Hello, I'm trying to set-up a wireless bridge using two wrt54g routers. However, each side has it's own internet connection, and a separate wrt54g doing the NAT for it. I want to block DHCP traffic over the bridge. Anyone know a way to block dhcp traffic over the bridge?
Topic: Block DHCP over bridge?
The content of this topic has been archived on 1 May 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.
Page 1 of 1
Search the forums and wiki for 'ebtables'.
spent about 12 hours on this. 11 hours of those spend on the forum and wiki. Anything that actually talks about HOW to do it is out of date. Anything recent is geared toward someone that knows how to use ebtables...
I have ebatbles loaded, I think this is what I need to make it all work;
ebtables -A INPUT --ip-destination-port 67:68 -j DROP
but it comes back with;
For IP filtering the protocol must be specified as IPv4.
so I add that;
root@OpenWrt:/etc# ebtables -A INPUT --ip-protocol IPv4 --ip-destination-port 67:68 -j DROP
Unknown specified IP protocol - IPv4.
Then I tried this;
root@OpenWrt:/etc# ebtables -A FORWARD -p ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
Problem with the specified protocol.
(Last edited by logandzwon on 18 Jul 2006, 08:33)
OK, I belive these are the correct commands for what I'm trying to do;
$EBTABLES -A INPUT --in-interface $PUB --protocol IPv4 --ip-protocol udp --ip-source-port 68 -j DROP
$EBTABLES -A INPUT --in-interface $PUB --protocol IPv4 --ip-protocol udp --ip-destination-port 67 -j DROP
$EBTABLES -A FORWARD --in-interface $PRIV --protocol IPv4 --ip-protocol udp --ip-source-port 68 -j DROP
$EBTABLES -A FORWARD --in-interface $PUB --protocol IPv4 --ip-protocol udp --ip-destination-port 67 -j DROP
but they still say;
Problem with the specified protocol.
Is the ebtables possibly broken in openwrt rc5?
(Last edited by logandzwon on 18 Jul 2006, 09:01)
found the issue, the ebtables package is missing the /etc/ethertypes
then made the lines;
ebtables -A INPUT --in-interface vlan0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
ebtables -A INPUT --in-interface vlan0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A FORWARD --in-interface vlan0 --protocol ipv4 --ip-protocol udp --ip-destination-port 67:68 -j DROP
ebtables -A FORWARD --in-interface vlan0 --protocol ipv4 --ip-protocol udp --ip-source-port 67:68 -j DROP
(Last edited by logandzwon on 18 Jul 2006, 09:42)
If you can update the wiki with your findings, that would be very useful to others.
I had the same problem, /etc/ethertypes is missing. If you need to use ebtables copy/paste this at the command line:
cat << EOF > /etc/ethertypes
#
# Ethernet frame types
# This file describes some of the various Ethernet
# protocol types that are used on Ethernet networks.
#
# This list could be found on:
# http://www.iana.org/assignments/ethernet-numbers
#
# <name> <hexnumber> <alias1>...<alias35> #Comment
#
IPv4 0800 ip ip4 # Internet IP (IPv4)
X25 0805
ARP 0806 ether-arp #
FR_ARP 0808 # Frame Relay ARP [RFC1701]
BPQ 08FF # G8BPQ AX.25 Ethernet Packet
DEC 6000 # DEC Assigned proto
DNA_DL 6001 # DEC DNA Dump/Load
DNA_RC 6002 # DEC DNA Remote Console
DNA_RT 6003 # DEC DNA Routing
LAT 6004 # DEC LAT
DIAG 6005 # DEC Diagnostics
CUST 6006 # DEC Customer use
SCA 6007 # DEC Systems Comms Arch
TEB 6558 # Trans Ether Bridging [RFC1701]
RAW_FR 6559 # Raw Frame Relay [RFC1701]
AARP 80F3 # Appletalk AARP
ATALK 809B # Appletalk
802_1Q 8100 8021q 1q 802.1q dot1q # 802.1Q Virtual LAN tagged frame
IPX 8137 # Novell IPX
NetBEUI 8191 # NetBEUI
IPv6 86DD ip6 # IP version 6
PPP 880B # PPP
ATMMPOA 884C # MultiProtocol over ATM
PPP_DISC 8863 # PPPoE discovery messages
PPP_SES 8864 # PPPoE session messages
ATMFATE 8884 # Frame-based ATM Transport over Ethernet
LOOP 9000 loopback # loop proto
EOFThe discussion might have continued from here.
Page 1 of 1