On Mon, Jul 08, 2024 at 10:35:14PM +0000, Alex Malinovich wrote: > On Mon, Jul 08, 2024 at 04:28:30PM -0500, bur...@burtonstrauss.us wrote: > > Alex Malinovich wrote: > > > Alasdair Muckart wrote: > > > > Alex Malinovich wrote: > > > > > Blocking DHCPv6 requests from a specific client > > > > This is probably best dealt with at the OS firewall level > > > > rather than in dnsmasq. > > > > > > ... but I don't know how to do a rate limit for it unfortunately. > > > > And that is what a man page is for. Or 100 tutorials on the web. > > > > Hint --limit in man iptables-extensions > > Thank you! The hint was useful, the RTFM jab, not so much. > > Here's what I came up with if anyone can sanity check it for > me? It seems to be working but I'm honestly not 100% if I might not > inadvertently be blocking those ports in unexpected places. > > ip6tables -A INPUT -p udp -m udp --dport 546:547 -m mac --mac-source > DE:AD:BE:EF:00:11 -m limit --limit 1/hour -j ACCEPT > ip6tables -A INPUT -p udp -m udp --dport 546:547 -m mac --mac-source > DE:AD:BE:EF:00:11 -j DROP
s/DROP/REJECT/ to get more as just silence when the limit kicks in. And triple check the -m, all three. Groeten Geert Stappers -- Silence is hard to parse _______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
