https://www.debian.org/security/faq
- -
Package: isc-dhcp
CVE ID : CVE-2022-2928 CVE-2022-2929
Debian Bug : 1021320
Several vulnerabilities have been discovered in the ISC DHCP client,
relay
https://www.debian.org/security/faq
- -
Package: isc-dhcp
CVE ID : CVE-2017-3144 CVE-2018-5732 CVE-2018-5733
Debian Bug : 887413 891785 891786
Several vulnerabilities have been discovered
Hi,
* Kurt Roeckx k...@roeckx.be [2011-04-11 00:29]:
On Sun, Apr 10, 2011 at 11:55:28PM +0200, Nico Golde wrote:
We recommend that you upgrade your isc-dhcp packages.
I'm guessing that for the update to be active we need to bring
down any interface that is using the client? (Or reboot
On Sun, Apr 10, 2011 at 11:55:28PM +0200, Nico Golde wrote:
We recommend that you upgrade your isc-dhcp packages.
I'm guessing that for the update to be active we need to bring
down any interface that is using the client? (Or reboot.)
The server seems to be restarted on upgrade.
Kurt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
[ Please keep me CC ]
Hi,
Version 4.1.1-P1-15+squeeze1 of isc-dhcp was updated yesterday but no
DSA were sent about it, and the security tracker [0] still marks this
package vulnerable.
[0] http://security-tracker.debian.org/tracker/CVE-2011-0413
Hello, I'm having the same issue.
I can broadcast to the ###.###.###.255 fine but my switches/routers
throw out 255.255.255.255.
Have you found any solution?
Matt Kincaid
---
DISCLAIMER: Information contained in this
On Thu, Jan 29, 2009 at 12:26:46PM -0800, Matt Kincaid wrote:
Hello, I'm having the same issue.
I can broadcast to the ###.###.###.255 fine but my switches/routers
throw out 255.255.255.255.
Routers must have dhcp-relay function.
--
To UNSUBSCRIBE, email to debian-security-requ
Greetings,
just asking, cause it is relevant for me:
Will there be new official stable packages in the next few days (3-4)?
(If not, I've to patch it by myself)
Keep smiling
yanosz
---BeginMessage---
*** From dhcp-announce -- To unsubscribe, see the end of this message. ***
Debian has
also sprach Jan Lühr [EMAIL PROTECTED] [2004.11.09.2128 +0100]:
Will there be new official stable packages in the next few days
(3-4)? (If not, I've to patch it by myself)
They are already there, and have been for 5 days.
http://www.debian.org/security/2004/dsa-584
You should upgrade to dhcp3
On Tue, Nov 09, 2004 at 09:28:34PM +0100, Jan Lühr wrote:
just asking, cause it is relevant for me:
Will there be new official stable packages in the next few days (3-4)?
(If not, I've to patch it by myself)
Please read that announcement more careful.
It is fixed in stable already.
regards
Greetings,
Am Dienstag, 9. November 2004 21:44 schrieb Bartosz Fenski aka fEnIo:
On Tue, Nov 09, 2004 at 09:28:34PM +0100, Jan Lühr wrote:
just asking, cause it is relevant for me:
Will there be new official stable packages in the next few days (3-4)?
(If not, I've to patch it by myself)
Am Dienstag, den 09.11.2004, 21:28 +0100 schrieb Jan Lhr:
Will there be new official stable packages in the next few days (3-4)?
(If not, I've to patch it by myself)
Debian has recently distributed a security advisory on the dhcp-2.0pl5
package they distribute. You can read about
http://www.debian.org/security/faq
- --
Package: dhcp
Vulnerability : format string vulnerability
Problem-Type : remote
Debian-specific: no
CVE ID : CAN-2004-1006
infamous41md noticed
On Fri, 01 Nov 2002 at 06:41:43PM -0400, Peter Cordes wrote:
MD5 is still believed to be secure. i.e. Nobody can modify a binary so
that it has different contents but the same MD5 hash, unless they are _very_
_very_ lucky. The task becomes even more difficult if you check the length
of the
On Fri, 01 Nov 2002 at 06:41:43PM -0400, Peter Cordes wrote:
MD5 is still believed to be secure. i.e. Nobody can modify a binary so
that it has different contents but the same MD5 hash, unless they are _very_
_very_ lucky. The task becomes even more difficult if you check the length
of the
On Tue, Oct 29, 2002 at 05:10:12PM -0800, Alvin Oga wrote:
am not as worried about the determined hacker/crackers that
can modify binaries such that md5sum matches my tripewire db and
other security precautions (databases and baseline) of my servers
MD5 is still believed to be secure. i.e.
On Tue, Oct 29, 2002 at 05:10:12PM -0800, Alvin Oga wrote:
am not as worried about the determined hacker/crackers that
can modify binaries such that md5sum matches my tripewire db and
other security precautions (databases and baseline) of my servers
MD5 is still believed to be secure. i.e.
. I take an 802.11b card and can pick an addy even
If I am just joe smo public. Draw a 1000 feet circle around your
wireless AP and that is the range at which I can get an addy from your
DHCP...
--
Excuse #71: Someone is standing on the Ethernet cable causing a kink in the cable
Phil
PGP/GPG
CLient) - WAP - Server (DHCP AND IPSEC Host) - Local
Network. In order to get inside the network you will have to get past
the IPSEC Host, which of course will require a key that has a valid
certificate from the local CA.
Just a thought...
--
Excuse #218: The co-locator cannot verify the frame
We are currently looking into wireless where I work also.
Just a few weeks ago, we had this company come in to give a demo of an
appliance that enforces restrictions on the wireless network.
http://www.verniernetworks.com/
It seems to be along the path of what we are looking for, YMMV.
Oh, and
On Tue, Oct 29, 2002 at 09:35:01AM -0500, Phillip Hofmeister wrote:
Laptop (IPSEC CLient) - WAP - Server (DHCP AND IPSEC Host) - Local
Network. In order to get inside the network you will have to get past
the IPSEC Host, which of course will require a key that has a valid
certificate from
hi ya rick
yes... got that part ... ( the after breaking in part )
was exepecting to see it helps one to breakin and exploit
the vulnerabilities so it didn't sink in at first when
i was reading all the talk-backs
( didnt see what i wanted to see ;-)
thanx
alvin
On Mon, 28 Oct 2002,
A rootkit is a selection of modified standard programs
that usually replace (among others)
ls
ps
netstat
users
and pretty much everything else you would use to check
your machine. It will also include a backdoor.
Sometimes the primary part of the rootkit is
hi ya dale
Rootkits are *INSTALLED* after a successful root
exploit.
maybe i missing something here ... that i been wonderng about
for years..
if they exploited a root vulnerability and got in...
why modify silly binaries like ps, top, ls, find, etf ??
that gives themself away as having
hi ya dale
if anybody modifies the typical binaries..
i'll know within the hour.. hourly/randomly system checks
or instaneously if i happen to be reading emails
at the time ... they are attacking...
i say modifying files is a give away .. that says
come find me which is trivial since its
On Tue, Oct 29, 2002 at 04:12:54PM -0800, Alvin Oga wrote:
i say modifying files is a give away .. that says
come find me which is trivial since its modified
binaries
If they do it right, it's not a giveaway. If they're quick, thorough,
and accurate, they can certainly do it right. On
files, topology, passwds etc
- 80-90% of all these attempts are users trying to bypass
corp security policy
- or just playing .. tripping all the alrms in the process
of testing/learning what they can do
- and they very quickly find dhcp is disallowed
On Mon, Oct 28, 2002 at 07:38:38PM -0600, Hanasaki JiJi wrote:
Too bad there is no way to do a secure handshake w/ an id/password or
even SecureID cards.
That's the idea behind PPPoE. Yuck.
-B
--
Brandon High [EMAIL PROTECTED]
'98 Kawi ZX-7R Wasabi, '98
CLient) - WAP - Server (DHCP AND IPSEC Host) - Local
Network. In order to get inside the network you will have to get past
the IPSEC Host, which of course will require a key that has a valid
certificate from the local CA.
Just a thought...
--
Excuse #218: The co-locator cannot verify the frame
We are currently looking into wireless where I work also.
Just a few weeks ago, we had this company come in to give a demo of an
appliance that enforces restrictions on the wireless network.
http://www.verniernetworks.com/
It seems to be along the path of what we are looking for, YMMV.
Oh, and
On Tue, Oct 29, 2002 at 09:35:01AM -0500, Phillip Hofmeister wrote:
Laptop (IPSEC CLient) - WAP - Server (DHCP AND IPSEC Host) - Local
Network. In order to get inside the network you will have to get past
the IPSEC Host, which of course will require a key that has a valid
certificate from
hi ya rick
yes... got that part ... ( the after breaking in part )
was exepecting to see it helps one to breakin and exploit
the vulnerabilities so it didn't sink in at first when
i was reading all the talk-backs
( didnt see what i wanted to see ;-)
thanx
alvin
On Mon, 28 Oct 2002,
A rootkit is a selection of modified standard programs
that usually replace (among others)
ls
ps
netstat
users
and pretty much everything else you would use to check
your machine. It will also include a backdoor.
Sometimes the primary part of the rootkit is
hi ya dale
Rootkits are *INSTALLED* after a successful root
exploit.
maybe i missing something here ... that i been wonderng about
for years..
if they exploited a root vulnerability and got in...
why modify silly binaries like ps, top, ls, find, etf ??
that gives themself away as having
On Tue, Oct 29, 2002 at 03:28:20PM -0800, Alvin Oga wrote:
if they exploited a root vulnerability and got in...
why modify silly binaries like ps, top, ls, find, etf ??
that gives themself away as having modified the system
No it doesn't. It makes them and everything they do vanish
into thin
hi ya dale
if anybody modifies the typical binaries..
i'll know within the hour.. hourly/randomly system checks
or instaneously if i happen to be reading emails
at the time ... they are attacking...
i say modifying files is a give away .. that says
come find me which is trivial since its
On Tue, Oct 29, 2002 at 04:12:54PM -0800, Alvin Oga wrote:
i say modifying files is a give away .. that says
come find me which is trivial since its modified
binaries
If they do it right, it's not a giveaway. If they're quick, thorough,
and accurate, they can certainly do it right. On
files, topology, passwds etc
- 80-90% of all these attempts are users trying to bypass
corp security policy
- or just playing .. tripping all the alrms in the process
of testing/learning what they can do
- and they very quickly find dhcp is disallowed
I was hoping someone could help me out here. Currently I am still on a
netowrk using static IP configurationon each machine, we are finally
moving towards DHCP. Are there any security considerations to be made to
ensure there is no gapping security hole. the various howto's I have seen
don;t seem
As far as I know there's not much to it, my dhcp server was very simple
to set up with very little security options. My only suggestion is just
make sure you have the latest version, and make sure you have the
security updates source in your sources.list file for your dists ie:
deb http
u could set dhcp to give out a fixed address dependant on a mac address,
this would stop just anybody plugging a box into a network, if your network
is physically secure then thats not a worry. (a cat5 jack in reception or
some other public place is dodgy)
Otherwise dhcp makes life easier...its
of security wise as far as moving to DHCP will go.
Thanks for the various responses, if someone still thinks of a big issue I
would love to hear it.
Cheers,
Stewart
On Tue, 29 Oct 2002, Jones, Steven wrote:
Date: Tue, 29 Oct 2002 12:19:06 +1300
From: Jones, Steven [EMAIL PROTECTED
I'm not a huge expert on all of this, but here are a couple of
thoughts...
Unless you're monitoring IP/MAC addresses to try and detect
spoofing, knowing a machine's IP address is already useless from a
security POV. Even then, MAC addresses can be spoofed. Given that,
DHCP can't really make
hi andrew
i think you want at least one level of protection against dhcp
- prevent any tom, dick and harry from creating havoc
by running their rootkits by connecting their laptop to the
network
- it is bad to allow just anybody plug in their laptops
locked to the MAC address they provide. Run arpwatch to
look for illegal connections
We are trialing wi-fi city wide, the wi-fi lan is behind a firewall and are
blocking port 25, then opening up ports as requested based on merits.
DHCP is the least of your worries...
This is not really
Well here at WPI, we have to register each and every MAC address that we
wish to use on campus. If your MAC address isn't registered, you get no
network. It works the same way with wireless. And to the best of my
knowledge, DHCP is used.
-
Chuck Haines
Too bad there is no way to do a secure handshake w/ an id/password or
even SecureID cards.
Any way to make the same host name resolve to your IP irreguardless of
what IP is allocted to your box by dhcp?
Haines, Charles Allen wrote:
Well here at WPI, we have to register each and every MAC
28, 2002 8:39 PM
To: Haines, Charles Allen
Cc: [EMAIL PROTECTED]
Subject: Re: DHCP
Too bad there is no way to do a secure handshake w/ an id/password or
even SecureID cards.
Any way to make the same host name resolve to your IP irreguardless of
what IP is allocted to your box by dhcp?
Haines
Quoting Alvin Oga ([EMAIL PROTECTED]):
i think you want at least one level of protection against dhcp
- prevent any tom, dick and harry from creating havoc
by running their rootkits by connecting their laptop to the
network
Um, Alvin? You might want to look up
- Original Message -
From: Haines, Charles Allen [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, October 29, 2002 12:35 PM
Subject: RE: DHCP
Well here at WPI, we have to register each and every MAC address that we
wish to use on campus. If your MAC address isn't registered, you get
hi ya rick
On Mon, 28 Oct 2002, Rick Moen wrote:
Quoting Alvin Oga ([EMAIL PROTECTED]):
i think you want at least one level of protection against dhcp
- prevent any tom, dick and harry from creating havoc
by running their rootkits by connecting their laptop
Jason Clarke wrote:
Chuck,
That sounds like a fantastic idea!
Provide some sort of web interface where a student can use a library
terminal or some such, plug in their MAC ADDR and their student
number.
I normally don't post a Good on you jim! message, but this one has
set off ideas left
Quoting Alvin Oga ([EMAIL PROTECTED]):
Um, Alvin? You might want to look up the definition of rootkit.
my definition ... anything that allows an un-educated user to just
run that tool to break into other peoples network and machines
( there's too many rootkits to count )
That's just
hi ya rick
On Mon, 28 Oct 2002, Rick Moen wrote:
Quoting Alvin Oga ([EMAIL PROTECTED]):
Um, Alvin? You might want to look up the definition of rootkit.
my definition ... anything that allows an un-educated user to just
run that tool to break into other peoples network and machines
On Mon, Oct 28, 2002 at 06:46:47PM -0800, Rick Moen wrote:
This confusion has also come up elsewhere, on LinuxToday:
http://linuxtoday.com/news_story.php3?ltsn=2002-09-20-011-26-SC-SV
tht just talks about arresting some poor soul ??
Read the talkbacks, at the bottom.
Specifically, I
Quoting Alvin Oga ([EMAIL PROTECTED]):
i read all the talkbacks...
- no definition of rootkit posted in the talkbacks
Look again.
Anyhow, a rootkit is not anything that allows an un-educated user to
just run that tool to break into other peoples network and machines.
It's something the
Quoting Andrew Sayers ([EMAIL PROTECTED]):
In practice, even a very low security barrier will stop the 90% of
clueless abusers - but (to drag this thread bag on-topic), that's no
excuse for basing the security of your network on a fundamentally
insecure way of identifying computers.
Right.
On Mon, Oct 28, 2002 at 07:38:38PM -0600, Hanasaki JiJi wrote:
Too bad there is no way to do a secure handshake w/ an id/password or
even SecureID cards.
That's the idea behind PPPoE. Yuck.
-B
--
Brandon High [EMAIL PROTECTED]
'98 Kawi ZX-7R Wasabi, '98
I was hoping someone could help me out here. Currently I am still on a
netowrk using static IP configurationon each machine, we are finally
moving towards DHCP. Are there any security considerations to be made to
ensure there is no gapping security hole. the various howto's I have seen
don;t seem
As far as I know there's not much to it, my dhcp server was very simple
to set up with very little security options. My only suggestion is just
make sure you have the latest version, and make sure you have the
security updates source in your sources.list file for your dists ie:
deb http
u could set dhcp to give out a fixed address dependant on a mac address,
this would stop just anybody plugging a box into a network, if your network
is physically secure then thats not a worry. (a cat5 jack in reception or
some other public place is dodgy)
Otherwise dhcp makes life easier...its
of security wise as far as moving to DHCP will go.
Thanks for the various responses, if someone still thinks of a big issue I
would love to hear it.
Cheers,
Stewart
On Tue, 29 Oct 2002, Jones, Steven wrote:
Date: Tue, 29 Oct 2002 12:19:06 +1300
From: Jones, Steven [EMAIL PROTECTED
I'm not a huge expert on all of this, but here are a couple of
thoughts...
Unless you're monitoring IP/MAC addresses to try and detect
spoofing, knowing a machine's IP address is already useless from a
security POV. Even then, MAC addresses can be spoofed. Given that,
DHCP can't really make
hi andrew
i think you want at least one level of protection against dhcp
- prevent any tom, dick and harry from creating havoc
by running their rootkits by connecting their laptop to the
network
- it is bad to allow just anybody plug in their laptops
locked to the MAC address they provide. Run arpwatch to
look for illegal connections
We are trialing wi-fi city wide, the wi-fi lan is behind a firewall and are
blocking port 25, then opening up ports as requested based on merits.
DHCP is the least of your worries...
This is not really
Well here at WPI, we have to register each and every MAC address that we
wish to use on campus. If your MAC address isn't registered, you get no
network. It works the same way with wireless. And to the best of my
knowledge, DHCP is used.
-
Chuck Haines
Too bad there is no way to do a secure handshake w/ an id/password or
even SecureID cards.
Any way to make the same host name resolve to your IP irreguardless of
what IP is allocted to your box by dhcp?
Haines, Charles Allen wrote:
Well here at WPI, we have to register each and every MAC
, 2002 8:39 PM
To: Haines, Charles Allen
Cc: debian-security@lists.debian.org
Subject: Re: DHCP
Too bad there is no way to do a secure handshake w/ an id/password or
even SecureID cards.
Any way to make the same host name resolve to your IP irreguardless of
what IP is allocted to your box
Quoting Alvin Oga ([EMAIL PROTECTED]):
i think you want at least one level of protection against dhcp
- prevent any tom, dick and harry from creating havoc
by running their rootkits by connecting their laptop to the
network
Um, Alvin? You might want to look up
- Original Message -
From: Haines, Charles Allen [EMAIL PROTECTED]
To: debian-security@lists.debian.org
Sent: Tuesday, October 29, 2002 12:35 PM
Subject: RE: DHCP
Well here at WPI, we have to register each and every MAC address that we
wish to use on campus. If your MAC address isn't
hi ya rick
On Mon, 28 Oct 2002, Rick Moen wrote:
Quoting Alvin Oga ([EMAIL PROTECTED]):
i think you want at least one level of protection against dhcp
- prevent any tom, dick and harry from creating havoc
by running their rootkits by connecting their laptop
Jason Clarke wrote:
Chuck,
That sounds like a fantastic idea!
Provide some sort of web interface where a student can use a library
terminal or some such, plug in their MAC ADDR and their student
number.
I normally don't post a Good on you jim! message, but this one has
set off ideas left
Quoting Alvin Oga ([EMAIL PROTECTED]):
Um, Alvin? You might want to look up the definition of rootkit.
my definition ... anything that allows an un-educated user to just
run that tool to break into other peoples network and machines
( there's too many rootkits to count )
That's just
hi ya rick
On Mon, 28 Oct 2002, Rick Moen wrote:
Quoting Alvin Oga ([EMAIL PROTECTED]):
Um, Alvin? You might want to look up the definition of rootkit.
my definition ... anything that allows an un-educated user to just
run that tool to break into other peoples network and machines
On Mon, Oct 28, 2002 at 06:46:47PM -0800, Rick Moen wrote:
This confusion has also come up elsewhere, on LinuxToday:
http://linuxtoday.com/news_story.php3?ltsn=2002-09-20-011-26-SC-SV
tht just talks about arresting some poor soul ??
Read the talkbacks, at the bottom.
Specifically, I
Quoting Alvin Oga ([EMAIL PROTECTED]):
i read all the talkbacks...
- no definition of rootkit posted in the talkbacks
Look again.
Anyhow, a rootkit is not anything that allows an un-educated user to
just run that tool to break into other peoples network and machines.
It's something the
Quoting Andrew Sayers ([EMAIL PROTECTED]):
In practice, even a very low security barrier will stop the 90% of
clueless abusers - but (to drag this thread bag on-topic), that's no
excuse for basing the security of your network on a fundamentally
insecure way of identifying computers.
Right.
(and a reply back in eventually, taking
this one step at a time ;-). At least, that's what I thought I should
do, but I noticed that packets are not logged!
I think (but not sure) DHCP client is using (so called) raw sockets
which are below the layer where iptables is in the kernel. That's
(and a reply back in eventually, taking
this one step at a time ;-). At least, that's what I thought I should
do, but I noticed that packets are not logged!
I think (but not sure) DHCP client is using (so called) raw sockets
which are below the layer where iptables is in the kernel. That's
at a time ;-). At least, that's what I thought I should
do, but I noticed that packets are not logged!
I think (but not sure) DHCP client is using (so called) raw sockets
which are below the layer where iptables is in the kernel. That's why
iptables is unable to see the packets.
Looks like
at a time ;-). At least, that's what I thought I should
do, but I noticed that packets are not logged!
I think (but not sure) DHCP client is using (so called) raw sockets
which are below the layer where iptables is in the kernel. That's why
iptables is unable to see the packets.
Looks like
On Wednesday, 2002-04-03 at 14:02:20 +0900, Olaf Meeuwissen wrote:
I am playing with packet filtering on a DHCP client and trying to get
it done the right way.
The right way is to dispense with DHCP. The protocol has no security
whatsoever. Read RFC2131, 7. Security Considerations for details
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Lupe Christoph [EMAIL PROTECTED] writes:
On Wednesday, 2002-04-03 at 14:02:20 +0900, Olaf Meeuwissen wrote:
I am playing with packet filtering on a DHCP client and trying to get
it done the right way.
The right way is to dispense with DHCP
thought I should
do, but I noticed that packets are not logged!
I think (but not sure) DHCP client is using (so called) raw sockets
which are below the layer where iptables is in the kernel. That's why
iptables is unable to see the packets.
(There is an option for Raw sockets in the kernel, and it can
On Wednesday, 2002-04-03 at 14:02:20 +0900, Olaf Meeuwissen wrote:
I am playing with packet filtering on a DHCP client and trying to get
it done the right way.
The right way is to dispense with DHCP. The protocol has no security
whatsoever. Read RFC2131, 7. Security Considerations for details
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Lupe Christoph [EMAIL PROTECTED] writes:
On Wednesday, 2002-04-03 at 14:02:20 +0900, Olaf Meeuwissen wrote:
I am playing with packet filtering on a DHCP client and trying to get
it done the right way.
The right way is to dispense with DHCP
I should
do, but I noticed that packets are not logged!
I think (but not sure) DHCP client is using (so called) raw sockets
which are below the layer where iptables is in the kernel. That's why
iptables is unable to see the packets.
(There is an option for Raw sockets in the kernel, and it can
Dear .debs,
I am playing with packet filtering on a DHCP client and trying to get
it done the right way. Policy for all built-in chains is DROP and all
packets are logged before they go plonk. I pulled the network cable
while playing around.
Debian GNU/Linux 3.0
kernel 2.4.18-tux, iptables
Dear .debs,
I am playing with packet filtering on a DHCP client and trying to get
it done the right way. Policy for all built-in chains is DROP and all
packets are logged before they go plonk. I pulled the network cable
while playing around.
Debian GNU/Linux 3.0
kernel 2.4.18-tux, iptables
mandag 4. mars 2002, 13:57, skrev Osvaldo Mundim Junior:
Hi all,
Does anybody use iptables in a DHCP network? I want to know how would be
some rule in this case...
iptables -A INPUT -p UDP -s dhcp-server --sport 67 --dport 68 -j ACCEPT
--
Harald Skoglund
--
To UNSUBSCRIBE, email
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Said Harald Skoglund on Tue, Mar 05, 2002 at 11:53:39AM +0100:
Does anybody use iptables in a DHCP network? I want to know how
would be some rule in this case...
iptables -A INPUT -p UDP -s dhcp-server --sport 67 --dport 68 -j
ACCEPT
mandag 4. mars 2002, 13:57, skrev Osvaldo Mundim Junior:
Hi all,
Does anybody use iptables in a DHCP network? I want to know how would be
some rule in this case...
iptables -A INPUT -p UDP -s dhcp-server --sport 67 --dport 68 -j ACCEPT
--
Harald Skoglund
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Said Harald Skoglund on Tue, Mar 05, 2002 at 11:53:39AM +0100:
Does anybody use iptables in a DHCP network? I want to know how
would be some rule in this case...
iptables -A INPUT -p UDP -s dhcp-server --sport 67 --dport 68 -j
ACCEPT
Here's
Hi all,
Does anybody use iptables in a DHCP network? I want to know how would be some
rule in this case...
tks in advance...
Osvaldo
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Monday, March 04, 2002, 1:57:28 PM, Osvaldo Mundim Junior wrote:
Does anybody use iptables in a DHCP network? I want to know how would be some
rule in this case...
Check the rules from the monmotha-iptables-script which can be
downloaded from http://monmotha.mplug.org; In my network
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Said Osvaldo Mundim Junior on Mon, Mar 04, 2002 at 09:57:28AM -0300:
Does anybody use iptables in a DHCP network? I want to know how would
be some rule in this case...
Have a look at 'firestarter' as well, a GNOME frontend to building
firewall
Hi all,
Does anybody use iptables in a DHCP network? I want to know how would be some
rule in this case...
tks in advance...
Osvaldo
Monday, March 04, 2002, 1:57:28 PM, Osvaldo Mundim Junior wrote:
Does anybody use iptables in a DHCP network? I want to know how would be some
rule in this case...
Check the rules from the monmotha-iptables-script which can be
downloaded from http://monmotha.mplug.org. In my network
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Said Osvaldo Mundim Junior on Mon, Mar 04, 2002 at 09:57:28AM -0300:
Does anybody use iptables in a DHCP network? I want to know how would
be some rule in this case...
Have a look at 'firestarter' as well, a GNOME frontend to building
firewall
Osvaldo Mundim Junior [EMAIL PROTECTED] writes:
Does anybody use iptables in a DHCP network? I want to know how
would be some rule in this case...
There were some messages flying around debian-firewall concerning DHCP
and iptables. They don't seem to be in the archive yet, though.
--
Olaf
100 matches
Mail list logo