Reputation: 1
How to create a DHCP snooping rule in a Linux virtual bridge
I have a Linux server (10.0.0.1) running a DHCP server and a virtual bridge. The virtual bridge connects 4 Ethernet interfaces and works as a master switch connecting my users.
The problem arise if some user accidentally creates a rogue DHCP server which answers the DHCP request before they reach the master DHCP server.
Therefore I would like to block all DHCP requests going in between the ports on the virtual switch, but not requests to/from the master DHCP server. Which ebtables rules can I set up to do this?
Upvotes: 0
Views: 2505
Answers (2)
Reputation: 31
The correct way to do this is to use ebtable's filter chain, both forward and output usually, with a ruleset matching UDP ports 67:68.
Upvotes: 1
Reputation: 1
You must block DHCP responses at the Switch, is the only way, because the packets don't pass through the router (in this case the linux server), some switch have the option to make DHCP snooping. This, filter DHCP responses from ports.
I hope has been helpfull
Upvotes: 0
Related Questions
- network sniffer - detect subnet mask in non-DHCP network
- nftables - drop arp traffic on specific bridge
- Iptables: Matching packets leaving a bridged interface
- How can I forge a DHCP Discovery packet using Bash?
- Setting up virtual bridge: Cannot find device "br0"
- How to connect the host to her virtual bridge?
- Detecting a change of IP address in Linux
- Bridged linux networking and virtualization
- my guest can't get ip form my network dhcp?
- making a virtualbox vm (debian/linux) act as a router?