On Tue, May 28, 2002 at 12:43:04AM -0700, Stewart Thompson wrote: >> I'm on a local machine with interface eth0 down. I manually enter the >> iptables policy DROP for all three "normal" chains, and then start up >> interface eth0 with 'ifup eth0' (eth0 is configured with dhcp and >> ONBOOT=n). >> >> In this scenario, the policy DROP exists before DHCP client starts up, but >> still the DHCP client manages to assign a new IP-address. >> >> ifconfig shows shows that eth0 has been assigned new IP-address. ping or >> any network traffic after that does not work, as expected.
> You are absolutely right. I just tried on one of my machines. It still > manages to get an ip and start up with ifup. I don't have an explanation > for it. Time for the Guruz to chime in. For both of you, does tcpdump and/or the DHCP server show communication taking place, or are you just going by the fact that the interface has an address? Is this definitely a *new* *valid* [1] address, rather than the host just re-using the old one because it can't contact a DHCP server? [1] Not in the 169.254.0.0 range.... -- FunkyJesus System Administration Team
