Why my nftables do not block DHCP ?
Why my nftables do not block DHCP ?
Hi,
On my Debian 12 Bookworm ( raspberry pi )
My nftables do not block DHCP packets ! according to this basic rules
nft -y list rulesset
table ip Tip {
chain chIN {
type filter hook input priority 0; policy drop;
ct state established,related accept
}
chain chFW {
type filter hook forward priority 0; policy drop;
}
chain chOUT {
type filter hook output priority 0; policy drop;
udp dport 67 drop #DHCP
udp dport 53 accept
tcp dport { 80, 443} accept
ct state established,related accept
}
}
DHCP should be blocked... but it's not as I get an IP from it..
Any ideas ?
Thanks.
You're viewing a single thread.
8 comments
-
Why block from the firewall. Normally you would set a static ip to not use dhcp. You could also uninstall or disable the dhcp client service.
-
Obviously, but I'm anyway wondering why it doesn't blocking like it should
I hope nftables do not let other pass like this...
-
8 comments