Roar Bjørgum Rotvik <[EMAIL PROTECTED]> writes:
> In this scenario, the policy DROP exists before DHCP client starts up, but
> still the DHCP client manages to assign a new IP-address.
>
> ifconfig shows shows that eth0 has been assigned new IP-address. ping or
> any network traffic after that does not work, as expected.
>
> What I want to accomplish is to block all network traffic in/out up until
> a certain point, and that includes DHCP.
Iptables only deals with IP packets. DHCP-clients don't use the
IP-stack, but uses raw sockets to talk directly to the network
interface. Very simplified, what you have is this:
eth0 ----+------- iptables ----- IP-stack
| filtering
Raw socket
|
DHCP-client
/Marcus
--
---------------------------------------+--------------------------
Marcus Sundberg <[EMAIL PROTECTED]> | Firewalls with SIP & NAT
Firewall Developer, Ingate Systems AB | http://www.ingate.com/
