
#-----------------------------------------------------------------------
# CHANGES
#-----------------------------------------------------------------------
#
# 2001-04-19  Jean-Sebastien Morisset <jsmoriss@mvlan.net>
#             Renamed the module from 700-dhcp-clients to 
#             700-bootp-clients.
# 2000-10-14  Jean-Sebastien Morisset <jsmoriss@mvlan.net>
#             Initial module written for v5.0.
#
#-----------------------------------------------------------------------
# MODULE CONFIGURATION
#-----------------------------------------------------------------------
#
#m# 123
#a# ignore
#i#
#n# bootp
#t# clients
#
#   |--------------------------------------------------------------------|
#d# Deny UDP packets from port 67 (bootps) to port 68 (bootpc) from these
#d# hosts and/or networks. The denied packets are not logged.
#d#
#d# Example:
#d#   ignore-eth1-bootp-clients = 24.200.96.0/24
#   |--------------------------------------------------------------------|
#
#-----------------------------------------------------------------------
# START OF MODULE CODE
#-----------------------------------------------------------------------

for host in `Option_Value ignore $INTOPT bootp clients`
do
	echo "Deny $INTOPT $ANY BOOTPC <- $host BOOTPS $LOG_MSG"
	ipchains -A $INCHAIN -j DENY -p udp -s $host bootps -d $ANY bootpc $LOG
done
unset host

