[Dnsmasq-discuss] Blocking DHCPv6 requests from a specific client
Geert Stappers
stappers at stappers.nl
Tue Jul 9 05:29:43 UTC 2024
On Mon, Jul 08, 2024 at 10:35:14PM +0000, Alex Malinovich wrote:
> On Mon, Jul 08, 2024 at 04:28:30PM -0500, burton at burtonstrauss.us wrote:
> > Alex Malinovich wrote:
> > > Alasdair Muckart wrote:
> > > > Alex Malinovich wrote:
> > > > > Blocking DHCPv6 requests from a specific client
> > > > This is probably best dealt with at the OS firewall level
> > > > rather than in dnsmasq.
> > >
> > > ... but I don't know how to do a rate limit for it unfortunately.
> >
> > And that is what a man page is for. Or 100 tutorials on the web.
> >
> > Hint --limit in man iptables-extensions
>
> Thank you! The hint was useful, the RTFM jab, not so much.
>
> Here's what I came up with if anyone can sanity check it for
> me? It seems to be working but I'm honestly not 100% if I might not
> inadvertently be blocking those ports in unexpected places.
>
> ip6tables -A INPUT -p udp -m udp --dport 546:547 -m mac --mac-source DE:AD:BE:EF:00:11 -m limit --limit 1/hour -j ACCEPT
> ip6tables -A INPUT -p udp -m udp --dport 546:547 -m mac --mac-source DE:AD:BE:EF:00:11 -j DROP
s/DROP/REJECT/ to get more as just silence when the limit kicks in.
And triple check the -m, all three.
Groeten
Geert Stappers
--
Silence is hard to parse
More information about the Dnsmasq-discuss
mailing list