Roar Bjørgum Rotvik <[EMAIL PROTECTED]> writes: > In this scenario, the policy DROP exists before DHCP client starts up, but > still the DHCP client manages to assign a new IP-address. > > ifconfig shows shows that eth0 has been assigned new IP-address. ping or > any network traffic after that does not work, as expected. > > What I want to accomplish is to block all network traffic in/out up until > a certain point, and that includes DHCP.
Iptables only deals with IP packets. DHCP-clients don't use the IP-stack, but uses raw sockets to talk directly to the network interface. Very simplified, what you have is this: eth0 ----+------- iptables ----- IP-stack | filtering Raw socket | DHCP-client /Marcus -- ---------------------------------------+-------------------------- Marcus Sundberg <[EMAIL PROTECTED]> | Firewalls with SIP & NAT Firewall Developer, Ingate Systems AB | http://www.ingate.com/