Need some iptables help please.

Fri, 22 Feb 2002 15:04:15 -0800 

I picked up an iptables firewall and I have a question in debugging it. 
It erroneously makes reference to two variables which are not defined: 
These are BROADCAST_0 and BROADCAST_1. I'm running dhcpcd as the firewall 
prescribes. My problem is that I just don't have any idea what the intent 
is of the first four iptables commands. I found ports 67 and 68 in my 
/etc/services file as bootps and bootpc (which I assume are used somehow 
by the DHCP protocol).

Obviously, this section below is just the fragment that's causing me 
trouble. EXTERNAL_INTERFACE is set to eth0. DHCP_SERVER is set to the ip 
address of my DHCP server. MY_ISP is set to "any/0".

if [ $DHCP -gt 0 ]
then
    # INIT or REBINDING: No Lease or Lease Time Expired
    iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p UDP \
        --sport 68 --dport 67 -s $BROADCAST_0 -d $BROADCAST_1 -j ACCEPT

            # Getting renumbered
    iptables -A INPUT -i $EXTERNAL_INTERFACE -p UDP \
        --sport 67 --dport 68 -s $BROADCAST_0 -d $BROADCAST_1 -j ACCEPT

    iptables -A INPUT -i $EXTERNAL_INTERFACE -p UDP \
        --sport 67 --dport 68 -s $DHCP_SERVER -d $BROADCAST_1 -j ACCEPT

    iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p UDP \
        --sport 67 --dport 68 -s $BROADCAST_0 -d $DHCP_SERVER -j ACCEPT

    # As a result of the above, we're supposed to change our IP
    # address with this message, which is addressed to our new
    # address before the DHCP client has received the update.

    iptables -A INPUT -i $EXTERNAL_INTERFACE -p UDP \
        --sport 67 --dport 68 -s $DHCP_SERVER -d $MY_ISP -j ACCEPT

    iptables -A INPUT -i $EXTERNAL_INTERFACE -p UDP \
        --sport 67 --dport 68 -s $DHCP_SERVER -d $EXTERNAL_IP -j ACCEPT

    iptables -A OUTPUT -o $EXTERNAL_INTERFACE -p UDP \
        --sport 68 --dport 67 -s $EXTERNAL_IP -d $DHCP_SERVER -j ACCEPT

    if [ $VERBOSE -gt 0 ]; then
        echo "firewall: DHCP enabled"
    fi

fi

Anyone have any suggestions? I know that GNHLUG is rich with people who 
think that vi is the best firewall editor out there :-)

-- 
-Time flies like the wind. Fruit flies like a banana. Stranger things have -
-happened but none stranger than this. Does your driver's license say Organ
-Donor?Black holes are where God divided by zero. Listen to me! We are all-
-individuals! What if this weren't a hypothetical question? [EMAIL PROTECTED]



*****************************************************************
To unsubscribe from this list, send mail to [EMAIL PROTECTED]
with the text 'unsubscribe gnhlug' in the message body.
*****************************************************************

Reply via email to