IPTables » Historique » Version 10
Version 9 (Laurent GUERBY, 15/07/2012 21:16) → Version 10/31 (Laurent GUERBY, 08/03/2013 23:29)
{{>toc}}
h1. IPTables
* http://www.bortzmeyer.org/dns-netfilter-u32.html
* http://www.stearns.org/doc/iptables-u32.current.html
* http://ebtables.sourceforge.net/br_fw_ia/PacketFlow.png
* http://ebtables.sourceforge.net/
* http://www.inetdoc.net/guides/iptables-tutorial/traversingoftables.html
* https://en.wikipedia.org/wiki/List_of_router_or_firewall_distributions
DHCP ?
sysctl -w net.bridge.bridge-nf-call-iptables=1
sysctl -w net.bridge.bridge-nf-call-ip6tables=1
iptables -A INPUT -p udp --sport 68 --dport 67 -j DROP
https://bugzilla.redhat.com/show_bug.cgi?id=512206
* libnml
** http://www.spinics.net/lists/netfilter/msg52868.html
** http://1984.lsi.us.es/~pablo/docs/spae.pdf
h1. ebtables
ebtables -A FORWARD -d ff:ff:ff:ff:ff:ff/ff:ff:ff:ff:ff:ff -p IPv4 --ip-prot udp --ip-dport 67:68 -j DROP
* http://serverfault.com/questions/284290/two-dhcp-servers-block-clients-for-one-of-them
ebtables -A INPUT --in-interface br0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
ebtables -A INPUT --in-interface br0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A FORWARD --in-interface br0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A FORWARD --in-interface br0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
h1. ipset
http://ipset.netfilter.org/
h1. IPTables
* http://www.bortzmeyer.org/dns-netfilter-u32.html
* http://www.stearns.org/doc/iptables-u32.current.html
* http://ebtables.sourceforge.net/br_fw_ia/PacketFlow.png
* http://ebtables.sourceforge.net/
* http://www.inetdoc.net/guides/iptables-tutorial/traversingoftables.html
* https://en.wikipedia.org/wiki/List_of_router_or_firewall_distributions
DHCP ?
sysctl -w net.bridge.bridge-nf-call-iptables=1
sysctl -w net.bridge.bridge-nf-call-ip6tables=1
iptables -A INPUT -p udp --sport 68 --dport 67 -j DROP
https://bugzilla.redhat.com/show_bug.cgi?id=512206
* libnml
** http://www.spinics.net/lists/netfilter/msg52868.html
** http://1984.lsi.us.es/~pablo/docs/spae.pdf
h1. ebtables
ebtables -A FORWARD -d ff:ff:ff:ff:ff:ff/ff:ff:ff:ff:ff:ff -p IPv4 --ip-prot udp --ip-dport 67:68 -j DROP
* http://serverfault.com/questions/284290/two-dhcp-servers-block-clients-for-one-of-them
ebtables -A INPUT --in-interface br0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
ebtables -A INPUT --in-interface br0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A FORWARD --in-interface br0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A FORWARD --in-interface br0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
h1. ipset
http://ipset.netfilter.org/