Skip Navigation
Linux @lemmy.ml
SpongeB0B @programming.dev

Why my nftables do not block DHCP ?

Hi,

On my Debian 12 Bookworm ( raspberry pi )

My nftables do not block DHCP packets ! according to this basic rules

nft -y list rulesset

 nft
    
table ip Tip {

    chain chIN {
        type filter hook input priority 0; policy drop;
        ct state established,related accept
    }
    chain chFW {
        type filter hook forward priority 0; policy drop;
    }
    chain chOUT {
        type filter hook output priority 0; policy drop;
        udp dport 67 drop #DHCP
        udp dport 53 accept
        tcp dport { 80, 443} accept
        ct state established,related accept
    }

}

DHCP should be blocked... but it's not as I get an IP from it..

Any ideas ?

Thanks.

8 comments
8 comments