Dear .debs, I have a DHCP client that receives a lot of its networking information from our DHCP servers. Things like routers, mail and name servers. I would like to put an iptables based packet filtering firewall on this client that by default drops everything unless explicitly allowed.
I set the default policy through a script in /etc/network/if-pre-up.d/ and add logging of everything that is dropped as a result of policy by means of a script in /etc/network/if-up.d/. So far no problems. Now I am wondering how to organise setting up the rest of the rules so I don't go nuts. If it weren't for DHCP, I would have just added more scripts in /etc/network/if-up.d/. Of course, you need to take care of their ordering and cater to the possibility of running more than once if you have multiple interfaces, but that is manageable. However, how do I cater to DHCP telling me that the IP address of the name server has changed, for example, or, tux forbid, the client's own IP address. Any ideas on how to go about this are welcome. Debian GNU/Linux 3.0 kernel 2.4.18 (custom), iptables 1.2.5-7, dhcp-client 2.0pl5-7 -- Olaf Meeuwissen Epson Kowa Corporation, CID GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97 976A 16C7 F27D 6BE3 7D90 LPIC-2 -- I hack, therefore I am -- BOFH -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
