Ubiquity – Block Rogue DHCP

To allow dhcp server coming from AP ethernet interface:

ebtables -t filter -A FORWARD -p IPv4 -i ath0 --ip-proto udp --ip-sport 68 --ip-dport 67 -j ACCEPT
ebtables -t filter -A FORWARD -p IPv4 -i eth0 --ip-proto udp --ip-sport 67 --ip-dport 68 -j ACCEPT
ebtables -t filter -A FORWARD -p IPv4 --ip-proto udp  --ip-sport 68 -j DROP
ebtables -t filter -A FORWARD -p IPv4 --ip-proto udp  --ip-sport 67 -j DROP

Or allow dhcp server based on your server mac address

ebtables -t filter -A FORWARD -p IPv4 --ip-proto udp --ip-sport 68 --ip-dport 67 -j ACCEPT
ebtables -t filter -A FORWARD -s 00:00:00:00:00:00 -p IPv4 --ip-proto udp --ip-sport 67 --ip-dport 68 -j ACCEPT
ebtables -t filter -A FORWARD -p IPv4 --ip-proto udp  --ip-sport 68 -j DROP
ebtables -t filter -A FORWARD -p IPv4 --ip-proto udp  --ip-sport 67 -j DROP

438 total views, 6 views today

Print Friendly, PDF & Email