www.zeroshell.org Forum Index www.zeroshell.org
Linux Distribution for server and embedded devices
 
 SearchSearch  RegisterRegister  UsergroupsUsergroups 
 ProfileProfile  Log inLog in  Log in to check your private messagesPrivate Message 

DHCP Traffic - Block DHCP request on Interfaces

 
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell
View previous topic :: View next topic  
Author Message
x1alfa



Joined: 16 Feb 2014
Posts: 4

PostPosted: Sat Jan 03, 2015 6:55 pm    Post subject: DHCP Traffic - Block DHCP request on Interfaces Reply with quote

Hi,

I've been using zeroshell for a long time, since the first installation I did not have the need to set any firewall rules, recently i tried to set a deny all rule to allow specific MAC address access/pass through the firewall.

first i set the input and the forward chain to deny all, then i allowed list of MAC addresses.

i totally understand how IPTables works, that's why I'm stumbled in a question that i looked everywhere for an answer but i could not find one.

the question is, if the INPUT chain default policy to "DROP" all, why DHCP client can still get an IP address from the DHCP server? I even set the OUTPUT chain to “DROP” but still DHCP client can get IP address from DHCPD??!!!

comparing to IPCOP, in IPCOP when you set the default to DENY all, all the DHCP broadcast traffic will get drooped.

Why zeroshell is allowing the traffic? Is there any specific setting in the DHCPD process start that allow such traffic to pass through??

please help with an answer, I'm really in need to the setting to work.

Regards,
Tammar
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    www.zeroshell.org Forum Index -> ZeroShell All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group