Marcus Sundberg
Thu, 13 Jun 2002 10:30:20 -0700
Roar Bjørgum Rotvik <[EMAIL PROTECTED]> writes: > In this scenario, the policy DROP exists before DHCP client starts up, but > still the DHCP client manages to assign a new IP-address. > > ifconfig shows shows that eth0 has been assigned new IP-address. ping or > any network traffic after that does not work, as expected. > > What I want to accomplish is to block all network traffic in/out up until > a certain point, and that includes DHCP.
Iptables only deals with IP packets. DHCP-clients don't use the
IP-stack, but uses raw sockets to talk directly to the network
interface. Very simplified, what you have is this:
eth0 ----+------- iptables ----- IP-stack
| filtering
Raw socket
|
DHCP-client
/Marcus
--
---------------------------------------+--------------------------
Marcus Sundberg <[EMAIL PROTECTED]> | Firewalls with SIP & NAT
Firewall Developer, Ingate Systems AB | http://www.ingate.com/