Project

General

Profile

IPTables » History » Version 9

Laurent GUERBY, 07/15/2012 09:16 PM

1 1 Laurent GUERBY
{{>toc}}
2 1 Laurent GUERBY
3 1 Laurent GUERBY
h1. IPTables
4 1 Laurent GUERBY
5 1 Laurent GUERBY
* http://www.bortzmeyer.org/dns-netfilter-u32.html
6 1 Laurent GUERBY
* http://www.stearns.org/doc/iptables-u32.current.html
7 1 Laurent GUERBY
* http://ebtables.sourceforge.net/br_fw_ia/PacketFlow.png
8 1 Laurent GUERBY
* http://ebtables.sourceforge.net/
9 6 Laurent GUERBY
* http://www.inetdoc.net/guides/iptables-tutorial/traversingoftables.html
10 2 Laurent GUERBY
11 2 Laurent GUERBY
DHCP ?
12 3 Laurent GUERBY
sysctl -w net.bridge.bridge-nf-call-iptables=1 
13 3 Laurent GUERBY
sysctl -w net.bridge.bridge-nf-call-ip6tables=1 
14 3 Laurent GUERBY
iptables -A INPUT -p udp --sport 68 --dport 67 -j DROP
15 2 Laurent GUERBY
16 4 Laurent GUERBY
https://bugzilla.redhat.com/show_bug.cgi?id=512206
17 4 Laurent GUERBY
18 7 Laurent GUERBY
* libnml
19 7 Laurent GUERBY
** http://www.spinics.net/lists/netfilter/msg52868.html
20 7 Laurent GUERBY
** http://1984.lsi.us.es/~pablo/docs/spae.pdf
21 7 Laurent GUERBY
22 2 Laurent GUERBY
h1. ebtables
23 2 Laurent GUERBY
24 9 Laurent GUERBY
ebtables -A FORWARD -d ff:ff:ff:ff:ff:ff/ff:ff:ff:ff:ff:ff -p IPv4 --ip-prot udp --ip-dport 67:68 -j DROP
25 9 Laurent GUERBY
26 2 Laurent GUERBY
* http://serverfault.com/questions/284290/two-dhcp-servers-block-clients-for-one-of-them
27 5 Laurent GUERBY
28 5 Laurent GUERBY
ebtables -A INPUT --in-interface br0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
29 5 Laurent GUERBY
ebtables -A INPUT --in-interface br0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
30 5 Laurent GUERBY
ebtables -A FORWARD --in-interface br0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
31 5 Laurent GUERBY
ebtables -A FORWARD --in-interface br0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
32 8 Laurent GUERBY
33 8 Laurent GUERBY
h1. ipset
34 8 Laurent GUERBY
35 8 Laurent GUERBY
http://ipset.netfilter.org/