I'm affraid not. I'v seen ppl run cron scripts once every 5min that read the /var/*/*/dhcpd.leases file with awk scripts to generate firewall rules.
This had one fall back it's realy difficult to read the firewall rules to see what needs chaning. The solution was to whipe out and rebuild the firewall if 'diff' said the the new and old rules where differant. You might want to also look at this. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=192235 It will undo the dhcpd->awk->script and allow you to not worry about removing EVERY rule on your firewall. --- Carl-Eric Menzel <[EMAIL PROTECTED]> wrote: > Hi, > > I'm running a small ethernet network in the 192.168.1.x range, with > firewall and router in one Debian box on 192.168.1.1. eth0 is LAN, > eth1/ppp0 goes to the ISP. > > The LAN machines get their configuration from a DHCP server that also > runs on the router box. What I'd like to do now is to block all router > access to machines that did not get their IP from the DHCP (i.e. those > with static IPs). Is there any hook in dhcpd that lets me trigger > iptables commands? > > Thanks > Carl-Eric > -- > Antwort: Weil es das Lesen des Textes erschwert. | Carl-Eric Menzel > Frage : Warum ist das so schlimm? | PGP ID: 808F4A8E > Antwort: Antworten oben zu schreiben. | Bitte keine HTML- > Frage : Was ist die schlimmste Unsitte in Emails? | Mails schicken. > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > __________________________________ Do you Yahoo!? Yahoo! Mail is new and improved - Check it out! http://promotions.yahoo.com/new_mail
