I have cut the relevant parts from a app. 1000 lines script. But you are right the script is too complicated just to publish, that's why I hoped that anyone new about some peculiarities with netfilter and the DHCP daemon. If I am going to send my script to the mailling list I have to reduce the complexity.
I should probaly have mentioned that I am using kernel 2.4.17, iptables 1.2.4, dhcp 3.0rc4. # Limit on log line rate: LIMIT="-m limit --limit 1/s --limit-burst 25" Torben On Thu, 28 Feb 2002 08:26:56 +0100, you wrote: >Beats me. > >What is $LIMIT? But anyway, do you have to make your script so complicated? > >Ramin > >On Wed, Feb 27, 2002 at 11:20:50PM +0100, Torben Nielsen wrote: > >> Below I have tried to copy the relevant things out of my filters. The rule should >drop every thing except >> packets to my internal network. >> >> # Abbreviation for the iptables program: >> I=/usr/local/sbin/iptables >> >> ALLINTNETWORK="10.0.0.0" # The 10.0.0.0/8 network >> ALLINTNETMASK="255.0.0.0" >> ALLINTNET="$ALLINTNETWORK/$ALLINTNETMASK" >> >> >> INTIF="eth0" >> >> >> $I -A if-LogDrop-int $LIMIT -j LOG --log-prefix "Bad input packet, internal: " >> $I -A if-LogDrop-int -j DROP >> >> $I -A if-LogDrop -i $INTIF -j if-LogDrop-int >> >> $I -A i-int -s $ALLINTNET -j ACCEPT >> $I -A i-int -j if-LogDrop >> >> $I -A INPUT -i $INTIF -j i-int
