iptables and bootp

From: Christoph Pleger
Date: Mon May 24 2004 - 09:43:13 EST

Next message: Jan-Benedict Glaw: "Re: 2.6: future of UMSDOS?"
Previous message: viro: "Re: [PATCH/RFC] Lustre VFS patch"
Next in thread: Martin Josefsson: "Re: iptables and bootp"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

I'm using the following commands to drop all traffic to and from the
bootp-port of one of my machines:

iptables -I INPUT -i eth0 -p tcp --destination-port bootps -j DROP
iptables -I INPUT -i eth0 -p udp --destination-port bootps -j DROP
iptables -I OUTPUT -o eth0 -p tcp --source-port bootps -j DROP
iptables -I OUTPUT -o eth0 -p udp --source-port bootps -j DROP

But this machine gives a reply to another machine's bootp-request that
was created by the program "bootpc" (it is not possible that that answer
comes from another bootp-Server). Iptables-Statistics show that
UDP-packets to the bootps-port have been dropped, but obviously that has
not really happened (as shown by tcpdump). Dropped outgoing packets from
port bootps do not appear in the statistics.

When I change the port number in the above commands (for example, to
20003), the packets are actually blocked.

Does somebody have any advice?

Kind regards
Christoph Pleger
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jan-Benedict Glaw: "Re: 2.6: future of UMSDOS?"
Previous message: viro: "Re: [PATCH/RFC] Lustre VFS patch"
Next in thread: Martin Josefsson: "Re: iptables and bootp"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]