> What do I need to change for them to be able to *enter*? > > Sven
Bootp and dhcp only use udp and always send their first request to the 'all ones' broadcast address, AFAIK. I don't think you need the tcp rule at all. This is the 'eth0-in' ruleset that I use to accept anything from an internal private subnet including bootp/dhcp: ipchains -N eth0-in ipchains -A eth0-in -i ! eth0 -j DENY -l ipchains -A eth0-in -s 192.168.0.0/24 -j ACCEPT ipchains -A eth0-in -p udp -s 0.0.0.0 bootpc -d 255.255.255.255 \ bootps -j ACCEPT ipchains -A eth0-in -j DENY -l It's more than you were asking, but the fourth rule shown here is the only dhcp related rule that I have found to work properly. __________________________________________________ Do You Yahoo!? Send instant messages & get email alerts with Yahoo! Messenger. http://im.yahoo.com/
