[Dnsmasq-discuss] Re: DCHP server not assign IP addresses
richardvoigt at gmail.com
richardvoigt at gmail.com
Tue Nov 18 16:13:24 GMT 2008
This rule
> -A INPUT -i eth0 -p udp -j udpincoming_packets
makes these two worthless
> -A udpincoming_packets -i eth1 -p udp -m udp --sport 67:68 -j ACCEPT
> -A udpincoming_packets -i eth1 -p udp -m udp --dport 67:68 -j ACCEPT
There's no way a packet can simultaneously match -i eth0 and -i eth1.
So no bootp.dhcp traffic is actually allowed by this.
Delete the sport rule and put the dport rule in the main INPUT chain,
no need to consider broadcast and unicast separately.
More information about the Dnsmasq-discuss
mailing list