I'm running ISC DHCP deamon on centOS and want to block unwanted(by clients MAC address) discovery messages before they reach dhcpd.
how can I do this with iptables or anything else?
Asked
Active
Viewed 5,101 times
1 Answers
0
The Linux netfilter firewall has the ability to match on MAC address and then simply filter the DHCP protocol (UDP port 67,68) messages:
/sbin/iptables -I INPUT -m mac --mac-source 00:11:22:33:44:55 -p udp --sport 67:68 --dport 67:68 -j DROP
Although a better alternative is probably to configure your DHCP server to ignore requests from certain MAC addresses as described in this Q&A
HBruijn
- 84,206
- 24
- 145
- 224