On Tuesday 01 January 2002 07:23 pm, Andrew Hatfield wrote:
> I have a site where I am having some troubles working ISC's DHCP with
> iptables.
>
> RedHat 7.1
> kernel 2.4.10 with grsecurity and ipsec
> dhcp - 2.0pl5-4
>
> I start ipsec last
>
> **snip**
> what i don't understand is, that if the default policy is DROP but i
> allow all local traffic, why the client's can't get a dhcp assigned
> address. but if i set the default INPUT policy to ACCEPT then it works.
>
> any ideas?
DHCP does not have an ip address when it connects, so filtering it by ip
wouldn't work at that time, you might try allowing dhcp requests through for
the whole interface regardless of source and dest ip.
