Merge branch 'master' of https://git.home.spale.com/public/dhcp_protect

README.md

@@ -17,12 +17,25 @@ In DHCPv6 DHCP Protect will account based on the client DUID.
 ```
 git clone https://git.home.spale.com/public/dhcp_protect.git
 cd dhcp_protect
-apt-get install build-essential uthash-dev libnetfilter-queue-dev
+sudo apt-get install build-essential uthash-dev libnetfilter-queue-dev
 make all
-make install
+sudo make install
 ```
 Note: the `make install` will automatically create, enable and start the systemd service and the `make uninstall` will stop and remove the systemd service.
 
+# Netfilter (iptables)
+
+iptables and ip6tables must be configured to send the DHCPv4 and/or DHCPv6 packets to DHCP Protect for forwarding decision.
+Both DHCPv4 and DHCPv6 can be processed by the same instance of DHCP Protect. However, they must use the same `--queue-num` as in the `dhcp_protect.conf` configuration file.
+
+The `--queue-bypass` will tell iptables to continue to forward packets if DHCP Protect is not running or crashed. It is strongly recommended to keep this option.
+
+## Example IPv4
+`iptables -A INPUT -p udp -m udp --dport 67 -j NFQUEUE --queue-num 67 --queue-bypass`
+
+## Example IPv6
+`ip6tables -A INPUT -p udp -m udp --dport 547 -j NFQUEUE --queue-num 67 --queue-bypass`
+
 # Configuration
 The configuration file may be tuned, but the defaults should be fine.
 ```
@@ -63,7 +76,7 @@ root@hostname:~/# systemd <start|stop|restart> dhcp_protect
 
 # Logging / Accounting
 
-The program will log to system every blacklisting action to syslog.
+The program will log every blacklisting action to syslog (also in dryrun mode).
 
 ```
 Oct 23 16:50:18 router dhcp_protect[9706]: 00000000021b: blacklisting started