Project

General

Profile

IPTables » History » Version 11

« Previous - Version 11/31 (diff) - Next » - Current version
Laurent GUERBY, 10/06/2013 12:09 AM


IPTables

DHCP ?
sysctl -w net.bridge.bridge-nf-call-iptables=1
sysctl -w net.bridge.bridge-nf-call-ip6tables=1
iptables -A INPUT -p udp --sport 68 --dport 67 -j DROP

https://bugzilla.redhat.com/show_bug.cgi?id=512206

ebtables

ebtables -A FORWARD -d ff:ff:ff:ff:ff:ff/ff:ff:ff:ff:ff:ff -p IPv4 --ip-prot udp --ip-dport 67:68 -j DROP

ebtables -A INPUT --in-interface br0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
ebtables -A INPUT --in-interface br0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A FORWARD --in-interface br0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A FORWARD --in-interface br0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP

ipset

http://ipset.netfilter.org/