


Reply

Tags
dhcp, iptables


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Iptables & Dhcp bluel1te Linux - Security 2 09-30-2006 07:13 PM
dhcp and iptables routing xtremeclones Linux - Networking 2 08-17-2006 04:13 PM
Iptables + DHCP kemplej Linux - Security 1 09-18-2004 01:05 AM
iptables with DHCP and hostname MartinN Linux - Networking 2 12-29-2003 09:55 AM
DHCP Iptables rob_roman23 Linux - Networking 2 09-05-2002 11:52 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:56 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration