From: "wojciech rolecki" <[EMAIL PROTECTED]> To: "Avery Payne" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, January 02, 2002 2:13 PM Subject: Re: DHCP and Firewall Problem
> On Wed, Jan 02, 2002 at 01:45:15PM -0800, Avery Payne wrote: > > > You need to have the DHCP port open for this to work, for BOTH the input and > > output policies. I believe the magic number is 67. > > And 68, also. > > Something like... > iptables -A INPUT -i $ETHLAN -p udp -j ACCEPT --dport 67 --sport 68 > iptables -A OUTPUT -o $ETHLAN -p udp -j ACCEPT --dport 68 --sport 67 > > Someone please convert it to ipchains, I already forgot the > syntax. ;) Sure! ipchains -A INPUT -p udp -d $YourIP 68 -s $TrustedSubnet 67 -j ACCEPT ipchains -A OUTPUT -p udp -s $YourIP 67 -d $TrustedSubnet 68 -j ACCEPT 68? I thought that was "client" only. Hmm...I'll have to read up on that... Also, be sure to only provide DHCP grants on trusted subnets. Allowing DHCP to "the outside" can lead to all kinds of mischief in the form of spoofing.
