Исходное сообщение
"Фильтрация по MAC-пдресу" Отправлено jonatan, 08-Май-05 13:35
Вот несколько выдержек из форумов, которые помогут понять причину. ... It is technically necessary, because DHCP clients do not have IP addressing information when they begin the communication; everything is done using ethernet broadcasts. Such packets cannot be acquired using a standard socket bind, so the server application needs to listen at a lower level than the TCP/IP stack allows. ... Unfortunately, DHCPD appears to be running on a raw socket, instead of being an ordinary UDP process. raw sockets receive COPIES of the normally routed packets, and those COPIES to not pass through the iptables chains, resulting in the behaviour you are seeing. ... However, the ISC DHCP server uses an Internet Socket of protocol Raw instead of TCP or UDP.  This facility, naturally, is only available to root (uid 0, really), and receives packets before the IP Tables processing.  It also receives all Internet packet headers as well, so it gets to do additional processing. But because Raw sockets get packets before the IP Tables processing, the ISC DHCP server is able to obtain an IP address through DHCP. ... This seems to be consistent with a dhcp server I am running: # netstat -anp | grep dhcp udp 0 0 0.0.0.0:67 0.0.0.0:* 1785/dhcpd raw 0 0 0.0.0.0:1 0.0.0.0:* 7 1785/dhcpd unix 2 [ ] DGRAM 24242 1785/dhcpd # ...