This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | |||
vpn-rpi4 [2020/04/30 09:16] robm [Desired outcome] |
vpn-rpi4 [2021/04/25 20:13] (current) robm Reduce dropped INPUT traffic to just DHCP (was also blocking ARP requests, so my wired side would never find the MAC address of the Raspberry Pi) |
||
---|---|---|---|
Line 63: | Line 63: | ||
# wired connection (we want to be the ones to answer DHCP requests, not our | # wired connection (we want to be the ones to answer DHCP requests, not our | ||
# ISP) | # ISP) | ||
- | up | + | |
- | down ebtables -t filter -D FORWARD --protocol | + | # UDP port 68: BOOTP client |
+ | | ||
+ | down ebtables -t filter -D FORWARD --protocol | ||
# Ethernet Bridging: Be deaf to DHCP requests originating on the wired | # Ethernet Bridging: Be deaf to DHCP requests originating on the wired | ||
# connection (home network), we are not their DHCP server. (.. and dnsmasq | # connection (home network), we are not their DHCP server. (.. and dnsmasq | ||
# cannot distinguish the source, as it all appears to be coming from br0) | # cannot distinguish the source, as it all appears to be coming from br0) | ||
- | up | + | |
- | down ebtables -t filter -D INPUT -d FF: | + | # UDP port 68: BOOTP client |
+ | | ||
+ | down ebtables -t filter -D INPUT --protocol IPv4 --ip-protocol UDP --ip-destination-port 67:68 -i eth0 -j DROP | ||
# Internet Protocol Network Address Translation when using this bridge, and | # Internet Protocol Network Address Translation when using this bridge, and |