[Dnsmasq-discuss] Re: DCHP server not assign IP addresses

richardvoigt at gmail.com richardvoigt at gmail.com
Tue Nov 18 16:13:24 GMT 2008


This rule

> -A INPUT -i eth0 -p udp -j udpincoming_packets

makes these two worthless

> -A udpincoming_packets -i eth1 -p udp -m udp --sport 67:68 -j ACCEPT
> -A udpincoming_packets -i eth1 -p udp -m udp --dport 67:68 -j ACCEPT

There's no way a packet can simultaneously match -i eth0 and -i eth1.
So no bootp.dhcp traffic is actually allowed by this.

Delete the sport rule and put the dport rule in the main INPUT chain,
no need to consider broadcast and unicast separately.



More information about the Dnsmasq-discuss mailing list