Adding ebtables rule to prevent rogue dhcp servers on open net.

sudomesh · Dec 22, 2015 · c330dc4 · c330dc4
1 parent ed7512c
commit c330dc4
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/configs/ar71xx/home_nodes/templates/files/etc/init.d/meshrouting b/configs/ar71xx/home_nodes/templates/files/etc/init.d/meshrouting
@@ -121,6 +121,12 @@ start() {
     # no internet to internet forward
     iptables -A FORWARD -i $WAN -o $WAN -j DROP
 
+    # if ebtables, prevent rogue dhcp servers
+    if command -v ebtables; then
+      ebtables -F FORWARD
+      ebtables -I FORWARD -p ipv4 --in-interface $OPEN --out-interface $OPEN --ip-protocol udp --ip-source-port 67:68 --ip-destination-port 67:68 --jump DROP
+    fi
+
     waitForWifi
 
     iw open2 set bitrates legacy-2.4 6 9 12 18 24 36 48 54