Vieri Di Paola wrote: >Can a Shorewall bridge (with firewall rules as in >http://www.shorewall.net/bridge-Shorewall-perl.html) block DHCPD >traffic? > >In other words, can I have a DHCP server on one side of the bridge >leasing IP addresses ONLY for that side and another DHCP server on >the other side giving out IP addresses ONLY for that side?
Yes, you can do that, just don't allow traffic on UDP ports 67 & 68. The limitation on filtering and bridges is that you can't filter traffic originating on the firewall itself and egressing via a bridge port. On the DHCP side you must still obey certain rules - specifically your pools must **NOT** overlap as you still need to maintain unique addresses for each device on the network. If you have overlapping pools then sooner or later you'll lease the same address to two different clients. -- Simon Hobson Visit http://www.magpiesnestpublishing.co.uk/ for books by acclaimed author Gladys Hobson. Novels - poetry - short stories - ideal as Christmas stocking fillers. Some available as e-books. ------------------------------------------------------------------------------ Free Software Download: Index, Search & Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
